2024-09-01_147c2884571a8e80803d79cec71fc207_mafia_saber

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-01_147c2884571a8e80803d79cec71fc207_mafia_saber
Size

290KB
MD5

147c2884571a8e80803d79cec71fc207
SHA1

2e5277955ea9c7405b3390132093dc8e8440ec95
SHA256

1b90d048c3ec4aa3cd2198342f73904e35f4abf8022dc043238933d562b5e503
SHA512

01c78f5d16b653d650f5a0bd93230fe734d5addc617a59240e29df3f8b08d38ebf02f49fb6a79c797f72003cc7ee9b166c5e39faadde27e4783b651717d6544f
SSDEEP

6144:1TQTddkbhVL/NwmZF0AMnKOgXRrIrwWeBFusaPhOL:1mkbjJZFNMKjlIr8FuxE

Score

1^/10

Malware Config

Signatures

Files

2024-09-01_147c2884571a8e80803d79cec71fc207_mafia_saber
.exe windows:5 windows x86 arch:x86

2ff29c6acbf88198da0e7f0c51ecfff1

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:a5:11:a5:65:dc:10:22:cc:d7:ba:41:e2:e4:18:fe:65
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25/06/2012, 09:04

Not After

26/06/2015, 09:04

Subject

CN=337 Technology Limited,O=337 Technology Limited,L=香港,ST=香港,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:45:d6:3c:b4:3a:b9:2e:37:84:7c:78:41:84:f0:2a:a0:48:d1:f2
Signer

Actual PE Digest

bb:45:d6:3c:b4:3a:b9:2e:37:84:7c:78:41:84:f0:2a:a0:48:d1:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Build\ecyber\trunk\sc\bin.32\deskdl.pdb

Imports

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW

shlwapi

PathAppendW
PathFileExistsW

kernel32

ResetEvent
OpenEventA
WaitForSingleObject
WriteConsoleW
CreateEventA
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
SetEvent
CreateFileW
MoveFileExW
DeleteFileW
LoadLibraryW
GetProcAddress
Sleep
CreateMutexW
CreateDirectoryW
GetLastError
GetFileSize
ReadFile
ResumeThread
WriteFile
CopyFileW
WaitNamedPipeW
SetNamedPipeHandleState
SetFilePointer
SystemTimeToFileTime
GetCurrentDirectoryW
MultiByteToWideChar
LocalFileTimeToFileTime
WideCharToMultiByte
GetFileAttributesW
SetFileTime
FileTimeToSystemTime
GetFileInformationByHandle
UnmapViewOfFile
GetTickCount
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
ExitThread
FileTimeToLocalFileTime
GetTimeZoneInformation
SetEndOfFile
SetStdHandle
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindClose
CreateThread
GetDriveTypeW
FindFirstFileExW
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetFullPathNameW
PeekNamedPipe
GetFileType
HeapSize
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc

user32

wsprintfW

advapi32

RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ff29c6acbf88198da0e7f0c51ecfff1

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

11:21:a5:11:a5:65:dc:10:22:cc:d7:ba:41:e2:e4:18:fe:65Certificate

Extended Key Usages

Key Usages

bb:45:d6:3c:b4:3a:b9:2e:37:84:7c:78:41:84:f0:2a:a0:48:d1:f2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 190KB - Virtual size: 190KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 9KB - Virtual size: 18KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 17KB - Virtual size: 17KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

11:21:a5:11:a5:65:dc:10:22:cc:d7:ba:41:e2:e4:18:fe:65
Certificate

bb:45:d6:3c:b4:3a:b9:2e:37:84:7c:78:41:84:f0:2a:a0:48:d1:f2
Signer

.text
Size: 190KB - Virtual size: 190KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 9KB - Virtual size: 18KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 17KB - Virtual size: 17KB