2024-08-07_343634c6e1f2d02dcbc6ceb7f299190e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-07_343634c6e1f2d02dcbc6ceb7f299190e_mafia
Size

1.5MB
MD5

343634c6e1f2d02dcbc6ceb7f299190e
SHA1

1efef418bebacf8b026504983767c44581b27ec7
SHA256

9f6e9f58859bfed28eaa8ebb0b4bd0c01ac180f77561c8ce376260ca29270d3e
SHA512

5c94367eb2b2db081fe5b6d4e0517a329911e84e2bcc6b1643be4baba11e35807a0241b2f5a46f887be39d1fd1aef876531a82ce6b8743ecc0cd0e144719113b
SSDEEP

24576:7Q+sfVpbxAHWp3vgEhQUU6H3aPqzqXx3UVSNKlE79XkTkUWTvP:ns9YyZJQqGB32SNKiqTkUWTX

Score

1^/10

Malware Config

Signatures

Files

2024-08-07_343634c6e1f2d02dcbc6ceb7f299190e_mafia
.exe windows:5 windows x86 arch:x86

dab629f69288217bcc30653b93408202

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:1f:ce:73:53:73:3c:c7:fd:73:23:36:b3:48:85:27
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

18/12/2018, 23:59

Subject

SERIALNUMBER=97108816,CN=日月晶耀股份有限公司,O=日月晶耀股份有限公司,L=台北市,ST=台灣省,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:5a:01:31:97:64:73:55:d9:9a:f0:c1:bb:04:af:12:21:02:01:4b
Signer

Actual PE Digest

55:5a:01:31:97:64:73:55:d9:9a:f0:c1:bb:04:af:12:21:02:01:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SleepEx
OpenProcess
TerminateProcess
Process32FirstW
Process32NextW
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
FindFirstFileW
SystemTimeToTzSpecificLocalTime
GetPrivateProfileStringW
GetProcessTimes
FileTimeToSystemTime
WritePrivateProfileStringW
FindClose
GetLocalTime
FindNextFileW
GlobalAlloc
GlobalFree
GetProcessId
ProcessIdToSessionId
GetCurrentThreadId
GetDriveTypeW
GetComputerNameW
FindFirstFileA
FindNextFileA
GetModuleFileNameW
GetPrivateProfileIntW
LocalAlloc
CopyFileW
CreateEventW
CreateProcessW
GetSystemDirectoryW
SetEvent
GetModuleHandleW
CreateThread
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
SetEnvironmentVariableW
GetFileInformationByHandle
WinExec
GetModuleFileNameA
MoveFileA
GetPrivateProfileStringA
SetFileAttributesA
CopyFileA
GetWindowsDirectoryA
CreateDirectoryW
VirtualProtect
GetSystemTime
LocalFree
GetTempPathA
GetCurrentProcessId
DeleteFileW
CloseHandle
GetVersionExA
OutputDebugStringA
DeleteCriticalSection
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
HeapSize
GetProcAddress
GetLastError
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
ReadFile
GetFileAttributesW
GetFullPathNameW
HeapValidate
HeapCreate
GetFileAttributesA
LeaveCriticalSection
DeleteFileA
FormatMessageW
Sleep
LoadLibraryW
WideCharToMultiByte
InitializeCriticalSection
WriteFile
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
LockFile
UnlockFile
InterlockedCompareExchange
WaitForSingleObject
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
WriteConsoleW
ResetEvent
WaitForSingleObjectEx
GetDiskFreeSpaceExA
GetVolumeInformationA
GetDriveTypeA
CreateSemaphoreW
GetLocaleInfoW
GetSystemDirectoryA
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
PeekNamedPipe
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
RtlUnwind
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
SetHandleCount
RaiseException
GetTimeZoneInformation
EncodePointer
GetStdHandle
DecodePointer
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindFirstFileExW
HeapSetInformation
GetCommandLineW
ExitThread
HeapDestroy
AreFileApisANSI
GetWindowsDirectoryW
WaitNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
SetLastError
CreateNamedPipeA
SetNamedPipeHandleState
InterlockedDecrement
GetCurrentProcess
GetLogicalDrives
GetVersionExW
IsWow64Process
GlobalMemoryStatusEx
DeviceIoControl
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
GetStartupInfoW
GetVolumeInformationW
WaitForMultipleObjects
SuspendThread
ResumeThread
GetSystemDefaultLangID
GetModuleHandleA
GetVersion
SetCurrentDirectoryW

user32

LoadCursorW
ExitWindowsEx
GetThreadDesktop
PostMessageW
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
wsprintfW
wsprintfA
DefWindowProcW
BeginPaint
SetCursor
GetClassNameW
GetWindowTextW
LoadIconW
RegisterClassExW
LoadAcceleratorsW
GetSystemMetrics
TranslateMessage
FindWindowW
PostQuitMessage
GetMessageW
LoadStringW
CreateWindowExW
UpdateWindow
DispatchMessageW
EnumWindows
GetWindowLongW
EndPaint
TranslateAcceleratorW

advapi32

OpenProcessToken
RegisterEventSourceW
DeregisterEventSource
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyW
ConvertStringSidToSidW
LookupPrivilegeValueA
AllocateAndInitializeSid
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
QueryServiceStatus
StartServiceW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegOpenKeyExW
RegQueryValueExW
GetSecurityDescriptorDacl
RegSetValueExW
InitializeSecurityDescriptor
EqualSid
RegCreateKeyExW
GetExplicitEntriesFromAclW
LookupAccountNameW
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
RegDeleteValueA
LookupAccountSidW
GetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegEnumValueW
AdjustTokenPrivileges
RegDeleteKeyW
GetKernelObjectSecurity
CreateProcessAsUserW
SetTokenInformation
SetSecurityDescriptorDacl
LookupPrivilegeValueW
DuplicateTokenEx
MakeAbsoluteSD
SetKernelObjectSecurity
SetEntriesInAclW
BuildExplicitAccessWithNameW
RegOpenKeyW
RegEnumKeyExW
OpenServiceA

shell32

SHGetFolderPathA
SHFileOperationW
SHGetDesktopFolder
SHGetMalloc
ShellExecuteW
ShellExecuteExA

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

secur32

GetUserNameExW

psapi

GetModuleFileNameExW

netapi32

NetUserGetLocalGroups
NetUserEnum
NetApiBufferFree
NetShareDel
NetShareEnum

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiSetClassInstallParamsW
CM_Get_Device_IDW
SetupDiGetDeviceInstanceIdW
CM_Get_Device_ID_Size
CM_Get_Child
CM_Get_Sibling
CM_Get_Parent
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

ws2_32

recv
bind
socket
gethostbyname
WSACleanup
WSAStartup
gethostname
inet_ntoa
accept
listen
send
setsockopt
connect
inet_addr
htonl
closesocket
WSARecv
WSAGetLastError
htons
ntohs

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

iphlpapi

GetAdaptersAddresses

winspool.drv

EnumPrintersW

ole32

CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SafeArrayAccessData
SafeArrayUnaccessData

Sections

.text
Size: 1014KB - Virtual size: 1014KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dab629f69288217bcc30653b93408202

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

4f:1f:ce:73:53:73:3c:c7:fd:73:23:36:b3:48:85:27Certificate

Extended Key Usages

Key Usages

55:5a:01:31:97:64:73:55:d9:9a:f0:c1:bb:04:af:12:21:02:01:4bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wtsapi32

secur32

psapi

netapi32

setupapi

ws2_32

userenv

iphlpapi

winspool.drv

ole32

oleaut32

Sections

.text Size: 1014KB - Virtual size: 1014KB

.rdata Size: 343KB - Virtual size: 342KB

.data Size: 63KB - Virtual size: 113KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 75KB - Virtual size: 75KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

4f:1f:ce:73:53:73:3c:c7:fd:73:23:36:b3:48:85:27
Certificate

55:5a:01:31:97:64:73:55:d9:9a:f0:c1:bb:04:af:12:21:02:01:4b
Signer

.text
Size: 1014KB - Virtual size: 1014KB

.rdata
Size: 343KB - Virtual size: 342KB

.data
Size: 63KB - Virtual size: 113KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 75KB - Virtual size: 75KB