2024-06-27_684df2577902a13ccd344590e4ddcd45_gazer_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-27_684df2577902a13ccd344590e4ddcd45_gazer_mafia
Size

2.7MB
MD5

684df2577902a13ccd344590e4ddcd45
SHA1

a157f0214733b51777a17bf85f1d9d04488ef595
SHA256

22dbc0552b405b5194cd4366a2f19923751732efe5ccc52947cc4c6f6e4a5cb8
SHA512

eb64c4b3a6fc258c7d868f37d147b9ec1246fe0410ddf57e4987cb5f2b2c6eea25012a82da96ef96ba5ae728c9f2fd6722429392575176da3241db7a5ee4bc81
SSDEEP

49152:drJn0qa8RxS7fSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSSSSSSlwwt:dgkxKfSSSSSSSSSSSSSSSSSSSSSSSSSy

Score

1^/10

Malware Config

Signatures

Files

2024-06-27_684df2577902a13ccd344590e4ddcd45_gazer_mafia
.exe windows:5 windows x86 arch:x86

2037a945edf9e339dd726bc8ca9a2f00

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:a3:d2:be:dc:54:d4:64:54:37:cc:f9:9d:9b:ce:6b:a8:7a:09:01:7a:2c:ba:55:68:3f:bc:b4:5c:a6:af:67
Signer

Actual PE Digest

4f:a3:d2:be:dc:54:d4:64:54:37:cc:f9:9d:9b:ce:6b:a8:7a:09:01:7a:2c:ba:55:68:3f:bc:b4:5c:a6:af:67

Digest Algorithm

sha256

PE Digest Matches

true

e2:9d:fc:24:60:e2:5d:99:71:d9:3e:81:d8:3b:68:c6:cb:05:fe:8e
Signer

Actual PE Digest

e2:9d:fc:24:60:e2:5d:99:71:d9:3e:81:d8:3b:68:c6:cb:05:fe:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\f477e70f45113db8\bin\Release_Win32\session.viewer.pdb

Imports

comctl32

InitCommonControlsEx
CreateToolbarEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_Add
ImageList_Destroy

secur32

GetUserNameExW

winmm

timeGetTime

ws2_32

setsockopt
WSACleanup
recv
bind
socket
closesocket
htons
listen
accept
WSAGetLastError
inet_addr
WSAStringToAddressA
WSAAddressToStringA
WSASocketA
send
getservbyport
sendto
getservbyname
WSASetLastError
gethostbyaddr
ntohl
htonl
ntohs
WSAIoctl
WSASocketW
WSASend
ioctlsocket
recvfrom
getaddrinfo
select
getsockname
shutdown
freeaddrinfo
__WSAFDIsSet
getsockopt
WSAStartup
connect
gethostbyname
inet_ntoa
gethostname
WSARecv

kernel32

SizeofResource
GetModuleFileNameW
CreateFileW
GetLastError
ProcessIdToSessionId
LockResource
GlobalMemoryStatusEx
GetCurrentProcessId
GetSystemTime
lstrcpyA
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
lstrcpyW
ExitProcess
CreateMutexW
CreateProcessW
GetCurrentDirectoryW
QueueUserWorkItem
QueryPerformanceCounter
QueryPerformanceFrequency
WriteFile
SetLastError
ReadFile
GetFileSizeEx
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
InterlockedIncrement
WaitForSingleObjectEx
ReleaseSemaphore
SetThreadPriority
CreateSemaphoreW
SetConsoleTextAttribute
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
FlushFileBuffers
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW
GetConsoleMode
GetConsoleCP
GetTickCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedDecrement
IsProcessorFeaturePresent
HeapCreate
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
GetProcessTimes
GetTimeZoneInformation
GetFileType
SetStdHandle
ExitThread
RtlUnwind
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
TerminateProcess
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
CopyFileW
GetCurrentThread
SystemTimeToFileTime
SetFilePointer
FreeResource
ResumeThread
WaitForMultipleObjects
GetQueuedCompletionStatus
GetSystemDirectoryA
InterlockedExchangeAdd
TryEnterCriticalSection
GetStdHandle
FreeConsole
CreateIoCompletionPort
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryA
FindNextFileW
RemoveDirectoryW
FindClose
MoveFileW
SetFileTime
CreateDirectoryW
GetCurrentProcess
SetUnhandledExceptionFilter
LoadResource
FindResourceW
FindResourceExW
DeleteFileW
lstrcmpiW
GetFileAttributesW
GetVersionExW
GetProcessHeap
HeapFree
GetNativeSystemInfo
GetCommandLineW
ExpandEnvironmentStringsW
OutputDebugStringA
GetCurrentThreadId
IsDebuggerPresent
RegisterWaitForSingleObject
GlobalUnlock
lstrlenW
lstrcmpW
GetEnvironmentVariableA
lstrcpynW
GetLogicalDriveStringsW
SetErrorMode
FindFirstFileW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
VirtualProtect
GetSystemTimeAsFileTime
FormatMessageW
GlobalAlloc
OpenProcess
GetModuleHandleW
GlobalLock
UnregisterWait
GetEnvironmentVariableW
CreateThread
CloseHandle
CreateEventW
GetLocalTime
ResetEvent
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
Sleep
LoadLibraryW
lstrlenA
InitializeCriticalSection
SetEvent
WaitForSingleObject
FormatMessageA

user32

PostQuitMessage
IsDialogMessageW
LoadAcceleratorsW
GetKeyboardLayout
ToUnicodeEx
ReleaseDC
GetParent
CloseDesktop
LoadBitmapW
SetScrollInfo
SetThreadDesktop
GetSystemMenu
GetMenuItemID
InsertMenuItemW
EnableMenuItem
GetMenuItemCount
DestroyMenu
CheckMenuItem
GetClipboardSequenceNumber
UnhookWindowsHookEx
OpenInputDesktop
ShowScrollBar
GetScrollInfo
SetCursor
TrackMouseEvent
DialogBoxParamW
EndDialog
SetWindowsHookExW
CallNextHookEx
EnumClipboardFormats
IsClipboardFormatAvailable
GetDC
wvsprintfA
SetWindowPlacement
SetTimer
IsIconic
KillTimer
MessageBeep
GetWindowPlacement
GetAsyncKeyState
MonitorFromWindow
GetDesktopWindow
RegisterHotKey
GetMonitorInfoW
MoveWindow
GetSysColor
BringWindowToTop
GetSystemMetrics
DestroyWindow
ScreenToClient
GetWindowRect
TrackPopupMenu
FillRect
SetCapture
PostMessageW
GetKeyState
CreateMenu
RegisterClassExW
AppendMenuW
SystemParametersInfoW
GetCursorPos
CreateWindowExW
ReleaseCapture
UpdateWindow
EndPaint
CloseClipboard
TranslateAcceleratorW
RemovePropW
SetActiveWindow
MapDialogRect
GetMessageW
GetPriorityClipboardFormat
UnregisterClassW
DrawTextW
DefDlgProcW
SetForegroundWindow
AttachThreadInput
LoadCursorW
IsWindowEnabled
GetClientRect
SetFocus
BeginPaint
wsprintfW
SetPropW
GetIconInfo
TranslateMessage
GetForegroundWindow
LoadIconW
GetWindowTextA
InvalidateRect
GetWindowLongW
GetClipboardData
GetWindowTextW
SetClassLongW
EmptyClipboard
SetWindowLongW
RedrawWindow
SetWindowPos
ShowWindow
GetSysColorBrush
GetActiveWindow
OpenClipboard
RegisterClassW
IsWindowVisible
SetWindowTextA
SendMessageW
MapWindowPoints
EnableWindow
SetClipboardData
GetDlgCtrlID
SetWindowTextW
GetPropW
CallWindowProcW
DefWindowProcW
GetWindowThreadProcessId
GetWindow
DispatchMessageW
GetDlgItem
MessageBoxW
wsprintfA
IsWindow
CreateDialogParamW

gdi32

GetCurrentObject
SetStretchBltMode
StretchBlt
CreateDIBSection
GetDIBits
BitBlt
DeleteDC
CreateCompatibleBitmap
SetTextColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
Rectangle
CreateFontW
GetObjectW
CreatePen
CreateSolidBrush

comdlg32

GetSaveFileNameW

advapi32

CryptReleaseContext
RegOpenKeyExW
RegDeleteValueW
ImpersonateSelf
RegCloseKey
GetUserNameW
DuplicateToken
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessAsUserW
DuplicateTokenEx
RegDeleteKeyW
RegEnumKeyW
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptSetKeyParam
CryptAcquireContextW
GetFileSecurityW
CryptGenRandom
OpenThreadToken
MapGenericMask
AccessCheck
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

shell32

ShellExecuteW
SHCreateDirectoryExW
CommandLineToArgvW
DragFinish
SHGetFileInfoW
DragQueryFileW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

crypt32

CryptUnprotectData
CryptProtectData

shlwapi

PathFileExistsW
StrStrIW
StrStrIA
PathCanonicalizeW
PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

iphlpapi

GetAdaptersAddresses

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipGetImageEncoders

msimg32

AlphaBlend

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2037a945edf9e339dd726bc8ca9a2f00

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ceCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ceCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

4f:a3:d2:be:dc:54:d4:64:54:37:cc:f9:9d:9b:ce:6b:a8:7a:09:01:7a:2c:ba:55:68:3f:bc:b4:5c:a6:af:67Signer

e2:9d:fc:24:60:e2:5d:99:71:d9:3e:81:d8:3b:68:c6:cb:05:fe:8eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

secur32

winmm

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

version

crypt32

shlwapi

iphlpapi

gdiplus

msimg32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 489KB - Virtual size: 488KB

.data Size: 40KB - Virtual size: 65KB

.rodata Size: 3KB - Virtual size: 2KB

.rsrc Size: 96KB - Virtual size: 95KB

.reloc Size: 96KB - Virtual size: 95KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

4f:a3:d2:be:dc:54:d4:64:54:37:cc:f9:9d:9b:ce:6b:a8:7a:09:01:7a:2c:ba:55:68:3f:bc:b4:5c:a6:af:67
Signer

e2:9d:fc:24:60:e2:5d:99:71:d9:3e:81:d8:3b:68:c6:cb:05:fe:8e
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 489KB - Virtual size: 488KB

.data
Size: 40KB - Virtual size: 65KB

.rodata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 96KB - Virtual size: 95KB

.reloc
Size: 96KB - Virtual size: 95KB