2024-08-29_d0e31209e15cfedd3ac628a3a56fec58_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-29_d0e31209e15cfedd3ac628a3a56fec58_mafia
Size

1.8MB
MD5

d0e31209e15cfedd3ac628a3a56fec58
SHA1

a7548e59796eb2807f96900a09993677818a39aa
SHA256

561e0aef6909de08c8f275df6c06ca4327311527afbe0cf00c829468c69e16d2
SHA512

dbe080214c8dc03d6cea449a6e80fbb11403c0ae7af7d06cf7255490650a9ddf112eda7c4836333a6f4eb9ed2d3232c2f1509a0daa2396d3f1a332439b54d2ab
SSDEEP

49152:JlPlmMzVEE7waIx/QrgAZDu3ECAQAMiZf/mSsJzgFCqDi820p4ySJjHowa:JiMz+MwaIx/mgAZDnCDAMiZf/m5V+M8R

Score

1^/10

Malware Config

Signatures

Files

2024-08-29_d0e31209e15cfedd3ac628a3a56fec58_mafia
.exe windows:5 windows x86 arch:x86

f2592869327a5ee0d9810a0a09cf6260

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:9d:7b:60:2c:44:91:d8:0e:6b:14:ec:47:d9:cb:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/03/2013, 00:00

Not After

24/06/2016, 23:59

Subject

CN=Hang Zhou H3C Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=H3C Support,O=Hang Zhou H3C Technologies Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:ce:33:99:73:cd:46:13:7f:33:f7:ef:b0:70:13:79:a6:90:e7:9b
Signer

Actual PE Digest

0f:ce:33:99:73:cd:46:13:7f:33:f7:ef:b0:70:13:79:a6:90:e7:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace\br_bugfix_PC_V7R3B03D019\inode\client\DAM\Release\DamAgentTray.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetEnvironmentStringsW
QueryPerformanceCounter
CompareStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleW
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameA
CloseHandle
GetCurrentThreadId
WriteFile
SetFilePointer
GetLastError
DeleteFileA
SetFileAttributesA
FindNextFileA
CreateFileA
FindClose
FindFirstFileA
GetLocalTime
CreateDirectoryA
WaitForSingleObject
ReleaseMutex
WritePrivateProfileStringA
GetCurrentProcessId
GetPrivateProfileIntA
GetPrivateProfileStringA
GetUserDefaultUILanguage
SizeofResource
LockResource
LoadResource
FindResourceW
WideCharToMultiByte
CreateEventA
SetEvent
Sleep
GetTickCount
CreateMutexA
MultiByteToWideChar
lstrcpynA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
lstrlenA
GetFileAttributesExA
ReadFile
CopyFileA
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
FreeResource
FindResourceA
GlobalFree
GlobalUnlock
GlobalLock
lstrcmpW
SetLastError
DeactivateActCtx
ActivateActCtx
LoadLibraryA
LoadLibraryW
CompareStringA
FreeLibrary
GetVersionExA
FreeEnvironmentStringsW
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
CreateActCtxW
ReleaseActCtx
GetModuleFileNameW
InterlockedDecrement
SetThreadPriority
ResumeThread
MulDiv
lstrlenW
LocalFree
FormatMessageA
GlobalAlloc
GlobalSize
GetModuleHandleW
lstrcmpA
InterlockedExchange
GetLocaleInfoA
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetCurrentThread
GlobalFlags
GetACP
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
SetErrorMode
GetThreadLocale
FileTimeToSystemTime
GetCurrentDirectoryA
lstrcpyA
lstrcmpiA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetWindowsDirectoryA
GetNumberFormatA
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetTempFileNameA
GetTempPathA
InitializeCriticalSectionAndSpinCount
GetProfileIntA
SearchPathA
VirtualProtect
FindResourceExW
RaiseException
RtlUnwind
ExitThread
CreateThread
GetStringTypeW
EncodePointer
DecodePointer
HeapCreate
GlobalDeleteAtom
LCMapStringW
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
HeapQueryInformation
HeapSize
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsValidCodePage
SetHandleCount
EnterCriticalSection
GetStdHandle

user32

GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
OffsetRect
CharNextA
CharUpperA
WaitMessage
ReleaseCapture
SetCapture
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
DeleteMenu
IntersectRect
InvalidateRect
SetRectEmpty
UnregisterClassA
LoadCursorA
MessageBeep
RedrawWindow
GetMenuDefaultItem
CreatePopupMenu
GetSysColorBrush
WindowFromPoint
MapVirtualKeyA
GetKeyNameTextA
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SetCursor
PostQuitMessage
AppendMenuA
InsertMenuA
RemoveMenu
GetAsyncKeyState
InvertRect
EndPaint
BeginPaint
GetWindowDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuStringA
GetMenuItemInfoA
InflateRect
GetMessageA
TranslateMessage
ValidateRect
ShowWindow
MoveWindow
SetWindowTextA
SetDlgItemTextA
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
CheckMenuItem
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
GetWindowRgn
DestroyCursor
DrawFocusRect
SubtractRect
GetDoubleClickTime
CharUpperBuffA
CopyIcon
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
PostThreadMessageA
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExA
IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
RegisterClipboardFormatA
LockWindowUpdate
HideCaret
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawEdge
DrawStateA
GetSystemMenu
SetClassLongA
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
DrawIconEx
LoadImageA
CopyImage
GetIconInfo
NotifyWinEvent
ReleaseDC
EnableScrollBar
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
PostMessageA
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetWindowRect
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
GetParent
GetNextDlgTabItem
EndDialog
ScreenToClient
MessageBoxA
DestroyIcon
RegisterWindowMessageA
GetCursorPos
DestroyMenu
SetFocus
GetSystemMetrics
IsWindowEnabled
IsWindowVisible
LoadIconW
GetClientRect
IsIconic
SendMessageA
LoadMenuW
ModifyMenuA
GetSubMenu
EnableMenuItem
DrawIcon
IsWindow
GetForegroundWindow
GetWindowThreadProcessId
SystemParametersInfoA
AttachThreadInput
AllowSetForegroundWindow
SetWindowsHookExA
UnhookWindowsHookEx
IsDialogMessageA
CallNextHookEx
SetForegroundWindow
KillTimer
SetTimer
EnableWindow
RealChildWindowFromPoint
SetCursorPos

advapi32

GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegEnumValueA

ole32

DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoInitializeEx
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterMessageFilter
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CreateILockBytesOnHGlobal

shell32

SHAppBarMessage
SHBrowseForFolderA
DragQueryFileA
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetFileInfoA
ShellExecuteA
Shell_NotifyIconA

oleaut32

SysAllocString
OleCreateFontIndirect
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW

gdi32

SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
OffsetWindowOrgEx
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceA
ScaleWindowExtEx
SetWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
SelectPalette
GetStockObject
GetObjectType
GetDeviceCaps
CreatePen
CreateSolidBrush
CreateHatchBrush
CopyMetaFileA
CreateDCA
CreateRectRgnIndirect
PatBlt
GetTextMetricsA
CombineRgn
GetMapMode
DPtoLP
EnumFontFamiliesA
CreateDIBitmap
SetRectRgn
CreateCompatibleBitmap

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ImageList_GetIconSize
InitCommonControlsEx

oledlg

ord8

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipDrawImageRectI

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2592869327a5ee0d9810a0a09cf6260

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

41:9d:7b:60:2c:44:91:d8:0e:6b:14:ec:47:d9:cb:a3Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0f:ce:33:99:73:cd:46:13:7f:33:f7:ef:b0:70:13:79:a6:90:e7:9bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

msimg32

comdlg32

winspool.drv

comctl32

oledlg

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 284KB - Virtual size: 284KB

.data Size: 25KB - Virtual size: 159KB

.rsrc Size: 63KB - Virtual size: 62KB

.reloc Size: 171KB - Virtual size: 170KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

41:9d:7b:60:2c:44:91:d8:0e:6b:14:ec:47:d9:cb:a3
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0f:ce:33:99:73:cd:46:13:7f:33:f7:ef:b0:70:13:79:a6:90:e7:9b
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 284KB - Virtual size: 284KB

.data
Size: 25KB - Virtual size: 159KB

.rsrc
Size: 63KB - Virtual size: 62KB

.reloc
Size: 171KB - Virtual size: 170KB