2024-08-07_aaec8845b7470075544a91d43d2effb5_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-07_aaec8845b7470075544a91d43d2effb5_mafia
Size

649KB
MD5

aaec8845b7470075544a91d43d2effb5
SHA1

41844a521e3ddfdff91ae451a8b692cbbb4c5ff0
SHA256

b0eb2a2f5ae582f843e38b36818e7a38a712b63e4746b01647d18a6f52c5093a
SHA512

22f3117ae96bfe13128c1803fd29d600c91adf72a129f36143353262ba19ea9819e756654825fc2519df41a747230d00ca16ceca96ffd928584d5a0e26ef48e0
SSDEEP

12288:R0U+5oLYfiegd+1EdJyotgSIvpa+XU9oW6jUpH7IWdML:R0U+5oLYhSiouSIcoW6jU5Q

Score

1^/10

Malware Config

Signatures

Files

2024-08-07_aaec8845b7470075544a91d43d2effb5_mafia
.exe windows:5 windows x86 arch:x86

59792d95986390be4a28f475fdce25af

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/09/2017, 00:00

Not After

22/09/2020, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/09/2017, 00:00

Not After

22/09/2020, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:05:00:22:89:6d:0d:a5:af:8f:0d:45:a5:ca:e3:ff:db:c0:00:c8:f2:7b:26:eb:71:50:a6:f8:c7:a2:ed:21
Signer

Actual PE Digest

c3:05:00:22:89:6d:0d:a5:af:8f:0d:45:a5:ca:e3:ff:db:c0:00:c8:f2:7b:26:eb:71:50:a6:f8:c7:a2:ed:21

Digest Algorithm

sha256

PE Digest Matches

true

17:50:fc:b7:88:b2:50:8c:47:43:76:c0:90:39:21:0a:8f:b9:51:ac
Signer

Actual PE Digest

17:50:fc:b7:88:b2:50:8c:47:43:76:c0:90:39:21:0a:8f:b9:51:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\nsmsrc\nsm\1280\1280\ctl32\release_unicode\pcirisvr.pdb

Imports

comctl32

ord17

kernel32

GetPrivateProfileStringW
DeleteFileW
GetExitCodeProcess
CreateSemaphoreW
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
PulseEvent
InitializeCriticalSection
DeleteCriticalSection
CreateDirectoryW
TerminateProcess
CreateRemoteThread
DuplicateHandle
GetProfileStringW
FormatMessageW
WinExec
SizeofResource
FindResourceExW
EnumResourceLanguagesW
EnumResourceNamesW
Beep
VirtualQueryEx
RaiseException
GetFileAttributesW
GetSystemDefaultLangID
EnumResourceTypesW
GetSystemInfo
SetCurrentDirectoryW
GetCurrentDirectoryW
GetThreadContext
SuspendThread
GetExitCodeThread
OpenThread
IsBadReadPtr
InterlockedExchange
LoadLibraryA
WriteConsoleW
FlushFileBuffers
SetEndOfFile
SetUnhandledExceptionFilter
GetConsoleCP
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
FatalAppExitA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetStringTypeW
GetTimeZoneInformation
IsProcessorFeaturePresent
CreateFileA
ExpandEnvironmentStringsW
SetHandleCount
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetStdHandle
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapDestroy
HeapCreate
IsDebuggerPresent
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSetInformation
GetCommandLineW
DecodePointer
EncodePointer
HeapReAlloc
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
SetEnvironmentVariableA
ExitProcess
GetProcessTimes
GetSystemTimeAsFileTime
OutputDebugStringW
GetTempPathW
GetLocalTime
InterlockedIncrement
GetModuleHandleW
LocalAlloc
CreateFileMappingW
LocalFree
GetModuleFileNameW
GetTickCount
CreateEventW
GetCurrentThreadId
CreateThread
WaitForMultipleObjects
ResetEvent
OpenFileMappingW
GetLastError
MapViewOfFile
OpenProcess
OpenEventW
GetVersionExW
Sleep
WaitForSingleObject
UnmapViewOfFile
SetEvent
CloseHandle
GetCurrentProcess
CompareStringW
GetWindowsDirectoryW
FindFirstFileW
MoveFileExW
FindNextFileW
FindClose
lstrlenW
GetDateFormatW
GetTimeFormatW
CopyFileW
SetFilePointer
lstrcpyW
CreateProcessW
SetThreadPriority
GetCurrentThread
SetPriorityClass
ResumeThread
FindResourceW
LoadResource
LockResource
HeapFree
GetProcessHeap
HeapAlloc
CreateFileW
WriteFile
GlobalReAlloc
GetFileSize
ReadFile
GlobalLock
GlobalAlloc
GlobalUnlock
GetStartupInfoW
GlobalFree
GetVersion
GetCurrentProcessId
SetLastError
GetProcAddress
FreeLibrary
LoadLibraryW
GetConsoleMode

user32

SetMenuInfo
LoadBitmapW
SetMenuItemInfoW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMenuItemInfoW
CreatePopupMenu
InsertMenuItemW
GetMenuStringW
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetMenuInfo
SetRect
GetClassInfoW
RegisterClassW
LoadCursorW
ExitWindowsEx
GetThreadDesktop
SetThreadDesktop
LoadImageW
DestroyIcon
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
OpenDesktopW
EndDialog
SetDlgItemInt
GetKeyState
DeleteMenu
wsprintfW
FindWindowW
GetClassNameW
IsWindow
PostMessageW
SendMessageW
PostThreadMessageW
MessageBeep
SendDlgItemMessageW
SetDlgItemTextW
GetWindowLongW
SetWindowLongW
GetWindowRect
GetSystemMetrics
SetWindowPos
SystemParametersInfoW
SetForegroundWindow
GetDlgItem
EnableWindow
GetWindowThreadProcessId
DefWindowProcW
IsDialogMessageW
UpdateWindow
CreateWindowExW
ShowWindow
DestroyWindow
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
LoadStringW
GetWindowTextW
SetWindowTextW
GetSysColor
GetDC
ReleaseDC
wvsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
GetGuiResources
SetTimer
MessageBoxW
KillTimer
PeekMessageW
PostQuitMessage
EnumDesktopWindows

gdi32

CreateDIBSection
CreateFontIndirectW
StretchBlt
CreatePen
SetPixel
MoveToEx
LineTo
CreateDCW
ExtTextOutW
CreateBitmap
SetBkColor
SetTextColor
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
DeleteDC
GetDeviceCaps
GetObjectW
GetStockObject
SelectPalette
RealizePalette
GetDIBits
DeleteObject
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

InitializeSecurityDescriptor
GetUserNameW
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeleteService
RegCloseKey
RegSetValueExW
RegCreateKeyW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CreateServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
QueryServiceStatus
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
ControlService
RegDeleteValueW
DuplicateTokenEx
StartServiceW
CreateProcessAsUserW
SetTokenInformation
RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
FreeSid
AllocateAndInitializeSid

shell32

ExtractIconExW
SHGetFolderPathW

winmm

PlaySoundW
timeGetTime

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59792d95986390be4a28f475fdce25af

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6dCertificate

Extended Key Usages

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

c3:05:00:22:89:6d:0d:a5:af:8f:0d:45:a5:ca:e3:ff:db:c0:00:c8:f2:7b:26:eb:71:50:a6:f8:c7:a2:ed:21Signer

17:50:fc:b7:88:b2:50:8c:47:43:76:c0:90:39:21:0a:8f:b9:51:acSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

winmm

version

Sections

.text Size: 316KB - Virtual size: 315KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 240KB - Virtual size: 240KB

.reloc Size: 16KB - Virtual size: 15KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6d
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

c3:05:00:22:89:6d:0d:a5:af:8f:0d:45:a5:ca:e3:ff:db:c0:00:c8:f2:7b:26:eb:71:50:a6:f8:c7:a2:ed:21
Signer

17:50:fc:b7:88:b2:50:8c:47:43:76:c0:90:39:21:0a:8f:b9:51:ac
Signer

.text
Size: 316KB - Virtual size: 315KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 240KB - Virtual size: 240KB

.reloc
Size: 16KB - Virtual size: 15KB