2024-08-10_a7a3d1726b63946a893beb1bd5ce27be_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-10_a7a3d1726b63946a893beb1bd5ce27be_mafia
Size

347KB
MD5

a7a3d1726b63946a893beb1bd5ce27be
SHA1

b6be7fc662b841070d4d34b109752505e37f8467
SHA256

f4c1d1855cb13dd383d075b710626cd7c23cf80fe22ba8a22ee406a0ffcefae0
SHA512

fa6c4f2c394ae765910d16bcddfbbbacf4f1a497cd615078c7b634ec8246e86dfb0fb8846fde57671b4aeda87d5880269aa8ca132e8d6bc728877162e9cf49a2
SSDEEP

6144:IFTpTQ8Vkr9WfTTz2/qQniXue10mF2Lr92Q4QiJhMG83i4:IFJkr9W7Tz2/dniXug0mc9K/8y4

Score

1^/10

Malware Config

Signatures

Files

2024-08-10_a7a3d1726b63946a893beb1bd5ce27be_mafia
.exe windows:5 windows x86 arch:x86

79ad380e176f29a4ed088e922e8aa07b

Code Sign

0d:84:b3:2b:03:c9:1b:75:10:03:48:ac:ac:32:28:5f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/01/2016, 00:00

Not After

18/02/2019, 23:59

Subject

CN=Dell Inc.,O=Dell Inc.,L=Round Rock,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:6e:3d:7d:23:36:25:4d
Certificate

Issuer

CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Timestamp Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

40:0f:99:76:01:99:cd:c7:9f:59:ba:a8:57:53:29:a0:53:80:f3:71:0d:10:03:cd:53:d9:bc:4d:a5:ed:6b:a2
Signer

Actual PE Digest

40:0f:99:76:01:99:cd:c7:9f:59:ba:a8:57:53:29:a0:53:80:f3:71:0d:10:03:cd:53:d9:bc:4d:a5:ed:6b:a2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\CMAKE_OpenManage_850\BUILD_WIN32\HAPI-prefix\src\HAPI-build\out\RelWithDebInfo\dchcfg32.pdb

Imports

dchcfl32

HCFLGetSupportedSysType
HCFLGetSysType

ws2_32

WSAAddressToStringA
WSAStringToAddressA
WSAGetLastError
WSAStartup
WSACleanup
gethostbyname
inet_addr
inet_ntoa
gethostname

kernel32

GetDllDirectoryW
MultiByteToWideChar
FreeLibrary
GetProcAddress
GetVersionExW
GetCurrentProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
OpenMutexW
CreateSemaphoreW
ReleaseSemaphore
OpenSemaphoreW
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
CreateEventW
OpenEventW
SetEvent
ResetEvent
PulseEvent
GetLastError
GetComputerNameA
GetComputerNameExA
GetSystemDefaultLangID
GetACP
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentThread
LocalFree
lstrlenA
lstrcmpA
LocalAlloc
GetModuleHandleA
GetVersion
LoadLibraryA
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
SetConsoleCtrlHandler
GetCommandLineA
HeapSetInformation
HeapReAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
MoveFileA
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetDllDirectoryW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
RtlUnwind
IsProcessorFeaturePresent
WriteFile
GetConsoleCP
GetConsoleMode
FatalAppExitA
GetModuleHandleW
ExitProcess
SetCurrentDirectoryA
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
ReadFile
SetFilePointer
RaiseException
GetFileAttributesA
GetTimeZoneInformation
WriteConsoleW
InterlockedExchange
GetLocaleInfoW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
CreateFileW
HeapSize
LoadLibraryW
GetCurrentThreadId
Sleep
TerminateThread
CreateMutexW
CreateThread
CloseHandle
WaitForSingleObject
ReleaseMutex
ExpandEnvironmentStringsW
WideCharToMultiByte
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
DeleteFileA
SetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
GetCurrentDirectoryA
TerminateProcess
TlsAlloc

user32

GetSystemMetrics
ExitWindowsEx
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
CloseWindowStation
SetThreadDesktop
EnumDesktopWindows
CloseDesktop
PostMessageW

advapi32

LookupPrivilegeValueW
InitiateSystemShutdownW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
FreeSid
RegOpenKeyA
RegQueryValueExA
GetLengthSid
AllocateAndInitializeSid
AddAccessAllowedAce
IsValidSid
GetTokenInformation
OpenThreadToken
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
CheckTokenMembership
InitializeAcl
InitializeSecurityDescriptor
AdjustTokenPrivileges

Sections

.text
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79ad380e176f29a4ed088e922e8aa07b

Code Sign

0d:84:b3:2b:03:c9:1b:75:10:03:48:ac:ac:32:28:5fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

3c:6e:3d:7d:23:36:25:4dCertificate

Extended Key Usages

Key Usages

40:0f:99:76:01:99:cd:c7:9f:59:ba:a8:57:53:29:a0:53:80:f3:71:0d:10:03:cd:53:d9:bc:4d:a5:ed:6b:a2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dchcfl32

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 286KB - Virtual size: 286KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 7KB - Virtual size: 16KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

0d:84:b3:2b:03:c9:1b:75:10:03:48:ac:ac:32:28:5f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

3c:6e:3d:7d:23:36:25:4d
Certificate

40:0f:99:76:01:99:cd:c7:9f:59:ba:a8:57:53:29:a0:53:80:f3:71:0d:10:03:cd:53:d9:bc:4d:a5:ed:6b:a2
Signer

.text
Size: 286KB - Virtual size: 286KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 7KB - Virtual size: 16KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB