2024-09-01_8353394b6632bf3e5143c820d68cb6b3_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-01_8353394b6632bf3e5143c820d68cb6b3_mafia
Size

2.0MB
MD5

8353394b6632bf3e5143c820d68cb6b3
SHA1

0c1191bb2b144b2fdbf0f0b85da0d2b277afbc4b
SHA256

a30a5c903eda7711aabff10e8bb57e9a04927d9a1e8c41895fd4754070f8b2c3
SHA512

6332e3ff3f9b88d25b1aea1b2c0bddbe77258def6e12868b556594c16153e4e37a98ec3044e7f4c6439ca19a1b327df8a33266b4a5a862d32813b73d391178ac
SSDEEP

24576:5wTqNyQ4VbtTS5zkLpQfuH8ulSeSQpUE/WxLM7wV/1mDZdnGDUON50YDFyNQCC3B:5wTqNyQ4VbtTSTwUSWxVQ1dGAA0YDFPz

Score

1^/10

Malware Config

Signatures

Files

2024-09-01_8353394b6632bf3e5143c820d68cb6b3_mafia
.exe windows:5 windows x86 arch:x86

a7500c3c0e882925ed4d73d92c065a24

Code Sign

35:f5:7a:dd:ef:00:15:e6:fe:be:6a:e2:71:0d:48:73
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/02/2015, 00:00

Not After

14/03/2017, 23:59

Subject

CN=Lavasoft Limited,O=Lavasoft Limited,L=Sliema,ST=Malta,C=MT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:3e:52:5b:20:76:69:cc:56:07:48:93:48:8d:55:49:4c:10:2a:0e
Signer

Actual PE Digest

bf:3e:52:5b:20:76:69:cc:56:07:48:93:48:8d:55:49:4c:10:2a:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\buildbot\slaves\ad_aware_antivirus\ad_aware_antivirus\build\_build\bin\Win32\Release\AdAwareWebInstaller.pdb

Imports

ws2_32

setsockopt
WSAIoctl
send
recv
getsockname
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
gethostname
listen
ioctlsocket
select
WSACleanup

shell32

SHGetFolderPathW
CommandLineToArgvW

advapi32

CryptCreateHash
CryptHashData
CryptReleaseContext
RegCreateKeyExW
RegCloseKey
RegSetValueExW
CryptDestroyHash
CryptGetHashParam
CryptAcquireContextA

kernel32

CopyFileW
GetModuleFileNameW
TlsGetValue
InitializeCriticalSection
TlsSetValue
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
GetCurrentProcessId
GetCommandLineW
FindResourceW
LoadResource
GlobalLock
GlobalAlloc
SizeofResource
GlobalUnlock
GlobalFree
LockResource
lstrlenA
WaitForSingleObject
WideCharToMultiByte
GetProcessHeap
HeapAlloc
CreateEventA
HeapFree
SetEvent
MultiByteToWideChar
lstrlenW
GetLastError
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetProcAddress
EndUpdateResourceW
BeginUpdateResourceW
UpdateResourceW
MapViewOfFile
ExitProcess
WriteFile
CreateFileW
GetFileSizeEx
CreateFileMappingW
GetDriveTypeA
FormatMessageA
FormatMessageW
LocalFree
LocalAlloc
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetProcessTimes
CreateMutexW
CreateDirectoryW
GetFileInformationByHandle
GetCurrentDirectoryW
GetFileAttributesW
DeviceIoControl
DeleteFileW
RemoveDirectoryW
FindClose
SetEndOfFile
GetLocaleInfoW
Sleep
DecodePointer
EncodePointer
GetStringTypeW
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
RaiseException
LoadLibraryA
SetLastError
AreFileApisANSI
GetTempPathW
GetModuleHandleA
GetVersionExW
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
ExitThread
InterlockedExchange
HeapSetInformation
FreeLibrary
GetCPInfo
HeapSize
HeapReAlloc
GetFullPathNameA
UnmapViewOfFile
GetDriveTypeW
GetStartupInfoW
ReadFile
RtlUnwind
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoA
SleepEx
LCMapStringA
GetStringTypeExW
GetStringTypeExA
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjectsEx
SystemTimeToFileTime
ResumeThread
ResetEvent
OpenEventA
WaitForSingleObjectEx
ReleaseSemaphore
SetEnvironmentVariableA
CreateFileA
LCMapStringW
GetTimeFormatA
GetDateFormatA
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapDestroy
HeapCreate
GetFileType
SetHandleCount
GetStdHandle
TlsFree
LoadLibraryW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
IsDebuggerPresent

user32

LoadStringA
SendMessageW
ReleaseCapture
DispatchMessageW
DefWindowProcW
LoadStringW
GetWindowRect
GetParent
GetClientRect
MonitorFromWindow
SetWindowPos
MapWindowPoints
GetMonitorInfoW
GetWindow
SetCursor
UpdateLayeredWindow
ScreenToClient
GetMessageW
PostQuitMessage
PostMessageW
LoadCursorW
GetDC
TranslateMessage
RegisterClassExW
LoadIconW
GetWindowLongW
ReleaseDC
SetWindowLongW
GetCursorPos
ShowWindow
GetSysColorBrush
CreateWindowExW

gdi32

CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
DeleteDC

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
VariantCopy

gdiplus

GdipCreateBitmapFromStream
GdiplusShutdown
GdipGetImageWidth
GdipCreatePath
GdipFillRectangleI
GdipFillPath
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipDeletePath
GdipDisposeImage
GdipAlloc
GdipCreateSolidFill
GdipDeleteFontFamily
GdipSetSmoothingMode
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageHeight
GdipCloneBrush
GdipFree
GdipDeleteBrush
GdipCloneImage
GdipAddPathStringI
GdiplusStartup

wininet

InternetSetOptionW
HttpQueryInfoW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
InternetCloseHandle

wldap32

ord301
ord41
ord27
ord33
ord200
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord46

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7500c3c0e882925ed4d73d92c065a24

Code Sign

35:f5:7a:dd:ef:00:15:e6:fe:be:6a:e2:71:0d:48:73Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

bf:3e:52:5b:20:76:69:cc:56:07:48:93:48:8d:55:49:4c:10:2a:0eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

shell32

advapi32

kernel32

user32

gdi32

ole32

oleaut32

gdiplus

wininet

wldap32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 86KB - Virtual size: 96KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 375KB - Virtual size: 375KB

.reloc Size: 136KB - Virtual size: 135KB

35:f5:7a:dd:ef:00:15:e6:fe:be:6a:e2:71:0d:48:73
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

bf:3e:52:5b:20:76:69:cc:56:07:48:93:48:8d:55:49:4c:10:2a:0e
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 86KB - Virtual size: 96KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 375KB - Virtual size: 375KB

.reloc
Size: 136KB - Virtual size: 135KB