2024-09-09_0c6ef0fd04646d103201278101dce1ab_mamba

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-09_0c6ef0fd04646d103201278101dce1ab_mamba
Size

264KB
MD5

0c6ef0fd04646d103201278101dce1ab
SHA1

990d7f482b20a23829387d4bf3ddaf8fc05a7878
SHA256

1a46bab3ed66ed47450e08eae5647ae840241f421376945ef0e3e74a88644e75
SHA512

25850a9a4efb8b98919e8bdaad4cd644294b1ce0cb7ac0bd1431f35b7e2be62700579d1fa21ceb43c49f6eeb72ffd137c344a8fa4a20d387e1c5dfc7ad2f8e92
SSDEEP

3072:vri1mEk0v9wYE05e6NSFyltZqkEci52JTz4w6oYaScf8vVtEFIYliDuvHgh1zARk:UmEk6E36NyetZlD+g/yj2niDAH8Ik

Score

1^/10

Malware Config

Signatures

Files

2024-09-09_0c6ef0fd04646d103201278101dce1ab_mamba
.exe windows:6 windows x86 arch:x86

e5967ed7cd3428333bfe17aa9d788796

Code Sign

03:5b:41:76:66:60:b0:8a:af:12:15:36:f0:d8:3d:4d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25-06-2019 00:00

Not After

29-06-2020 12:00

Subject

CN=Alexander Lomachevsky,O=Alexander Lomachevsky,L=Kherson,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:b3:2e:52:a4:15:5d:dd:a6:03:cf:68:96:da:0c:fd:f7:c6:49:5c
Signer

Actual PE Digest

48:b3:2e:52:a4:15:5d:dd:a6:03:cf:68:96:da:0c:fd:f7:c6:49:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\DiskCryptor\DCrypt\Bin\Release_i386\dcrypt.pdb

Imports

comctl32

ImageList_Create
ImageList_Add
ImageList_GetIconSize
ImageList_DrawEx
ord17
ImageList_Draw

shlwapi

PathFileExistsW

ntdll

RtlUnwind
NtQueryInformationProcess

kernel32

GetFileSize
ExitProcess
DeleteVolumeMountPointW
GetCurrentThreadId
SetThreadPriority
SuspendThread
ResumeThread
GetLastError
CreateThread
FileTimeToSystemTime
GetSystemTimeAsFileTime
SizeofResource
WriteFile
FormatMessageW
LockResource
LoadResource
FindResourceW
LocalFree
FindNextFileW
FindClose
LoadLibraryW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
GetProcessHeap
SetStdHandle
LCMapStringW
GlobalFindAtomW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFileType
GetStringTypeW
HeapAlloc
HeapFree
GetACP
GetModuleHandleExW
WideCharToMultiByte
MultiByteToWideChar
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetLastError
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetModuleHandleA
InitializeCriticalSection
GetVolumeInformationW
SetVolumeMountPointW
CreateFileW
LeaveCriticalSection
EnterCriticalSection
ReadFile
GetLogicalDrives
CreateProcessW
CloseHandle
Sleep
OpenProcess
WaitForSingleObject
GetModuleFileNameW
GetCurrentProcess
FlushFileBuffers
DecodePointer
WriteConsoleW

user32

DrawFocusRect
GetDialogBaseUnits
DrawTextExW
DrawEdge
ExitWindowsEx
DrawStateW
EnumChildWindows
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
FillRect
GetClassNameW
GetFocus
LoadCursorW
LoadBitmapW
GetKeyState
DestroyWindow
InvalidateRect
GetParent
GetClientRect
MoveWindow
GetWindowInfo
ShowWindow
GetSystemMetrics
SendMessageW
ScreenToClient
SetWindowPos
GetWindowRect
GetWindowLongW
EnableWindow
EnableMenuItem
GetDlgItem
GetSysColor
GetMenu
GetWindowTextW
DialogBoxParamW
IsWindowEnabled
SetWindowTextW
GetMenuItemCount
MessageBoxW
RegisterHotKey
UnregisterHotKey
SetForegroundWindow
KillTimer
FindWindowW
LoadIconW
TranslateMessage
TranslateAcceleratorW
RegisterClassW
DestroyAcceleratorTable
DefDlgProcW
SetTimer
DispatchMessageW
LoadAcceleratorsW
CreateDialogParamW
GetMessageW
ReleaseDC
LookupIconIdFromDirectoryEx
SetWindowLongW
SetCursor
SetFocus
TrackMouseEvent
DestroyIcon
EndDialog
IsWindowVisible
GetDC
CreateIconFromResourceEx
CallWindowProcW
AppendMenuW
DestroyMenu
SetWindowTextA
GetWindowTextA
TrackPopupMenu
CreatePopupMenu
GetMessagePos
GetNextDlgTabItem
GetCursorPos
PostQuitMessage
MapDialogRect
SetMenuItemInfoW

gdi32

CreateFontIndirectW
GetTextMetricsW
ExtTextOutW
SetTextColor
SelectObject
SetDCBrushColor
SetBkMode
GetStockObject
SetBkColor
GetTextExtentPoint32W

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyW
RegDeleteValueW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW
SHGetPathFromIDListW
Shell_NotifyIconW
SHBrowseForFolderW

dcapi

dc_is_dcs_on_partition
load_file
dc_start_re_encrypt
is_w10_reflect_supported
dc_start_encrypt
update_w10_reflect_driver
dc_is_device_ssd
dc_start_format
dc_get_device_status
dc_get_status_str
enable_privilege
dc_dec_step
dc_sync_enc_state
dc_enc_step
dc_format_step
dc_disk_close
dc_disk_open
is_win_vista
dc_get_bsod
rnd_reseed_now
dc_encrypt_iso_image
secure_alloc
dc_add_keyfiles
dc_is_old_runned
dc_is_driver_works
is_admin
dc_efi_init
dc_get_version
rnd_init
dc_load_config
dc_install_driver
dc_efi_check
is_wow64
dc_remove_driver
dc_is_driver_installed
dc_open_device
dc_update_driver
dc_get_hw_name
dc_first_volume
dc_next_volume
dc_format_fs
dc_unmount_volume
dc_start_decrypt
dc_efi_is_msft_on_disk
dc_device_control
save_file
dc_set_boot
dc_backup_header
dc_get_cipher_name
dc_make_iso
dc_benchmark
dc_change_password
dc_set_efi_boot
dc_unset_efi_boot
dc_restore_header
dc_done_format
dc_update_boot
dc_efi_is_bme_set
dc_mount_volume
dc_make_pxe
dc_set_mbr_config
dc_mount_all
dc_is_dcs_on_disk
dc_unset_mbr
secure_free
dc_set_mbr
dc_update_efi_boot
dc_mk_efi_rec
dc_efi_set_bme
dc_efi_is_secureboot
dc_efi_shim_available
dc_efi_del_bme
dc_unmount_all
dc_get_drive_info
dc_mbr_config_by_partition
dc_efi_config_by_partition
dc_is_gpt_disk
dc_get_boot_device
dc_efi_config
dc_get_boot_disk
dc_get_mbr_config
dc_dsk_get_size
dc_format_byte_size
dc_save_config

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5967ed7cd3428333bfe17aa9d788796

Code Sign

03:5b:41:76:66:60:b0:8a:af:12:15:36:f0:d8:3d:4dCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

48:b3:2e:52:a4:15:5d:dd:a6:03:cf:68:96:da:0c:fd:f7:c6:49:5cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

ntdll

kernel32

user32

gdi32

comdlg32

advapi32

shell32

dcapi

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 4KB - Virtual size: 11KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 10KB - Virtual size: 9KB

03:5b:41:76:66:60:b0:8a:af:12:15:36:f0:d8:3d:4d
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

48:b3:2e:52:a4:15:5d:dd:a6:03:cf:68:96:da:0c:fd:f7:c6:49:5c
Signer

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 4KB - Virtual size: 11KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 10KB - Virtual size: 9KB