2024-06-29_9925cfe2ae006f46ab5eb716e9afb2d9_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-29_9925cfe2ae006f46ab5eb716e9afb2d9_mafia
Size

718KB
MD5

9925cfe2ae006f46ab5eb716e9afb2d9
SHA1

83c0a9964fe1e4602a85eb82796660ade1428ed4
SHA256

33fa70d22bf89a78a98fa45e597aa9e4407782b7fa3dd335f2349a84fdb67a45
SHA512

f82df95ac51c1222b26b46df15c600277c3bc89a9ae8e968e93287770ebc69a6bbd9c6634c5182208f9989ece19c4fff691f9db515efb477e82d5a6f73496e85
SSDEEP

12288:VvUP1pDNCh5tq4CxcqaLBVE6putJEGh7HzfFJpc8f7zdvawyl4Y:5U9pDghWztTztJTf7Bawyl4Y

Score

1^/10

Malware Config

Signatures

Files

2024-06-29_9925cfe2ae006f46ab5eb716e9afb2d9_mafia
.exe windows:5 windows x86 arch:x86

7375d4d5838a7490982cd500ffacaa2a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

57:0f:39:54:fd:8a:c2:18:4e:29:e8:30:63:a4:48:2b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30-09-2013 00:00

Not After

30-09-2015 23:59

Subject

CN=Denco Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Denco Limited,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:24:a1:f7:f8:8a:d4:d6:78:77:9f:37:e1:a5:66:4f:bf:9a:38:79
Signer

Actual PE Digest

f4:24:a1:f7:f8:8a:d4:d6:78:77:9f:37:e1:a5:66:4f:bf:9a:38:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect

wpcap

pcap_close
pcap_freealldevs
pcap_findalldevs
pcap_setfilter
pcap_geterr
pcap_compile
pcap_next_ex
pcap_open_live

ws2_32

ntohs
ntohl
gethostname
WSAStartup
gethostbyname
WSACleanup

iphlpapi

GetBestInterface
GetAdaptersAddresses

oleacc

AccessibleObjectFromPoint
WindowFromAccessibleObject

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
QueryPerformanceCounter
GetConsoleCP
GetLocaleInfoW
WriteFile
ExitProcess
GetFileType
GetCurrentProcessId
GetUserDefaultLCID
GetConsoleMode
GetLocaleInfoA
GetCommandLineW
ExitThread
GetSystemTimeAsFileTime
GetCPInfo
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
HeapFree
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
GetPrivateProfileStringW
MultiByteToWideChar
lstrlenW
FormatMessageW
InterlockedDecrement
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
ReleaseMutex
GetLastError
CreateMutexW
InitializeCriticalSectionAndSpinCount
GetExitCodeThread
WaitForSingleObject
SetEvent
GetProcAddress
GetModuleHandleW
InterlockedIncrement
EnumSystemLocalesA
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerW
CreateEventW
VerifyVersionInfoW
VerSetConditionMask
GetNativeSystemInfo
GetVersionExW
GetLocalTime
FindNextFileW
FindClose
GetFullPathNameW
FindFirstFileW
WideCharToMultiByte
lstrlenA
InitializeCriticalSection
Sleep
InterlockedCompareExchange
CreateFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetEndOfFile
SetFilePointerEx
QueueUserWorkItem
GetTickCount
GetSystemInfo
GetModuleFileNameA
GetModuleHandleA
LocalFree
ReadFile
LCMapStringW
FlushFileBuffers
DeleteFileW
GetFileSizeEx
MoveFileW
GetTempPathW
RemoveDirectoryW
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSize
HeapReAlloc
HeapDestroy
TerminateProcess
UnhandledExceptionFilter
lstrcmpiW
IsValidLocale
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
SetHandleCount
GetStdHandle
LoadLibraryW
WriteConsoleW
SetStdHandle
HeapSetInformation
GetStartupInfoW
ResumeThread
CompareStringW
CreateThread
FlushViewOfFile

user32

SendMessageW
IsDialogMessageW
CharNextW
SetWindowTextW
PostThreadMessageW
PeekMessageW
DestroyWindow
CreateDialogParamW
EnableWindow
GetDlgItem
LoadImageW
DefWindowProcW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
SetWindowLongW
GetClassNameW
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
GetWindowLongW
EndDialog
PostQuitMessage
DialogBoxParamW
GetSystemMetrics
GetActiveWindow
UnregisterClassA
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW

shell32

SHGetFolderPathW
ShellExecuteW
ord165

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantCopy
VarUI4FromStr
VarCmp
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarBstrCmp
VariantClear
VariantInit
SysFreeString
SysStringLen

shlwapi

PathFileExistsW

comctl32

InitCommonControlsEx

dbghelp

MakeSureDirectoryPathExists

Sections

.text
Size: 542KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7375d4d5838a7490982cd500ffacaa2a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

57:0f:39:54:fd:8a:c2:18:4e:29:e8:30:63:a4:48:2bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f4:24:a1:f7:f8:8a:d4:d6:78:77:9f:37:e1:a5:66:4f:bf:9a:38:79Signer

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

wpcap

ws2_32

iphlpapi

oleacc

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

dbghelp

Sections

.text Size: 542KB - Virtual size: 541KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 15KB - Virtual size: 24KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 38KB - Virtual size: 37KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

57:0f:39:54:fd:8a:c2:18:4e:29:e8:30:63:a4:48:2b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f4:24:a1:f7:f8:8a:d4:d6:78:77:9f:37:e1:a5:66:4f:bf:9a:38:79
Signer

.text
Size: 542KB - Virtual size: 541KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 15KB - Virtual size: 24KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 38KB - Virtual size: 37KB