2024-07-04_b9c9fa59d953cfdacd74470510fd0d1f_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-04_b9c9fa59d953cfdacd74470510fd0d1f_mafia
Size

324KB
MD5

b9c9fa59d953cfdacd74470510fd0d1f
SHA1

ac686fe3314069d24a94b5201440ba85bd83ab11
SHA256

a837ba3edb84f8f9c31993df911d2dfbd5b1e585ddabe53a5f4dabd2d6444d2d
SHA512

4c0dbb63d68cf76f4e1be8e6ac27097dd55ab7d55bde090c41bcb82ad41d864b8f8ecb317e09364ad4ff2765812fdd797254335c7b994c4a808a5b31f3b5f23f
SSDEEP

6144:C1jeu2zwddEY8w4wasoD0Lb7yZCYsL8JYrhRfhF:CM3cQY8w9asoALb74CYsL35F

Score

1^/10

Malware Config

Signatures

Files

2024-07-04_b9c9fa59d953cfdacd74470510fd0d1f_mafia
.exe windows:5 windows x86 arch:x86

9c38a060c160d351168b745bad953f5d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:be:52:7e:7a:21:7c:60:b2:93:b7:f5:61:3f:54:17:8a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

08/01/2015, 12:04

Not After

09/01/2016, 12:04

Subject

CN=BUFFERZONE Security Ltd.,OU=BUFFERZONE Security Ltd.,O=BUFFERZONE Security Ltd.,L=Tel Aviv,C=IL,1.2.840.113549.1.9.1=#0c1b696e666f406275666665727a6f6e6573656375726974792e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:0d:c8:38:e7:70:c7:c7:e2:2d:bd:d5:80:e0:ec:53:a0:29:eb:6f
Signer

Actual PE Digest

e3:0d:c8:38:e7:70:c7:c7:e2:2d:bd:d5:80:e0:ec:53:a0:29:eb:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\Redlight\Virt\BZRPCSS\Release32\BZRpcSs.pdb

Imports

kernel32

LocalAlloc
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
SetLastError
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
ExitThread
InterlockedIncrement
UnmapViewOfFile
MapViewOfFile
FlushInstructionCache
VirtualFree
CreateFileMappingA
lstrlenW
ReleaseMutex
GetModuleFileNameW
VirtualQuery
CreateFileMappingW
CreateFileW
GetModuleFileNameA
ReadProcessMemory
VirtualAllocEx
VirtualQueryEx
VirtualFreeEx
VirtualProtect
DuplicateHandle
GetCurrentThread
OpenProcess
VirtualProtectEx
WriteProcessMemory
HeapAlloc
GetProcessHeap
HeapFree
CreateRemoteThread
GetExitCodeThread
CreateMutexW
lstrcatA
GetThreadContext
GetVersionExW
OpenMutexW
lstrlenA
VirtualAlloc
OpenFileMappingW
lstrcpyA
GetWindowsDirectoryW
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryW
FindClose
FindFirstFileW
GetFileAttributesW
GetExitCodeProcess
CreateProcessW
GetNativeSystemInfo
DeviceIoControl
CreateFileA
OpenEventA
IsBadStringPtrW
GetVersion
GetFileSize
ReadFile
SetFilePointer
WriteFile
DeleteFileA
DeleteFileW
MoveFileA
GetFileTime
SetFileTime
GetFileAttributesA
SetFileAttributesA
ResetEvent
CreateEventA
CreateMutexA
CopyFileW
IsBadReadPtr
RtlUnwind
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapReAlloc
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedDecrement
QueryPerformanceCounter
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FatalAppExitA
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEndOfFile
GetModuleHandleW
GetCurrentThreadId
GetCommandLineW
OpenEventW
GetCurrentProcessId
Sleep
CreateEventW
WaitForSingleObject
CreateThread
WaitForMultipleObjects
LocalFree
FreeLibrary
CloseHandle
LoadLibraryW
GetLastError
ExitProcess
GetProcAddress
SetEvent
OutputDebugStringA
GetCurrentDirectoryW
GetTickCount
ExpandEnvironmentStringsW

user32

GetWindowThreadProcessId
DdeQueryConvInfo
DdeQueryNextServer
DdeCreateDataHandle
wsprintfA
DdeInitializeA
DdeCreateStringHandleA
DdeConnectList
DdeFreeStringHandle
DdeDisconnectList
DdeUninitialize
CallWindowProcW
CallWindowProcA
DdeClientTransaction
GetPropA
SetPropW
SetPropA
RemovePropW
RemovePropA
SetWindowLongW
SetWindowLongA
GetWindowLongW
GetWindowLongA
OpenInputDesktop
GetUserObjectInformationA
CloseDesktop
GetThreadDesktop
DdeFreeDataHandle
GetPropW
wsprintfW
DdeGetLastError

shell32

CommandLineToArgvW

advapi32

AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
FreeSid
AllocateAndInitializeSid
GetKernelObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetLengthSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
SetServiceObjectSecurity
QueryServiceObjectSecurity
ChangeServiceConfig2A
QueryServiceConfig2A
OpenServiceW
QueryServiceConfigW
DeleteService
QueryServiceStatus
OpenSCManagerA
OpenServiceA
CreateServiceW
LookupPrivilegeValueW

ole32

StringFromCLSID
CoTaskMemFree

Sections

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c38a060c160d351168b745bad953f5d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:be:52:7e:7a:21:7c:60:b2:93:b7:f5:61:3f:54:17:8aCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

e3:0d:c8:38:e7:70:c7:c7:e2:2d:bd:d5:80:e0:ec:53:a0:29:eb:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

advapi32

ole32

Sections

.text Size: 261KB - Virtual size: 260KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:be:52:7e:7a:21:7c:60:b2:93:b7:f5:61:3f:54:17:8a
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

e3:0d:c8:38:e7:70:c7:c7:e2:2d:bd:d5:80:e0:ec:53:a0:29:eb:6f
Signer

.text
Size: 261KB - Virtual size: 260KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB