2024-08-25_b09c95da42bef56442b599edb1d97283_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-25_b09c95da42bef56442b599edb1d97283_mafia
Size

8.2MB
MD5

b09c95da42bef56442b599edb1d97283
SHA1

adfbeca04e7ddbfdfab0b3e43a4ab3fb7226b7f8
SHA256

0592ccf2504ece3c2c9245e7fdd4d03f4f0353a4a5e74cfa49952a1f6e329e8f
SHA512

f3634878d63d09db9c40207b883d1439f45efe3536a6835ca078f7b8ffb85c5420d86771d748fdc0e7788c3fe66077717d9df241c13e6f85464bfd7d18b53da0
SSDEEP

196608:na0vvN3x9OLIiOK8A+zZd3j85rbz0lHU3zOtlZLwWtt3S2:VN3+LY7inz0MzOrZLnHV

Score

1^/10

Malware Config

Signatures

Files

2024-08-25_b09c95da42bef56442b599edb1d97283_mafia
.exe windows:5 windows x86 arch:x86

105af2ed419867b87674c1daf7f06203

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:61:b6:12:a8:5d:2f:be:c8:45:82:38:27:79:44:fc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2014 00:00

Not After

22-12-2017 23:59

Subject

CN=福建创意嘉和软件有限公司,OU=运维中心,O=福建创意嘉和软件有限公司,L=福州,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:57:a7:56:7a:d4:a0:c3:e0:08:8b:c9:ab:3e:85:e1:7e:6e:99:92
Signer

Actual PE Digest

5e:57:a7:56:7a:d4:a0:c3:e0:08:8b:c9:ab:3e:85:e1:7e:6e:99:92

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\qm\branches\V-2014-03\output\mymacro_free.pdb

Imports

kernel32

LCMapStringW
GetTimeZoneInformation
IsProcessorFeaturePresent
GetStringTypeW
GetLocaleInfoW
SetHandleCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CompareStringW
WriteConsoleW
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
CreateWaitableTimerA
HeapCreate
IsValidCodePage
IsDebuggerPresent
lstrcatA
WinExec
InterlockedCompareExchange
ResetEvent
OutputDebugStringA
SetFilePointerEx
MapViewOfFileEx
SwitchToThread
WaitForMultipleObjects
ReleaseSemaphore
CreateSemaphoreA
GetEnvironmentVariableA
GetProcessId
CreateMutexA
ReleaseMutex
OpenEventA
FindResourceExA
GetLocalTime
GetConsoleMode
GetConsoleCP
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapQueryInformation
HeapSize
GetFileType
SetStdHandle
CreateThread
ExitThread
RaiseException
RtlUnwind
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
GetDateFormatA
GetTimeFormatA
VirtualQuery
VirtualAlloc
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathA
GetProfileIntA
GetNumberFormatA
GetCurrentDirectoryA
GetACP
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
GetFileTime
GetFileSizeEx
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
SystemTimeToFileTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
GetModuleHandleW
InterlockedExchange
lstrcpyA
GetSystemDirectoryW
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
SuspendThread
ResumeThread
SetThreadPriority
InterlockedIncrement
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
ActivateActCtx
DeactivateActCtx
CreateFileA
lstrcmpiA
GetThreadLocale
lstrcmpA
SetLastError
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
SetEvent
CreateEventA
GetSystemInfo
GetCurrentProcess
SetPriorityClass
Sleep
MoveFileA
GetCurrentProcessId
WritePrivateProfileStringA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FindResourceA
SetCurrentDirectoryA
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringA
GetModuleHandleA
GetPrivateProfileIntA
GetTempFileNameA
InitializeCriticalSection
GetFileAttributesA
DeleteCriticalSection
CompareStringA
WaitForSingleObject
CreateProcessA
CreateDirectoryA
MoveFileExA
SetFileAttributesA
WideCharToMultiByte
IsBadReadPtr
GetTickCount
lstrlenA
CloseHandle
OpenProcess
TerminateProcess
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
MultiByteToWideChar
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
DeleteFileA
CopyFileA
GetModuleFileNameA
FindResourceW
LoadResource
LockResource
SizeofResource
SetWaitableTimer

user32

SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
GetMessageA
TranslateMessage
GetCursorPos
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadImageA
DestroyIcon
SetCursor
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
IntersectRect
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CharNextA
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
EnumDisplayMonitors
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
SetWindowRgn
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
ValidateRect
UpdateWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DestroyAcceleratorTable
WindowFromPoint
NotifyWinEvent
ScreenToClient
DeferWindowPos
GetAsyncKeyState
SetClassLongA
SendMessageA
LoadStringA
LoadMenuW
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
PtInRect
GetWindow
MapVirtualKeyA
GetKeyNameTextA
DestroyMenu
GetMenuItemInfoA
UnhookWindowsHookEx
CharUpperA
GetMenuState
SetLayeredWindowAttributes
LoadCursorW
LoadCursorA
GetSysColorBrush
DrawFocusRect
GetNextDlgGroupItem
DrawIconEx
CopyImage
GetIconInfo
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
WaitMessage
MessageBeep
ShowOwnedPopups
UnregisterClassA
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
PostQuitMessage
OffsetRect
DrawIcon
GetSystemMetrics
IsIconic
RealChildWindowFromPoint
DeleteMenu
GetSystemMenu
SetParent
UnionRect
GetWindowTextA
IsZoomed
GetSubMenu
SetCaretPos
ChildWindowFromPointEx
RegisterClassExA
CopyRect
EqualRect
EnableWindow
GetSysColor
InvalidateRect
FillRect
DrawEdge
DrawTextA
GetKeyState
GetClientRect
GetWindowRect
IsWindowVisible
GetDesktopWindow
PostMessageA
SetTimer
KillTimer
SystemParametersInfoA
OpenClipboard
SetWindowPos
IsWindow
GetParent
RedrawWindow
SetForegroundWindow
ReleaseDC
GetDC
GetWindowLongA
InflateRect
LoadIconW
DrawStateA
DrawFrameControl
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetCursorPos
LockWindowUpdate
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
CharUpperBuffA
CopyIcon
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
HideCaret
InvertRect
GetMenuDefaultItem
PostThreadMessageA
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
MapWindowPoints

gdi32

GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
GetBkColor
GetTextColor
CreateCompatibleBitmap
GetRgnBox
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
SetRectRgn
SetTextAlign
GetMapMode
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
OffsetRgn
RoundRect
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
PatBlt
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateDCA
CopyMetaFileA
SelectObject
GetTextExtentPoint32A
GetObjectA
GetStockObject
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CombineRgn
GetClipBox
CreateRectRgnIndirect

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegOpenKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetFileInfoA
DragFinish
DragQueryFileA
SHGetDesktopFolder
SHAppBarMessage
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

comctl32

ImageList_GetIconSize
InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathIsUNCA
UrlUnescapeA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW

ole32

OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CoUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoInitialize
CoCreateInstance
CoInitializeEx
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleUninitialize

oleaut32

VariantChangeType
SysAllocStringLen
OleCreateFontIndirect
SystemTimeToVariantTime
SysStringLen
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
VariantInit
VarBstrFromDate
SysAllocString
VariantTimeToSystemTime
VarDateFromStr
VariantClear
SysFreeString

oledlg

ord8

urlmon

URLDownloadToFileA

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipDrawImageI
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImagePalette
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipFillPath
GdipCreatePathGradientFromPath
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipCreateHBITMAPFromBitmap
GdipSetPathGradientPresetBlend
GdipDeletePath
GdipCreatePath
GdipCloneBrush
GdipCreateFont
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipCreateBitmapFromHBITMAP
GdipSetClipRectI
GdipDisposeImage
GdipDeleteGraphics

ws2_32

WSAStartup
WSACleanup
gethostbyname
WSASetLastError

dbghelp

MakeSureDirectoryPathExists

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetOpenUrlA
InternetQueryDataAvailable
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetConnectedState
InternetCloseHandle

winmm

PlaySoundA

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

uxtheme

DrawThemeParentBackground

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

105af2ed419867b87674c1daf7f06203

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

06:61:b6:12:a8:5d:2f:be:c8:45:82:38:27:79:44:fcCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5e:57:a7:56:7a:d4:a0:c3:e0:08:8b:c9:ab:3e:85:e1:7e:6e:99:92Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

gdiplus

ws2_32

dbghelp

wininet

winmm

oleacc

imm32

uxtheme

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 465KB - Virtual size: 464KB

.data Size: 49KB - Virtual size: 87KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 231KB - Virtual size: 230KB

.reloc Size: 253KB - Virtual size: 252KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

06:61:b6:12:a8:5d:2f:be:c8:45:82:38:27:79:44:fc
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5e:57:a7:56:7a:d4:a0:c3:e0:08:8b:c9:ab:3e:85:e1:7e:6e:99:92
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 465KB - Virtual size: 464KB

.data
Size: 49KB - Virtual size: 87KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 231KB - Virtual size: 230KB

.reloc
Size: 253KB - Virtual size: 252KB