2024-09-19_d07adc7f41e5675b70e4168ae071b009_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-19_d07adc7f41e5675b70e4168ae071b009_mafia
Size

2.9MB
MD5

d07adc7f41e5675b70e4168ae071b009
SHA1

c0c3a71aed87b233351ca2e888d0ef0d999a7c14
SHA256

a19098527b5e74997b3895149453493a994fefaadfc0701035e91c9b3a90d868
SHA512

ef4efb029daca1eadb0168b28bd38b823cedf0eb6ef015e8d21728c5fef035110a8d2390972df65527d71b62b3aaab24f8e027e40eb9aed7fa59f10caf494fcc
SSDEEP

49152:SOfMU2iQtrWofmEaCp01a9Ac7V+oz+Q00azUu3f5RaSFEy++EzR7/i5tG:XMZrWjtC19N7VGJ/3RRaSFp+DX

Score

1^/10

Malware Config

Signatures

Files

2024-09-19_d07adc7f41e5675b70e4168ae071b009_mafia
.exe windows:5 windows x86 arch:x86

ec1dc94f8d512bdabee73a3a71831b06

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:84:17:f7:ea:64:06:ec:7b:32:05:90:e1:7a:65:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10-04-2012 00:00

Not After

06-05-2015 23:59

Subject

CN=Mindspark Interactive Network,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mindspark Interactive Network,L=White Plains,ST=NewYork,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

85:ee:26:38:48:b1:2e:a1:ab:32:dd:3d:9f:67:54:30:06:18:b7:f2
Signer

Actual PE Digest

85:ee:26:38:48:b1:2e:a1:ab:32:dd:3d:9f:67:54:30:06:18:b7:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\code\p4\david.paxson_dp6127437787DT\Developers\David.Paxson\ChromeSearch\Build.TT\Release.x86\t8CrxSetup.pdb

Imports

gdi32

GetCharWidth32A
GetTextExtentPoint32A

wininet

InternetCloseHandle
InternetOpenUrlA
InternetGetConnectedState
InternetOpenA
InternetReadFile

netapi32

NetUserEnum
NetApiBufferFree
NetWkstaUserGetInfo

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

MultiByteToWideChar
GetTempFileNameA
GetTempPathA
FreeResource
CloseHandle
WriteFile
CreateFileA
SetFileAttributesA
LockResource
LoadResource
SizeofResource
FindResourceA
GetSystemTime
GetProcAddress
GetModuleHandleA
CopyFileA
FreeLibrary
LoadLibraryA
lstrcpyW
SetFilePointer
ReadFile
FileTimeToSystemTime
GetVersionExA
GetCurrentProcess
DeleteFileA
RemoveDirectoryA
GetLastError
CreateDirectoryA
SetLastError
CreateThread
CreateEventA
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateRemoteThread
GetExitCodeProcess
DuplicateHandle
lstrcmpiW
OpenProcess
LocalFree
CreateProcessA
SetEvent
CreateMutexA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
RaiseException
WaitForMultipleObjects
FlushFileBuffers
GetTickCount
lstrcatW
GetFileSize
MoveFileA
GetModuleFileNameA
GetWindowsDirectoryA
CreateFileW
FindFirstFileW
lstrcmpW
FindNextFileW
FindClose
lstrcpynW
LoadLibraryExW
GetDriveTypeW
GetFileAttributesW
RtlUnwind
HeapFree
EncodePointer
DecodePointer
HeapAlloc
ExitThread
GetCurrentThreadId
VirtualProtect
VirtualAlloc
GetModuleHandleW
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
HeapCreate
Sleep
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
HeapReAlloc
GetTimeZoneInformation
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
InterlockedExchange
LoadLibraryW
SetStdHandle
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
WideCharToMultiByte
lstrcatA
lstrlenW
lstrcpyA
lstrcpynA
GetDriveTypeA
GetFileAttributesA
lstrlenA
GetShortPathNameA
LocalAlloc

user32

wsprintfA
PostQuitMessage
PostMessageA
IsWindow
DialogBoxParamA
EndDialog
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
GetWindowLongA
SetWindowLongA
GetClientRect
SetWindowPos
SetWindowTextA
CharNextA
GetParent
SendMessageA
DestroyIcon
GetWindowRect
MapWindowPoints
GetDC
ReleaseDC
MoveWindow
SetDlgItemTextA
GetDlgItem
MessageBoxA

advapi32

RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegFlushKey
RegQueryInfoKeyW
OpenProcessToken
DuplicateTokenEx
GetLengthSid
SetTokenInformation
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
CreateProcessAsUserA

ole32

CLSIDFromString
CoUninitialize
CoInitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CreateBindCtx

oleaut32

VariantClear
CreateStdDispatch
CreateDispTypeInfo
VariantInit
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
SysFreeString
LoadRegTypeLi
SysAllocStringLen

shlwapi

StrCmpNIW
PathAppendA
PathCombineW
PathFileExistsW
PathAppendW
StrStrIW
StrNCatW
PathFileExistsA

urlmon

RegisterBindStatusCallback

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec1dc94f8d512bdabee73a3a71831b06

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

09:84:17:f7:ea:64:06:ec:7b:32:05:90:e1:7a:65:b7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

85:ee:26:38:48:b1:2e:a1:ab:32:dd:3d:9f:67:54:30:06:18:b7:f2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

wininet

netapi32

version

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

urlmon

Sections

.text Size: 221KB - Virtual size: 220KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 45KB - Virtual size: 63KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 22KB - Virtual size: 21KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

09:84:17:f7:ea:64:06:ec:7b:32:05:90:e1:7a:65:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

85:ee:26:38:48:b1:2e:a1:ab:32:dd:3d:9f:67:54:30:06:18:b7:f2
Signer

.text
Size: 221KB - Virtual size: 220KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 45KB - Virtual size: 63KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 22KB - Virtual size: 21KB