2024-09-08_74bd99fac6e8582279e60a7621c13580_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-08_74bd99fac6e8582279e60a7621c13580_mafia
Size

2.0MB
MD5

74bd99fac6e8582279e60a7621c13580
SHA1

70763309bab38b34307b6e9d85d7def428cc744b
SHA256

c6f9587904fc4f3be31a2d2160fe448650766aa64f415d92b1fd82135cb25161
SHA512

9bb29c992367d3fa11147906e262610994dba6902c81933bb29216b02528f4481859cb15579d6e16005c50032d101d41d706b2e2c478f31c94a3760adcebf741
SSDEEP

24576:m5SPUSwrLJR4zoExUwGI0kJ6ROURiHRenh3LJo1+0Bhy+DHj7nd3tnpYPDy8rxdC:mBSwrLS1AjRiHULuYKjbTnWLVBD4Vb

Score

1^/10

Malware Config

Signatures

Files

2024-09-08_74bd99fac6e8582279e60a7621c13580_mafia
.exe windows:5 windows x86 arch:x86

621cae66369874f2d5c458b699758c9a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:bf:92:4e:a3:bb:36:4a:9c:02:78:c0:ba:68:28:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/05/2012, 00:00

Not After

24/07/2013, 23:59

Subject

CN=Beijing ELEX Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing ELEX Technology Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:e7:54:6e:84:c8:14:ae:08:13:c5:2f:34:60:19:6e:6a:ea:b7:81
Signer

Actual PE Digest

9e:e7:54:6e:84:c8:14:ae:08:13:c5:2f:34:60:19:6e:6a:ea:b7:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\soft365\MakerV4\Release\SoftStudio.pdb

Imports

ws2_32

connect
WSAStartup
gethostname
ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
WSASetLastError
WSACleanup
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
socket
closesocket
WSAGetLastError

wldap32

ord41
ord46
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27

shlwapi

PathAppendW
SHRegGetUSValueW
PathFileExistsW

dbghelp

MakeSureDirectoryPathExists

kernel32

GetConsoleCP
HeapCreate
InitializeCriticalSectionAndSpinCount
SetHandleCount
TlsFree
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetConsoleMode
ExitThread
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
HeapReAlloc
RtlUnwind
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapAlloc
HeapFree
InterlockedExchange
DecodePointer
EncodePointer
InterlockedDecrement
CreateThread
WideCharToMultiByte
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
GetPrivateProfileSectionNamesW
lstrcmpA
GetPrivateProfileStringW
MultiByteToWideChar
GetEnvironmentVariableW
FindFirstFileW
MoveFileExW
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
GetModuleHandleW
WriteFile
InitializeCriticalSection
CopyFileW
GetVersionExW
GetFileAttributesW
TerminateProcess
GetModuleFileNameW
CreateFileW
GetProcAddress
MoveFileW
GetLocaleInfoW
FindNextFileW
DeleteCriticalSection
CloseHandle
FreeResource
FindResourceW
LoadResource
CreateProcessW
SizeofResource
GetStdHandle
GetLastError
LockResource
GetFileSize
SetFilePointer
UnmapViewOfFile
SystemTimeToFileTime
GetTickCount
FileTimeToSystemTime
ReadFile
GetLocalTime
GetFileInformationByHandle
FindClose
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
CreateFileA
DeviceIoControl
GetVolumeInformationW
GetSystemDefaultLangID
GetProcessHeap
GetSystemInfo
lstrcmpiW
ExpandEnvironmentStringsA
SetLastError
SleepEx
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
FreeLibrary
LoadLibraryA
GetFullPathNameW
GetFullPathNameA
TlsGetValue
SetEndOfFile
InterlockedIncrement
UnlockFile
LockFile
GetSystemTimeAsFileTime
TlsSetValue
GetFileAttributesA
FlushFileBuffers
GetTempPathW
LockFileEx
GetCurrentThreadId
TlsAlloc
GetTempPathA
GetSystemTime
DeleteFileA
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
SetStdHandle
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
LoadLibraryW
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
ExitProcess

user32

SendMessageW
GetClassNameW
EnumWindows
FindWindowW
GetDesktopWindow
wsprintfW
GetSystemMetrics

advapi32

CryptDuplicateKey
CryptAcquireContextW
RegOpenKeyExW
GetUserNameW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
CryptEncrypt
CryptCreateHash
CryptDestroyKey
CryptDecrypt
CryptDestroyHash
CryptHashData
CryptDeriveKey

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW

Exports

Exports

_sqlite3_key_interop@12
_sqlite3_rekey_interop@12

Sections

.text
Size: 709KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

621cae66369874f2d5c458b699758c9a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

27:bf:92:4e:a3:bb:36:4a:9c:02:78:c0:ba:68:28:79Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

9e:e7:54:6e:84:c8:14:ae:08:13:c5:2f:34:60:19:6e:6a:ea:b7:81Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

shlwapi

dbghelp

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 709KB - Virtual size: 709KB

.data Size: 9KB - Virtual size: 20KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 29KB - Virtual size: 29KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

27:bf:92:4e:a3:bb:36:4a:9c:02:78:c0:ba:68:28:79
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

9e:e7:54:6e:84:c8:14:ae:08:13:c5:2f:34:60:19:6e:6a:ea:b7:81
Signer

.text
Size: 709KB - Virtual size: 709KB

.data
Size: 9KB - Virtual size: 20KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 29KB - Virtual size: 29KB