2024-09-03_8e29628ac279a5092ed7a82a36deca05_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-03_8e29628ac279a5092ed7a82a36deca05_mafia
Size

1.1MB
MD5

8e29628ac279a5092ed7a82a36deca05
SHA1

d027b30d14c393edc35ce0cfefa3838b50dd0175
SHA256

a8dc438e9f2fbdba3efeae776646760a956e255a339f3087b7b40a797121f049
SHA512

70386e5354f6ba282c0a5dc13b3e3ee6daaa8243b3693b6cc5ab5258fa2191898d033eecec318ac3a014a02c288230689fb7d137836b40c0fbd7539dd1485864
SSDEEP

24576:K1VaAL0MwPW5mYCMoVMpad5WJzoAnHtBpg:KaALtwOSF+paHWyONk

Score

1^/10

Malware Config

Signatures

Files

2024-09-03_8e29628ac279a5092ed7a82a36deca05_mafia
.exe windows:5 windows x86 arch:x86

0b68ab9966cc6ed90a54044d0c3deff9

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:16:c6:cd:70:10:c1:97:e7:22:8f:66:f5:b2:86:bb
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/02/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=Shopper-Pro (GOOBZO LTD),O=Shopper-Pro (GOOBZO LTD),POSTALCODE=31905,STREET=Bldg #15 Matam,L=Haifa,ST=Haifa,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c5:78:d4:00:56:b6:85:58:f1:81:ea:34:74:33:43:4d:a8:4c:dd:83
Signer

Actual PE Digest

c5:78:d4:00:56:b6:85:58:f1:81:ea:34:74:33:43:4d:a8:4c:dd:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Builds\Build_ShopperProMulti\ShopperPro\Release_ClassObject\ShopperPro.pdb

Imports

psapi

GetModuleFileNameExW

kernel32

DeleteCriticalSection
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetCurrentProcessId
IsWow64Process
MoveFileExW
WaitForSingleObject
SetEvent
OutputDebugStringW
TerminateThread
Sleep
GetModuleFileNameW
ExitThread
SetThreadPriority
InterlockedExchange
ResetEvent
GetLocalTime
CreateEventW
WaitForMultipleObjects
CreateThread
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
CreateMutexW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
LoadLibraryW
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
MultiByteToWideChar
GetTempPathW
GetProcAddress
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
InitializeCriticalSection
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
SetWaitableTimer
CancelWaitableTimer
OpenProcess
CopyFileW
TerminateProcess
EncodePointer
CreateWaitableTimerW
CreateToolhelp32Snapshot
GetModuleHandleW
FileTimeToSystemTime
GetPrivateProfileStringW
WritePrivateProfileStringW
FindNextFileW
RemoveDirectoryW
CompareFileTime
GetProcessTimes
Process32FirstW
GlobalMemoryStatusEx
GetCommandLineW
HeapSetInformation
GetStartupInfoW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
RaiseException
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetVersionExW
GetSystemDirectoryW
GetEnvironmentVariableW
SetLastError
lstrlenW
FormatMessageW
FormatMessageA
GetComputerNameW
lstrlenA
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
LocalFree
DeleteFileW
CloseHandle
DuplicateHandle
DeviceIoControl
GetFileType
FindClose
MoveFileW
GetLastError
FlushFileBuffers
CreateFileW
ReadFile
GetFileAttributesW
WriteFile
LockFile
UnlockFile
CreateDirectoryW
GetCurrentProcess
SetEndOfFile
SetFilePointer
FindFirstFileW
GetFileSize
DecodePointer
CreateFileMappingA
Process32NextW
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetTimeZoneInformation
GetLocaleInfoW
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
GetCPInfo
RtlUnwind
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent

user32

wsprintfW
DefWindowProcW
LoadStringW
EndDialog
RegisterClassExW
LoadAcceleratorsW
BeginPaint
LoadCursorW
DialogBoxParamW
PostQuitMessage
DestroyWindow
EndPaint
GetSystemMetrics
LoadIconW

advapi32

StartServiceW
OpenServiceW
GetUserNameW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegEnumValueW
RegQueryValueW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
IsValidSid
LookupAccountNameW
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW

ole32

CoInitializeSecurity
CoInitializeEx
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

wininet

InternetWriteFile
InternetCloseHandle
HttpEndRequestW
InternetGetLastResponseInfoW
HttpOpenRequestW
InternetOpenW
HttpSendRequestExW
InternetQueryDataAvailable
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpAddRequestHeadersW
HttpQueryInfoW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 851KB - Virtual size: 851KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b68ab9966cc6ed90a54044d0c3deff9

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

e6:16:c6:cd:70:10:c1:97:e7:22:8f:66:f5:b2:86:bbCertificate

Extended Key Usages

Key Usages

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

c5:78:d4:00:56:b6:85:58:f1:81:ea:34:74:33:43:4d:a8:4c:dd:83Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

version

Sections

.text Size: 851KB - Virtual size: 851KB

.rdata Size: 153KB - Virtual size: 152KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 40KB - Virtual size: 40KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

e6:16:c6:cd:70:10:c1:97:e7:22:8f:66:f5:b2:86:bb
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

c5:78:d4:00:56:b6:85:58:f1:81:ea:34:74:33:43:4d:a8:4c:dd:83
Signer

.text
Size: 851KB - Virtual size: 851KB

.rdata
Size: 153KB - Virtual size: 152KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 40KB - Virtual size: 40KB