2024-08-09_fca0230d996a832ff9b476d84ebea89f_mafia_saber

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-09_fca0230d996a832ff9b476d84ebea89f_mafia_saber
Size

1.5MB
MD5

fca0230d996a832ff9b476d84ebea89f
SHA1

1f5a6d56812ab9298510eb6ba7f89089749bf23d
SHA256

844ad7422d543ba7234d86be7ec97e8b2afa5f78466bea5c2c9ed34b1386b53b
SHA512

76291b8cc29dc0d7847b2164049009bc8b435a249e67cdd3a333b3f493dee14e3e80c500412a6a526cd1f17d23c97df317a1e6fac01e649245bc9f19d8a84865
SSDEEP

24576:XbL7CcIbsFhixkUBrqovDvBsb+iidhwSTg/Nt:Rbif5iidaSTg/T

Score

1^/10

Malware Config

Signatures

Files

2024-08-09_fca0230d996a832ff9b476d84ebea89f_mafia_saber
.exe windows:5 windows x86 arch:x86

a0445f5b5d701c280a2e4dd6430fe6bb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:6d:f8:a7
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2012, 01:00

Not After

08/08/2027, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:53:f5:e1:43:79:37
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

11/07/2012, 15:27

Not After

16/07/2015, 09:16

Subject

CN=WOODTALE TECHNOLOGY INC,O=WOODTALE TECHNOLOGY INC,L=Wilmington,ST=Delaware,C=US,1.2.840.113549.1.9.1=#0c16696e666f40776f6f6474616c656d656469612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:62:80:9d:e5:de:e9:9f:9c:3b:8d:28:79:65:ff:5f:2e:88:d6:a8
Signer

Actual PE Digest

6f:62:80:9d:e5:de:e9:9f:9c:3b:8d:28:79:65:ff:5f:2e:88:d6:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Build\ecyber\trunk\sc\bin.32\eInstall.pdb

Imports

shlwapi

PathAppendW
PathIsURLW
SHGetValueW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsDirectoryW
PathIsRelativeW
PathFindExtensionW
PathFindFileNameW
PathRenameExtensionW
PathFileExistsW
PathCombineW
SHDeleteKeyW

kernel32

GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
GetProcessHeap
HeapFree
TlsSetValue
OpenEventA
TlsGetValue
DecodePointer
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
GetCommandLineW
HeapSetInformation
GetStartupInfoW
SetEndOfFile
ExitProcess
TlsFree
TlsAlloc
GetProfileIntW
GlobalSize
GlobalUnlock
GlobalLock
InterlockedIncrement
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFileAttributesW
SetFilePointer
SetFileAttributesW
GetFileSize
lstrlenA
WriteFile
SetNamedPipeHandleState
WaitNamedPipeW
ReadFile
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
lstrcmpiW
Process32NextW
Process32FirstW
GlobalFree
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileSectionW
DebugBreak
MulDiv
HeapDestroy
CreateProcessW
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
CreateMutexW
HeapReAlloc
HeapSize
VirtualProtect
RaiseException
CreateEventW
GetCurrentThreadId
WaitForSingleObject
InterlockedExchange
ResumeThread
InitializeCriticalSectionAndSpinCount
CreateThread
TerminateThread
ResetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
CreateDirectoryW
GetModuleFileNameW
GetSystemInfo
GetVersionExW
GetModuleHandleW
GetCurrentProcess
CreateFileW
InterlockedDecrement
LocalFree
GetSystemDefaultLCID
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CopyFileW
OutputDebugStringW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
MoveFileW
GetWindowsDirectoryW
DeleteFileW
SetEvent
CloseHandle
CreateEventA
GetLastError
FormatMessageA
SetEnvironmentVariableA
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
QueryPerformanceCounter
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetLastError
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
ExitThread
CompareStringW
GetCPInfo
LCMapStringW
RtlUnwind
VirtualQuery
SystemTimeToFileTime

user32

TrackMouseEvent
SetWindowTextW
FrameRect
DrawFocusRect
SendMessageW
FindWindowW
GetWindowThreadProcessId
GetWindowRect
ShowWindow
FillRect
PeekMessageW
GetCapture
ScreenToClient
MoveWindow
ExitWindowsEx
EndPaint
GetSystemMetrics
MonitorFromWindow
GetMonitorInfoW
SystemParametersInfoW
IsIconic
GetParent
RegisterClassW
DestroyWindow
PostMessageW
CreateWindowExW
DefWindowProcW
BeginPaint
DrawTextW
CopyImage
MapWindowPoints
ReleaseDC
UpdateLayeredWindow
SetWindowRgn
GetUpdateRect
CallWindowProcW
ReleaseCapture
SetCapture
GetPropW
SetPropW
GetLastActivePopup
CreateAcceleratorTableW
GetWindowRgn
GetForegroundWindow
ClientToScreen
GetDesktopWindow
GetWindowLongW
SetWindowLongW
GetCursorPos
GetFocus
IsChild
wvsprintfW
CopyRect
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
EqualRect
InflateRect
OffsetRect
IntersectRect
UnionRect
CharLowerW
CharNextW
GetKeyState
SetCursor
LoadCursorW
InvalidateRect
CreateCaret
ShowCaret
HideCaret
SetCaretPos
SetTimer
KillTimer
GetSysColor
SetWindowPos
IsWindow
GetWindow
GetWindowTextW
WindowFromPoint
RegisterClipboardFormatW
InvalidateRgn
GetClientRect
GetDC
GetClassInfoExW
RegisterClassExW
EnableWindow
GetMessageW
SetFocus
TranslateMessage
DispatchMessageW
PostQuitMessage

gdi32

SetDIBits
CreatePatternBrush
CreatePen
EnumFontFamiliesW
CreateFontW
SetStretchBltMode
StretchBlt
SelectClipRgn
OffsetClipRgn
LineTo
ArcTo
GetStockObject
Rectangle
Ellipse
Polygon
Polyline
SetGraphicsMode
FillRgn
FrameRgn
GetRgnBox
CopyMetaFileW
PtInRegion
CreateCompatibleBitmap
DeleteDC
GetObjectA
RestoreDC
SaveDC
GetClipBox
MoveToEx
GetCharABCWidthsW
GetTextExtentPoint32W
GetDIBits
CreateRectRgn
CreateRoundRectRgn
OffsetRgn
SetWindowOrgEx
BitBlt
CombineRgn
CreateRectRgnIndirect
GetPixel
CreateDIBSection
SetBkMode
CreateCompatibleDC
GetDeviceCaps
GetObjectW
AddFontResourceW
SetPixel
CreateSolidBrush
SetWorldTransform
SelectObject
DeleteObject
SetTextColor

advapi32

RegCreateKeyW
SetNamedSecurityInfoW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
CloseServiceHandle
DeleteService
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW

shell32

SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW
SHGetFolderPathW
ord165
SHGetFolderPathAndSubDirW
ord680
SHAddToRecentDocs
SHFileOperationW
ord43
CommandLineToArgvW

ole32

CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
IIDFromString
DoDragDrop
OleLockRunning
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CLSIDFromString
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeSecurity
OleRun

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
SysAllocStringLen
VariantCopy
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
DispCallFunc
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
GetErrorInfo
LoadTypeLi

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
HttpSendRequestW

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipResetWorldTransform
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectWithAngleI
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipFillEllipseI
GdipDrawString
GdipMeasureString
GdipDrawImageI
GdipTranslateWorldTransform
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipLoadImageFromStream
GdipSaveImageToStream
GdipGetImageFlags
GdipImageGetFrameDimensionsCount
GdipRotateWorldTransform
GdipDrawLines
GdipDrawLineI
GdipFillRectangleI
GdipGraphicsClear
GdipDrawEllipseI
GdipDrawImageRectRectI
GdipDrawRectangleI
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePixelFormat
GdiplusShutdown

winmm

timeKillEvent
timeSetEvent

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACleanup

urlmon

UrlMkGetSessionOption

comctl32

ord17

Sections

.text
Size: 1022KB - Virtual size: 1022KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0445f5b5d701c280a2e4dd6430fe6bb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:6d:f8:a7Certificate

Key Usages

04:53:f5:e1:43:79:37Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

6f:62:80:9d:e5:de:e9:9f:9c:3b:8d:28:79:65:ff:5f:2e:88:d6:a8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

msimg32

gdiplus

winmm

ws2_32

urlmon

comctl32

Sections

.text Size: 1022KB - Virtual size: 1022KB

.rdata Size: 336KB - Virtual size: 335KB

.data Size: 32KB - Virtual size: 51KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 92KB - Virtual size: 92KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:6d:f8:a7
Certificate

04:53:f5:e1:43:79:37
Certificate

3d
Certificate

6f:62:80:9d:e5:de:e9:9f:9c:3b:8d:28:79:65:ff:5f:2e:88:d6:a8
Signer

.text
Size: 1022KB - Virtual size: 1022KB

.rdata
Size: 336KB - Virtual size: 335KB

.data
Size: 32KB - Virtual size: 51KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 92KB - Virtual size: 92KB