2024-09-15_e323baecaadfe74af310bcd7cb4238f2_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-15_e323baecaadfe74af310bcd7cb4238f2_mafia
Size

832KB
MD5

e323baecaadfe74af310bcd7cb4238f2
SHA1

8f943528a40c4175cf8584a6748dfd63abb212db
SHA256

7c3ade0015e57042c60892fd008a94aa30fcd8ec6f57763e618fb9ac8887e768
SHA512

e5167ef296184d4c831d511165404f761283a2a58fc9cc6d354b23ef4105593f6a8eced74f1cbeebd1318839b0b50115aca5135adaab49fa3940036590362967
SSDEEP

12288:dL2hI6bniRohx2gKDjjjxoqgGeuDL6DAD8guLbPOOFKcZPsiTK:dLh6bniRocxvgFAD8prOUKPiTK

Score

1^/10

Malware Config

Signatures

Files

2024-09-15_e323baecaadfe74af310bcd7cb4238f2_mafia
.exe windows:5 windows x86 arch:x86

1af3d6da96cc18dd036f27d4402e33a3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:cc:2a:4e:5d:7f:9f:da
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

05/12/2016, 22:26

Not After

18/04/2018, 21:26

Subject

CN=Blackfish Software,O=Blackfish Software,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

da:51:17:a7:0a:84:a3:12:cb:ca:ec:3d:d2:c4:03:c1:1f:aa:e5:cf
Signer

Actual PE Digest

da:51:17:a7:0a:84:a3:12:cb:ca:ec:3d:d2:c4:03:c1:1f:aa:e5:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src\ietabmoney\helper\Release\ietabhelper.pdb

Imports

kernel32

SetLastError
lstrcmpW
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
CreateThread
GetCurrentThread
WideCharToMultiByte
OpenProcess
CloseHandle
GetStdHandle
SetStdHandle
GetVersion
CreateFileW
GetFileSize
ReadFile
VirtualProtect
CreateEventW
WriteFile
FlushFileBuffers
SetEvent
PeekNamedPipe
WaitForSingleObject
GetVersionExW
GetThreadContext
VirtualQuery
InitializeCriticalSection
Sleep
SetThreadPriority
VirtualAlloc
OpenThread
GetSystemInfo
GetThreadPriority
GetCurrentProcessId
SuspendThread
ResumeThread
FormatMessageA
GetNativeSystemInfo
CopyFileW
FindFirstFileExW
FindNextFileW
FindClose
DeleteFileW
RemoveDirectoryW
LockResource
GetTempFileNameW
RaiseException
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetFileType
WriteConsoleW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
DecodePointer
EncodePointer
InterlockedExchange
InterlockedCompareExchange
GetStringTypeW
CompareStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
HeapCreate
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetHandleCount
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCPInfo
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetModuleFileNameW
GetFileAttributesW
GlobalFree
GetCurrentThreadId
GetModuleHandleW
FlushInstructionCache
GetCurrentProcess
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrlenW
MultiByteToWideChar
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryW

user32

SetTimer
SetPropW
GetKeyState
IsWindowVisible
PostQuitMessage
GetAncestor
ShowWindow
DialogBoxParamW
AnimateWindow
LoadMenuW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindow
GetDlgItem
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
LoadCursorW
KillTimer
GetForegroundWindow
MessageBoxW
GetWindowThreadProcessId
FindWindowExW
UpdateWindow
MapVirtualKeyW
GetMessageExtraInfo
MessageBoxA
GetWindowPlacement
SetWindowLongA
SetParent
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
EnumWindows
EndDialog
GetClassInfoExW
RegisterClassExW
CreateAcceleratorTableW
ScreenToClient
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
GetDesktopWindow
DestroyAcceleratorTable
CreateWindowExW
SendMessageW
PostMessageW
MoveWindow
ClientToScreen
GetWindowRect
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
EndPaint
GetClientRect
BeginPaint
InvalidateRect
GetDC
ReleaseDC
SetWindowPos
EqualRect
IsWindow
SetFocus
GetParent
GetFocus
IsChild
DestroyWindow
GetPropW
UnregisterClassA

gdi32

GetPixel
CreateFontIndirectW
GetTextExtentPoint32W
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
GetStockObject
GetObjectW
GetDeviceCaps
DeleteDC

advapi32

RegEnumValueW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyW

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
SHCreateDirectoryExW

ole32

CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemRealloc
OleInitialize
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
DispCallFunc
SysAllocStringLen
OleCreateFontIndirect
LoadTypeLi
SysStringLen
VariantCopy
SysAllocString
SysFreeString
VariantClear
VariantInit

dbghelp

MiniDumpWriteDump

wininet

InternetSetCookieExW
InternetCrackUrlW

urlmon

URLDownloadToCacheFileW
CoInternetSetFeatureEnabled
CreateURLMoniker

Sections

.text
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 167KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1af3d6da96cc18dd036f27d4402e33a3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:e7:15Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

d3:cc:2a:4e:5d:7f:9f:daCertificate

Extended Key Usages

Key Usages

da:51:17:a7:0a:84:a3:12:cb:ca:ec:3d:d2:c4:03:c1:1f:aa:e5:cfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dbghelp

wininet

urlmon

Sections

.text Size: 470KB - Virtual size: 470KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 167KB - Virtual size: 177KB

.rsrc Size: 54KB - Virtual size: 53KB

.reloc Size: 36KB - Virtual size: 36KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:e7:15
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07
Certificate

d3:cc:2a:4e:5d:7f:9f:da
Certificate

da:51:17:a7:0a:84:a3:12:cb:ca:ec:3d:d2:c4:03:c1:1f:aa:e5:cf
Signer

.text
Size: 470KB - Virtual size: 470KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 167KB - Virtual size: 177KB

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 36KB - Virtual size: 36KB