2024-09-15_39e63a54fe9aff172fc0c83f62a9c7f4_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-15_39e63a54fe9aff172fc0c83f62a9c7f4_mafia
Size

1.8MB
MD5

39e63a54fe9aff172fc0c83f62a9c7f4
SHA1

bf0aad2084bd742fbd4ba5c26d90994f9272b79e
SHA256

d0d5dc06751505fd591c018de5977f59d00e475534101abe029054666bbdea9b
SHA512

3ab5b62e47b4d50890bc6317ff92fae167b6ace762ea57897a490ad92b0a25153e47ab2933fa13797894a53c6bf93b7782a1d6207f566c337336b767aebe108f
SSDEEP

49152:uC4QTijOVFycANzE4w3LW3n3T/yAlgK0rqL2YLqM:u5jOVFqE4w3q3nDTlwuqY

Score

1^/10

Malware Config

Signatures

Files

2024-09-15_39e63a54fe9aff172fc0c83f62a9c7f4_mafia
.exe windows:5 windows x86 arch:x86

585de6a98f33bdea926e1e8b4a25e4f3

Code Sign

0a:52:2e:be:d0:e1:9a:e9:84:1b:0a:7a:2a:f3:fa:e3
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/01/2016, 00:00

Not After

31/01/2017, 12:00

Subject

CN=Romualdas Cukuras,O=Romualdas Cukuras,L=Radikiai,ST=Kaunas Apskritis,C=LT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:83:33:6f:b1:e0:8d:a9:89:95:30:fe:5a:86:06:ef:44:db:5e:22:80:68:40:61:5f:88:6a:87:c0:54:57:22
Signer

Actual PE Digest

c8:83:33:6f:b1:e0:8d:a9:89:95:30:fe:5a:86:06:ef:44:db:5e:22:80:68:40:61:5f:88:6a:87:c0:54:57:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\wiper\Release\Installer.pdb

Imports

ws2_32

select
send
ioctlsocket
gethostbyname
connect
WSAGetLastError
htons
__WSAFDIsSet
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
getsockopt
getpeername
ntohs
WSAStartup
WSAIoctl
WSACleanup

kernel32

SetErrorMode
Wow64DisableWow64FsRedirection
GetModuleHandleA
CreateEventA
SetEvent
Wow64RevertWow64FsRedirection
MoveFileExW
HeapAlloc
HeapFree
GetProcessHeap
OpenProcess
ReadProcessMemory
Sleep
TerminateProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
FreeLibrary
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
CopyFileW
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
InterlockedExchange
MoveFileW
InterlockedExchangeAdd
PostQueuedCompletionStatus
lstrcmpiW
TlsAlloc
TlsFree
GetVersionExW
CreateMutexW
WaitForSingleObject
TlsGetValue
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
InterlockedCompareExchange
SleepEx
TlsSetValue
TerminateThread
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
VerifyVersionInfoW
QueueUserAPC
CreateEventW
WaitForMultipleObjects
CreateIoCompletionPort
CreateWaitableTimerW
LoadLibraryA
VirtualFree
VirtualAlloc
FormatMessageA
ExpandEnvironmentStringsA
GetComputerNameW
GetSystemInfo
GetEnvironmentVariableW
GetLongPathNameW
CreateDirectoryW
RemoveDirectoryW
QueryDosDeviceW
SetFileAttributesW
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCommandLineW
LocalFree
LocalAlloc
GetModuleFileNameA
LoadLibraryExA
CreateWaitableTimerA
WaitForMultipleObjectsEx
ResumeThread
ResetEvent
OpenEventA
WaitForSingleObjectEx
SetLastError
GetFileAttributesW
GetVersionExA
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetExitCodeProcess
CreatePipe
GetFileAttributesA
CompareStringW
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
LCMapStringW
HeapSize
HeapCreate
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
GetDateFormatA
GetTimeFormatA
DeleteFileA
MoveFileA
DuplicateHandle
CreateProcessA
DeleteFileW
GetTickCount
GetProcAddress
LoadLibraryW
GetModuleHandleW
MulDiv
GetCurrentThreadId
EnterCriticalSection
RaiseException
FlushInstructionCache
GetCurrentProcess
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
ExpandEnvironmentStringsW
FindNextFileW
GetLastError
FindFirstFileW
LockResource
SizeofResource
LoadResource
FindResourceW
SwitchToThread
CloseHandle
DeleteCriticalSection
CreateFileW
ReadFile
LeaveCriticalSection
InitializeCriticalSection
WriteFile
TryEnterCriticalSection
SetFilePointer
GetFileSize
RtlUnwind
WideCharToMultiByte
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
GetStartupInfoW
HeapSetInformation
CreateThread
ExitThread
HeapReAlloc
GetCPInfo
EncodePointer
DecodePointer
FindClose
ReleaseSemaphore

user32

IsCharAlphaNumericW
DefWindowProcW
CallWindowProcW
SetWindowTextW
SendMessageW
CreateWindowExW
IsWindow
SetWindowLongW
GetWindowLongW
RegisterClassExW
GetClassInfoExW
LoadCursorW
DestroyWindow
EnableWindow
ShowWindow
SetWindowPos
ReleaseDC
GetDC
ReleaseCapture
RedrawWindow
GetCapture
SetFocus
TrackMouseEvent
KillTimer
PostMessageW
SetCapture
SetTimer
ValidateRect
GetCursorPos
GetDCEx
SetRect
OffsetRect
BeginPaint
GetClientRect
GetWindowRect
ScreenToClient
SetWindowRgn
SetCursor
ClientToScreen
EndPaint
DispatchMessageW
UpdateWindow
GetSystemMetrics
MessageBoxW
PeekMessageW
TranslateMessage
SetForegroundWindow
LoadImageW
CharNextW
PostQuitMessage
GetMessageW
MoveWindow
GetWindow
GetMonitorInfoW
DestroyMenu
MapWindowPoints
RemoveMenu
GetMenuItemCount
CreatePopupMenu
LoadStringW
SystemParametersInfoW
AppendMenuW
InvalidateRect
wsprintfA
UnregisterClassA
BringWindowToTop
TranslateAcceleratorW
SetActiveWindow
MonitorFromPoint
LoadStringA
GetParent
MessageBeep
GetMenuItemInfoW
TrackPopupMenuEx
PtInRect
wsprintfW

gdi32

ExcludeClipRect
SetTextColor
SetBkMode
CreateSolidBrush
SetWindowOrgEx
BitBlt
SetViewportOrgEx
DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgn
GetTextMetricsW
CreateFontIndirectW
GetDeviceCaps
DeleteObject

advapi32

RegSetKeySecurity
RegQueryInfoKeyW
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
CheckTokenMembership
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
RegDeleteValueW
RegCreateKeyExW

shell32

ShellExecuteExW
ShellExecuteW
CommandLineToArgvW

ole32

CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance
CoInitializeEx

oleaut32

VarUI4FromStr

shlwapi

PathUnExpandEnvStringsW

comctl32

InitCommonControlsEx

secur32

GetUserNameExW

psapi

GetProcessImageFileNameW

gdiplus

GdipSetStringFormatFlags
GdipDeleteBrush
GdipFree
GdipDeletePen
GdipCloneBrush
GdipGetStringFormatFlags
GdipSetImageAttributesColorMatrix
GdipClosePathFigures
GdipGetImageHeight
GdiplusStartup
GdiplusShutdown
GdipDrawRectangleI
GdipDeleteStringFormat
GdipCreatePen1
GdipSetPixelOffsetMode
GdipGetImageWidth
GdipCreatePath
GdipSetStringFormatTrimming
GdipDrawLineI
GdipCloneImage
GdipFillRectangleI
GdipStringFormatGetGenericTypographic
GdipSetInterpolationMode
GdipGetCellAscent
GdipFillPath
GdipSetCompositingQuality
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipCreateRegion
GdipResetClip
GdipTranslateWorldTransform
GdipGetLineSpacing
GdipSetCompositingMode
GdipCloneStringFormat
GdipDrawString
GdipMeasureCharacterRanges
GdipGetCellDescent
GdipCreateImageAttributes
GdipGetGenericFontFamilySansSerif
GdipDeleteRegion
GdipDeletePath
GdipResetWorldTransform
GdipGetFontSize
GdipCreateFont
GdipDisposeImage
GdipSetStringFormatMeasurableCharacterRanges
GdipAlloc
GdipDisposeImageAttributes
GdipCreateSolidFill
GdipAddPathArcI
GdipDeleteFontFamily
GdipGetFamily
GdipSetSmoothingMode
GdipSetPenLineCap197819
GdipGetRegionBounds
GdipSetStringFormatAlign
GdipDrawImageRectI
GdipSetClipRectI
GdipDeleteGraphics
GdipDeleteFont
GdipDrawPath
GdipSetTextRenderingHint
GdipScaleWorldTransform
GdipCreateBitmapFromStream
GdipSetTextContrast
GdipSetStringFormatLineAlign
GdipGetEmHeight
GdipDrawImageRectRectI

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1004KB - Virtual size: 1003KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ATL
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 518KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

585de6a98f33bdea926e1e8b4a25e4f3

Code Sign

0a:52:2e:be:d0:e1:9a:e9:84:1b:0a:7a:2a:f3:fa:e3Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

c8:83:33:6f:b1:e0:8d:a9:89:95:30:fe:5a:86:06:ef:44:db:5e:22:80:68:40:61:5f:88:6a:87:c0:54:57:22Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

secur32

psapi

gdiplus

iphlpapi

Sections

.text Size: 1004KB - Virtual size: 1003KB

.rdata Size: 239KB - Virtual size: 238KB

.data Size: 31KB - Virtual size: 41KB

.tls Size: 512B - Virtual size: 2B

ATL Size: 512B - Virtual size: 8B

.rsrc Size: 518KB - Virtual size: 518KB

.reloc Size: 75KB - Virtual size: 75KB

0a:52:2e:be:d0:e1:9a:e9:84:1b:0a:7a:2a:f3:fa:e3
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

c8:83:33:6f:b1:e0:8d:a9:89:95:30:fe:5a:86:06:ef:44:db:5e:22:80:68:40:61:5f:88:6a:87:c0:54:57:22
Signer

.text
Size: 1004KB - Virtual size: 1003KB

.rdata
Size: 239KB - Virtual size: 238KB

.data
Size: 31KB - Virtual size: 41KB

.tls
Size: 512B - Virtual size: 2B

ATL
Size: 512B - Virtual size: 8B

.rsrc
Size: 518KB - Virtual size: 518KB

.reloc
Size: 75KB - Virtual size: 75KB