2024-07-10_5d081be215b49b1f9549456ccf2db38d_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-10_5d081be215b49b1f9549456ccf2db38d_mafia
Size

1.1MB
MD5

5d081be215b49b1f9549456ccf2db38d
SHA1

1c0c651f9cf0c558bfd3435006ac259932c5280a
SHA256

44ac3284374eea066c9d8c356b82daa6e00ea75bc03ca0e55364f58ef8dc959f
SHA512

73309f52374a33ac2735eac63ecdc26bcb3dea3bdb4d67cd83eb0b2f4b1347c8612b9cddbe445f20c0f97a41118c7c2d51248239dbfb5c91cd788241978085d4
SSDEEP

24576:f13XOWHjxU0n9Nuu6alslLlLRJEfej3wV6up7uuEiYANsT8:fNVxUvu6gmLlNJHjWRuutsT8

Score

1^/10

Malware Config

Signatures

Files

2024-07-10_5d081be215b49b1f9549456ccf2db38d_mafia
.exe windows:5 windows x86 arch:x86

69b46b62f152c30ca140b28426dd0a03

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:1b:ca:c2:0c:fc:d2:7d:bf:43:d8:19:ef:07:1c:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2014, 00:00

Not After

27/04/2017, 23:59

Subject

CN=NEVOSOFT,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NEVOSOFT,L=Saint-Petersburg,ST=Saint-Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:64:47:e0:ce:92:fe:93:aa:a9:9f:ee:42:82:0a:10:db:8a:10:4c
Signer

Actual PE Digest

33:64:47:e0:ce:92:fe:93:aa:a9:9f:ee:42:82:0a:10:db:8a:10:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\svn\wrapd.nevosoft.ru\bin\Wrapper\HtmlBrowser.pdb

Imports

kernel32

SizeofResource
LockResource
UpdateResourceW
CreateFileW
WriteFile
CloseHandle
CreateProcessW
CreateEventW
WaitForSingleObject
lstrcmpW
DeleteCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
FindResourceExW
GlobalHandle
GlobalFree
MulDiv
lstrcpyW
OpenEventW
SetEvent
Process32FirstW
OpenProcess
Process32NextW
CreateToolhelp32Snapshot
GetCurrentProcessId
TerminateProcess
GetModuleHandleW
GetTempPathW
lstrcatW
GlobalLock
GlobalAlloc
InterlockedDecrement
RaiseException
SetLastError
FlushInstructionCache
LoadResource
SetEnvironmentVariableA
CompareStringW
SetStdHandle
WriteConsoleW
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThread
TlsFree
GetCurrentProcess
TlsGetValue
TlsAlloc
FindResourceW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetLocaleInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FatalAppExitA
HeapCreate
GetStdHandle
ExitProcess
GetCPInfo
LCMapStringW
RtlUnwind
CreateThread
ExitThread
GetStartupInfoW
HeapSetInformation
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
DecodePointer
EncodePointer
InterlockedExchange
InterlockedIncrement
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
FlushFileBuffers
GetFileAttributesW
GetFileAttributesA
GetVersionExW
FormatMessageW
FormatMessageA
GetSystemTimeAsFileTime
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
DeleteFileW
FreeLibrary
EndUpdateResourceW
EnumResourceNamesW
BeginUpdateResourceW
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
lstrlenW
GetEnvironmentStringsW
GlobalUnlock
GetCurrentThreadId
LeaveCriticalSection
TlsSetValue
EnterCriticalSection
SetEndOfFile
CreateFileA
GetFullPathNameA
GetFullPathNameW
Sleep
RemoveDirectoryW
FindNextFileW
CreateDirectoryW
InitializeCriticalSection
WaitForMultipleObjects
GetTickCount
MoveFileW
lstrcmpA
lstrcpyA
SetFileAttributesW
GetExitCodeProcess
GetTempFileNameW
ResumeThread
CreateRemoteThread
GetProcAddress
ExpandEnvironmentStringsW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
lstrlenA
FindFirstFileW
FindClose
ReadFile
SetFilePointer
WriteProcessMemory
GetModuleHandleA
VirtualAllocEx
GetCommandLineW

user32

GetClassInfoExW
LoadCursorW
DestroyWindow
SetWindowLongW
UnregisterClassA
PostThreadMessageW
EnumThreadWindows
WaitForInputIdle
SwitchToThisWindow
FindWindowW
RegisterClassExW
CreateWindowExW
PostMessageW
CreatePopupMenu
InsertMenuItemW
TrackPopupMenu
OpenClipboard
EmptyClipboard
MoveWindow
CloseClipboard
GetDlgItem
SetWindowPos
CharUpperA
GetWindowRect
MapWindowPoints
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
ShowWindow
SendMessageW
RegisterWindowMessageW
wsprintfA
wsprintfW
PostQuitMessage
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
LoadStringW
GetClientRect
SystemParametersInfoW
SetClipboardData
RealGetWindowClassW
EnumChildWindows
PeekMessageW
RegisterWindowMessageA
SetLayeredWindowAttributes
KillTimer
SetTimer
DestroyMenu
GetSystemMetrics
LoadImageW
CheckMenuItem
GetMenuState
GetCursorPos
SetForegroundWindow
IsWindowVisible
GetWindowPlacement
EndDialog
MapDialogRect
SetWindowContextHelpId
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
IsWindow
GetSysColor
CharNextW
RedrawWindow
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
DefWindowProcW
DialogBoxIndirectParamW
GetClassNameW
EnumWindows
MessageBoxW

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps
CreateBitmap
CreateDIBSection

advapi32

RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegQueryValueExA
RegEnumKeyExW
RegDeleteKeyW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleRun
StringFromCLSID
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
StringFromGUID2
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
VariantCopy
VariantInit
VariantClear
VariantChangeType
SysStringLen
SysAllocString
SysFreeString
GetErrorInfo
SetErrorInfo
SysAllocStringLen
CreateErrorInfo

shlwapi

SHCreateStreamOnFileEx

gdiplus

GdipDeleteGraphics
GdiplusStartup
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawImageRectI

wininet

InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
HttpQueryInfoW
InternetOpenUrlA
HttpSendRequestA
InternetOpenW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 878KB - Virtual size: 877KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69b46b62f152c30ca140b28426dd0a03

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7c:1b:ca:c2:0c:fc:d2:7d:bf:43:d8:19:ef:07:1c:70Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

33:64:47:e0:ce:92:fe:93:aa:a9:9f:ee:42:82:0a:10:db:8a:10:4cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

wininet

version

Sections

.text Size: 878KB - Virtual size: 877KB

.rdata Size: 142KB - Virtual size: 141KB

.data Size: 16KB - Virtual size: 45KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 35KB - Virtual size: 35KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7c:1b:ca:c2:0c:fc:d2:7d:bf:43:d8:19:ef:07:1c:70
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

33:64:47:e0:ce:92:fe:93:aa:a9:9f:ee:42:82:0a:10:db:8a:10:4c
Signer

.text
Size: 878KB - Virtual size: 877KB

.rdata
Size: 142KB - Virtual size: 141KB

.data
Size: 16KB - Virtual size: 45KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 35KB - Virtual size: 35KB