2024-07-09_e5b9c7ae66c57774e81c07622f76f775_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-09_e5b9c7ae66c57774e81c07622f76f775_mafia
Size

484KB
MD5

e5b9c7ae66c57774e81c07622f76f775
SHA1

8a15aac972b6b038b9b9ec037b4edf813f317cb5
SHA256

4d9d51335dc3d6cfdccaf7046506c838d8b30340ac095f7f60385bfe683b100a
SHA512

bfaa02f12466cb0fa3699c69dfdb64b10b1be8c556952bde8fc63b9adfe9e02af2458f755155b829f51dac273e5bb6f349a438c87f7f3f9e0ff7766c8da08c4a
SSDEEP

12288:DoeKAueYc4x0J/rkdjuSCVTtgChyX53ca8WwxO4k0zlZvABeiftOuR8:DoeKAU1Cs3ca8WwxOX0zlmBeiftOuu

Score

1^/10

Malware Config

Signatures

Files

2024-07-09_e5b9c7ae66c57774e81c07622f76f775_mafia
.exe windows:5 windows x86 arch:x86

d4878c3a0ad8a54aa57cb9ed4c2767df

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:cf:64:81:d2:9d:bd:67:46:86:3a:65:84:08:ae:1c
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

12/05/2014, 00:00

Not After

11/08/2015, 23:59

Subject

CN=载信软件（上海）有限公司,OU=IT部,O=载信软件（上海）有限公司,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

db:dd:a4:f5:e2:4a:02:f1:b9:17:57:a2:30:20:e5:47:f9:a0:fa:70
Signer

Actual PE Digest

db:dd:a4:f5:e2:4a:02:f1:b9:17:57:a2:30:20:e5:47:f9:a0:fa:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
GetModuleFileNameA
CreateFileW
WriteFile
FindClose
TerminateProcess
WTSGetActiveConsoleSessionId
CreateFileA
DeleteFileA
OutputDebugStringA
GetModuleHandleA
DeviceIoControl
SetPriorityClass
LocalFree
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
InitializeCriticalSection
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleExW
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetHandleCount
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
HeapSize
HeapReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
GetCPInfo
LCMapStringW
GetStdHandle
GetFileType
WriteConsoleW
FindFirstFileExW
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetStartupInfoW
HeapSetInformation
GetSystemTimeAsFileTime
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetUserDefaultLCID
lstrlenA
GetVersionExW
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
RaiseException
LoadLibraryW
OutputDebugStringW
GetCommandLineW
LoadLibraryExW
SizeofResource
lstrcmpiW
FreeLibrary
MultiByteToWideChar
GlobalHandle
GlobalFree
Sleep
GetLocalTime
SetFilePointer
GetTickCount
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrlenW
GetLastError
LeaveCriticalSection
EnterCriticalSection

user32

MapDialogRect
EndPaint
BeginPaint
DefWindowProcW
EnableWindow
SetWindowTextW
SendMessageW
SetWindowPos
IsDialogMessageW
GetDlgItem
MoveWindow
GetWindowLongW
SetWindowLongW
wsprintfW
EndDialog
CreateWindowExW
GetWindow
SetWindowContextHelpId
UnregisterClassA
CharNextW
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetClassNameW
ReleaseCapture
FillRect
DestroyWindow
CallWindowProcW
GetDesktopWindow
DestroyAcceleratorTable
GetFocus
SetFocus
IsWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateAcceleratorTableW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
GetWindowRect
ShowWindow
SetTimer
KillTimer
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
IsIconic
LoadImageW
UpdateLayeredWindow
SetCursor
MessageBoxA
GetSysColor
PostQuitMessage
CreateDialogIndirectParamW
GetSystemMetrics
SetForegroundWindow
FindWindowW
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CreateDialogParamW

gdi32

GetObjectA
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
GetTextExtentExPointW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
BitBlt
CreateFontW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
GetUserNameW

shell32

SHGetFolderLocation
SHGetPathFromIDListW
ord155
CommandLineToArgvW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString

shlwapi

SHRegGetValueW

comctl32

InitCommonControlsEx

gdiplus

GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateBitmapFromFile
GdipDrawString
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteBrush
GdipCloneImage
GdipDrawImageRectI
GdipSetSmoothingMode
GdipReleaseDC
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFile
GdipDeleteGraphics
GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectRectI

winhttp

WinHttpSetOption
WinHttpReceiveResponse
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpQueryHeaders

psapi

GetModuleBaseNameA

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSFreeMemory

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4878c3a0ad8a54aa57cb9ed4c2767df

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07:cf:64:81:d2:9d:bd:67:46:86:3a:65:84:08:ae:1cCertificate

Extended Key Usages

Key Usages

db:dd:a4:f5:e2:4a:02:f1:b9:17:57:a2:30:20:e5:47:f9:a0:fa:70Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

winhttp

psapi

wtsapi32

iphlpapi

Sections

.text Size: 340KB - Virtual size: 340KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 45KB - Virtual size: 45KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07:cf:64:81:d2:9d:bd:67:46:86:3a:65:84:08:ae:1c
Certificate

db:dd:a4:f5:e2:4a:02:f1:b9:17:57:a2:30:20:e5:47:f9:a0:fa:70
Signer

.text
Size: 340KB - Virtual size: 340KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 45KB - Virtual size: 45KB