2024-07-06_fa828ca06633ac6da8deb4fd2af61b47_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-06_fa828ca06633ac6da8deb4fd2af61b47_mafia
Size

198KB
MD5

fa828ca06633ac6da8deb4fd2af61b47
SHA1

6b37c23429bde65e3cfdad7ec7e17abf95651909
SHA256

d37fe30271f5c76c4b4feb6f908593b125e34057d62b60233fceea9fe5c89104
SHA512

0165b6bd251fc5a30c7289cba3cc243d47ba445a380e4b066d2324897642fb259a264f263b5339ca6bb9fad522002084c61a53a3db76a320b9e41a59fc57c8c3
SSDEEP

3072:bFlLFmB4PNuf/hBtL2qncVZ6cFAE0kMKhYEdzuESHW7IAwD5jlbl5DE4f:RmB4wf/J2fCkLtdzuA87D5j1lF3f

Score

1^/10

Malware Config

Signatures

Files

2024-07-06_fa828ca06633ac6da8deb4fd2af61b47_mafia
.exe windows:5 windows x86 arch:x86

c2922348b2b540625c43c05b64d164d6

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:bb:3f:0e:ee:7b:02:3c:7a:e8:40:e1:8a:2b:80:c4
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

03/04/2012, 00:00

Not After

03/05/2013, 23:59

Subject

CN=OOO Metabar,OU=IT Department,O=OOO Metabar,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

ec:4b:ce:b0:55:94:1c:a5:6c:13:a8:d8:0c:29:9a:14:c9:9e:85:09
Signer

Actual PE Digest

ec:4b:ce:b0:55:94:1c:a5:6c:13:a8:d8:0c:29:9a:14:c9:9e:85:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\metabar\platform\IE\bho_toolbar\tmp\Win32\wit4ie\BackgroundHostSingleton\Release\backgroundHost.pdb

Imports

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
GetProcAddress
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LockResource
FindResourceExW
GetCommandLineW
MultiByteToWideChar
CloseHandle
CreateThread
CreateEventW
WaitForSingleObject
GetCurrentThreadId
SetEvent
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
LCMapStringW
InterlockedExchange
WideCharToMultiByte
FreeLibrary
lstrlenW
GetModuleFileNameW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
Sleep
GetLastError
LoadLibraryW
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FatalAppExitA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
IsValidLocale
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
ExitProcess
IsProcessorFeaturePresent
GetLocaleInfoW
GetStdHandle
WriteFile
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
DecodePointer
EncodePointer
HeapSetInformation
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

CharNextW
TranslateMessage
GetMessageW
PostThreadMessageW
CharUpperW
DispatchMessageW

advapi32

RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW

ole32

CoTaskMemRealloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoAddRefServerProcess
CoTaskMemAlloc
CoReleaseServerProcess
StringFromGUID2

oleaut32

UnRegisterTypeLi
RegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
VarUI4FromStr
SysAllocString
VariantClear

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2922348b2b540625c43c05b64d164d6

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

05:bb:3f:0e:ee:7b:02:3c:7a:e8:40:e1:8a:2b:80:c4Certificate

Extended Key Usages

ec:4b:ce:b0:55:94:1c:a5:6c:13:a8:d8:0c:29:9a:14:c9:9e:85:09Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 146KB - Virtual size: 145KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 7KB - Virtual size: 6KB

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

05:bb:3f:0e:ee:7b:02:3c:7a:e8:40:e1:8a:2b:80:c4
Certificate

ec:4b:ce:b0:55:94:1c:a5:6c:13:a8:d8:0c:29:9a:14:c9:9e:85:09
Signer

.text
Size: 146KB - Virtual size: 145KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 7KB - Virtual size: 6KB