2024-06-25_3fbfe7409e1e3e172c9b21044fa65322_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-25_3fbfe7409e1e3e172c9b21044fa65322_mafia
Size

2.7MB
MD5

3fbfe7409e1e3e172c9b21044fa65322
SHA1

afc67dba6b95c83c99d1cae1dc5b7c52de3ea2b2
SHA256

0bce4e6a61bcddf343aac912e56af1004aecb72ef1821ed5813c98d9a801b734
SHA512

dfe0d3759194030cbaa98ef2d427377ee27e7a41423d898108a114d3ee0a3c6d10f51cec730c8024cca438c993ce032b74a057cd6de25f235cf0eda1e6b1bd9d
SSDEEP

49152:fenYaCZw5Kb19popctejgV3OtbnTQheZEB0JWihogvR:yYzHexXZTLWgoE

Score

1^/10

Malware Config

Signatures

Files

2024-06-25_3fbfe7409e1e3e172c9b21044fa65322_mafia
.exe windows:5 windows x86 arch:x86

1a4dc5fba981fd00e9ac4c73179df278

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ff:5b:3d:27:2d:65:11:e7:d6:7c:7c:47:5e:5c:87
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/04/2017, 00:00

Not After

28/06/2019, 12:00

Subject

CN=Source Dynamics Inc,O=Source Dynamics Inc,L=Issaquah,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:0b:5e:fb:91:2a:3b:53:5e:7a:24:d1:4d:27:82:8c:98:52:e7:24
Signer

Actual PE Digest

df:0b:5e:fb:91:2a:3b:53:5e:7a:24:d1:4d:27:82:8c:98:52:e7:24

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFileInfoW
DragAcceptFiles
DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
SHGetMalloc

mpr

WNetCancelConnectionW
WNetAddConnectionW

comctl32

PropertySheetW
ImageList_Destroy
ord17
ImageList_GetIconSize
InitCommonControlsEx
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_Create
ImageList_AddMasked
ImageList_Draw
ImageList_Remove

ws2_32

WSAStartup
closesocket
ioctlsocket
WSAGetLastError
recv
__WSAFDIsSet
htonl
bind
getsockname
listen
inet_addr
gethostbyname
htons
socket
setsockopt
send
connect
getsockopt
accept
select

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptProtectData
CryptUnprotectData
CryptImportPublicKeyInfo

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpSendRequestW
InternetErrorDlg
InternetGetConnectedState

psapi

EmptyWorkingSet

advapi32

RegOpenKeyExA
RegFlushKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
RegQueryValueExA
RegOpenKeyA
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
GetUserNameW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyW
CryptReleaseContext
CryptDestroyHash
RegCloseKey
CryptVerifySignatureW

gdiplus

GdipCreateSolidFill
GdiplusShutdown
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipAlloc
GdipDeleteBrush
GdipCreateFromHDC
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawBezierI
GdipDrawEllipseI
GdipFillEllipseI
GdiplusStartup
GdipCloneBrush
GdipFree

ole32

CoCreateGuid
OleInitialize
CoInitializeSecurity

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
FindClose
GetTickCount
Sleep
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLastError
CloseHandle
MapViewOfFile
UnmapViewOfFile
CompareFileTime
FlushViewOfFile
SetLastError
UnlockFile
LockFile
SetEndOfFile
SetFilePointer
GetDiskFreeSpaceW
GetModuleHandleW
InitializeCriticalSection
GetFileInformationByHandle
FlushFileBuffers
WriteFile
ReadFile
GetFileSize
SystemTimeToFileTime
SetFileTime
GetUserDefaultLCID
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetVersionExA
MultiByteToWideChar
GetExitCodeProcess
WaitForSingleObject
CreatePipe
GetStdHandle
HeapFree
GetProcessHeap
HeapAlloc
lstrlenW
WideCharToMultiByte
FreeLibrary
lstrlenA
lstrcmpA
LocalAlloc
VerifyVersionInfoW
VerSetConditionMask
GetCurrentProcess
GetComputerNameW
GetSystemPowerStatus
GetLocalTime
GetModuleHandleA
GetVersion
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
GlobalSize
GetSystemInfo
GlobalMemoryStatus
GetVersionExW
GetCurrentDirectoryW
GetWindowsDirectoryW
GlobalGetAtomNameW
GetModuleFileNameW
GetTempPathW
FindResourceW
DeleteFileW
GetTempFileNameW
SetCurrentDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
GetDateFormatW
GlobalFree
FindFirstFileW
FindNextFileW
CreateFileW
GetProfileStringW
CreateProcessW
GetEnvironmentVariableW
GlobalAddAtomW
CreateFileMappingW
SearchPathW
CopyFileW
MoveFileW
OpenFileMappingW
GetCurrentThread
GlobalDeleteAtom
SetHandleCount
WinExec
DeleteCriticalSection
FreeResource
LoadResource
SetEvent
CreateEventW
ExpandEnvironmentStringsA
LoadLibraryA
RtlUnwind
MoveFileA
HeapSize
HeapReAlloc
DecodePointer
EncodePointer
ExitThread
ResumeThread
CreateThread
RaiseException
GetSystemTimeAsFileTime
CreateDirectoryW
ExitProcess
GetConsoleCP
GetConsoleMode
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetACP
GetOEMCP
IsValidCodePage
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetFileAttributesA
HeapCreate
GetTimeZoneInformation
WriteConsoleW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
CompareStringW
SetEnvironmentVariableA
LocalFree
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatW
InitializeCriticalSectionAndSpinCount
GetSystemTime
LCMapStringW

user32

WaitMessage
DispatchMessageW
TranslateMessage
KillTimer
PeekMessageW
SetTimer
IsChild
CheckRadioButton
CheckDlgButton
DefDlgProcW
SystemParametersInfoW
CreateDialogIndirectParamW
MoveWindow
GetWindowDC
ReleaseCapture
GetCursorPos
ScreenToClient
IsIconic
WindowFromPoint
GetAsyncKeyState
SetCapture
SetCursor
ClientToScreen
DestroyCursor
FillRect
InvertRect
DefWindowProcW
SubtractRect
UpdateWindow
ScrollWindowEx
RedrawWindow
WindowFromDC
DestroyIcon
SetWindowPos
GetDesktopWindow
GetKeyState
GetMessageW
IsWindowVisible
SetScrollPos
GetDlgCtrlID
DrawFocusRect
CloseClipboard
EmptyClipboard
OpenClipboard
SetParent
DestroyMenu
DefFrameProcW
DefMDIChildProcW
IsZoomed
GetSubMenu
GetMenu
CreateMenu
DrawMenuBar
DeleteMenu
CreatePopupMenu
TrackPopupMenu
CheckMenuItem
SetMenuItemBitmaps
AppendMenuW
SetMenuDefaultItem
EnableMenuItem
GetMenuItemCount
GetSystemMetrics
GetWindowPlacement
SystemParametersInfoA
OffsetRect
FrameRect
ShowCaret
HideCaret
AdjustWindowRect
SetCaretPos
GetForegroundWindow
InvalidateRect
CreateCaret
DestroyCaret
MessageBeep
TrackMouseEvent
GetWindowThreadProcessId
GetCursor
GetScrollInfo
SetScrollInfo
SetScrollRange
RegisterWindowMessageW
FindWindowW
SetClipboardData
GetClipboardData
ValidateRect
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
GetWindowTextW
RegisterClassW
GetClassNameW
SetWindowTextW
LoadBitmapW
CreateWindowExW
SetDlgItemTextW
GetDlgItemTextW
DrawTextW
MessageBoxW
LoadCursorW
LoadIconW
GetTabbedTextExtentW
InsertMenuW
LoadImageW
TabbedTextOutW
WinHelpW
SetActiveWindow
GetClipboardOwner
PostQuitMessage
PackDDElParam
ExitWindowsEx
SetForegroundWindow
SetLayeredWindowAttributes
SetWindowRgn
DrawIcon
GetScrollPos
GetScrollRange
IsDialogMessageW
GetLastActivePopup
GetDC
ReleaseDC
CallWindowProcW
SendMessageW
GetSysColor
PostMessageW
GetNextDlgTabItem
GetWindow
IsWindowEnabled
EnableWindow
DestroyWindow
EndDialog
SetFocus
SetWindowLongW
GetFocus
GetWindowLongW
SendDlgItemMessageW
GetDlgItem
GetWindowRect
GetParent
GetClientRect
BeginPaint
GetActiveWindow
EndPaint
MapWindowPoints
IntersectRect
ShowWindow

gdi32

GetCharWidthW
GetCharABCWidthsW
SetBkColor
SetViewportOrgEx
GetDeviceCaps
PtInRegion
FillRgn
LineDDA
GdiFlush
CombineRgn
GetRgnBox
CreateRectRgn
CreateRectRgnIndirect
CreatePolygonRgn
SetROP2
CreateCompatibleBitmap
StretchBlt
Polyline
CreateSolidBrush
PolyBezier
GetDCOrgEx
GetClipBox
EndPage
StartPage
StartDocW
SetAbortProc
EndDoc
GetCurrentObject
ExtTextOutW
CreateDCW
CreateICW
TextOutW
GetRegionData
OffsetRgn
ExtSelectClipRgn
SelectObject
CreateBitmap
BitBlt
GetPixel
SetPixel
DeleteObject
CreatePen
Ellipse
GetTextExtentPoint32W
ExcludeClipRect
SelectClipRgn
CreateFontIndirectW
SetTextColor
SetBkMode
SetTextAlign
GetCurrentPositionEx
GetTextMetricsW
MoveToEx
LineTo
GetStockObject
SelectPalette
RealizePalette
CreateDIBitmap
GetPaletteEntries
CreatePalette
CreateCompatibleDC
GetObjectW
DeleteDC

comdlg32

ChooseColorW
PageSetupDlgW
CommDlgExtendedError
PrintDlgW
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW

msimg32

AlphaBlend

imm32

ImmSetCompositionFontW
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

Exports

Exports

pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_malloc
pcre_stack_free
pcre_stack_guard
pcre_stack_malloc

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a4dc5fba981fd00e9ac4c73179df278

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

02:ff:5b:3d:27:2d:65:11:e7:d6:7c:7c:47:5e:5c:87Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

df:0b:5e:fb:91:2a:3b:53:5e:7a:24:d1:4d:27:82:8c:98:52:e7:24Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

mpr

comctl32

ws2_32

crypt32

wininet

psapi

advapi32

gdiplus

ole32

kernel32

user32

gdi32

comdlg32

msimg32

imm32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 285KB - Virtual size: 285KB

.data Size: 225KB - Virtual size: 411KB

.rsrc Size: 337KB - Virtual size: 337KB

.reloc Size: 135KB - Virtual size: 134KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

02:ff:5b:3d:27:2d:65:11:e7:d6:7c:7c:47:5e:5c:87
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

df:0b:5e:fb:91:2a:3b:53:5e:7a:24:d1:4d:27:82:8c:98:52:e7:24
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 285KB - Virtual size: 285KB

.data
Size: 225KB - Virtual size: 411KB

.rsrc
Size: 337KB - Virtual size: 337KB

.reloc
Size: 135KB - Virtual size: 134KB