2024-09-25_96ee9bfa04a43be98f7c877c51a81393_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-25_96ee9bfa04a43be98f7c877c51a81393_mafia
Size

1.2MB
MD5

96ee9bfa04a43be98f7c877c51a81393
SHA1

df144e6059b583dddd9fd274603735284b2609ee
SHA256

0f2ef7a23aca572a9a9ba8e846d72ade47d605603d6aafab832545ec60aef4c7
SHA512

0469cb36fe6a88dc55af44f77c103b3854c8b3ee4b7e86cca68edfe68095b9fda110acbf8427df1c7e970ff837567c4e5f69bbc29d4ccf4b536c17e97daf3512
SSDEEP

24576:EOzCkPAm9JPBa4BvShLtk3z9JpP/b+5jkp3chYgvsyqf6OXIkhup:EOzCkPNbartaz9rb+5Yp3chYgsH6chc

Score

1^/10

Malware Config

Signatures

Files

2024-09-25_96ee9bfa04a43be98f7c877c51a81393_mafia
.exe windows:5 windows

73d30bafd92781bedbd32b22f2b11e28

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:cf:42:3b:e7:7b:3a:e7:53:7b:1b:ce:9f:96:a3:c3:e5
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

27/01/2015, 14:57

Not After

28/01/2016, 14:57

Subject

CN=Iminent Technology SRL,O=Iminent Technology SRL,L=Bucuresti,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

34:1b:58:d2:77:38:46:c1:50:22:8e:42:16:b3:c7:5b:01:95:8f:b1
Signer

Actual PE Digest

34:1b:58:d2:77:38:46:c1:50:22:8e:42:16:b3:c7:5b:01:95:8f:b1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Builds\6\Dev\DEV.usys.Metro.Installer\Binaries\MetroInstallerAPP.pdb

Imports

wininet

DeleteUrlCacheEntryW

winhttp

WinHttpReadData
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetOption
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen

kernel32

GetSystemInfo
lstrlenA
SetFileAttributesW
GetFileAttributesExW
FindNextFileW
FindFirstFileW
FindClose
CopyFileW
MoveFileExW
GetTempPathW
lstrlenW
GetFileTime
SetFileTime
FileTimeToSystemTime
CompareFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ProcessIdToSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WaitForMultipleObjectsEx
OpenProcess
Thread32Next
Thread32First
TerminateProcess
SetProcessShutdownParameters
GetProcessShutdownParameters
WaitForSingleObject
CreateProcessW
CreateFileA
RemoveDirectoryW
GetTickCount
GetCurrentThread
GetCommandLineW
GetCurrentProcessId
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
QueryPerformanceCounter
PeekNamedPipe
FlushFileBuffers
GetConsoleCP
GetFileAttributesW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
FatalAppExitA
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CompareStringW
LCMapStringW
GetCPInfo
GetCurrentProcess
LocalFree
GetSystemDirectoryA
GetFullPathNameA
SetErrorMode
GetModuleHandleW
DeleteFileW
CreateThread
WaitForMultipleObjects
TerminateThread
GetExitCodeThread
LocalAlloc
PulseEvent
GetCurrentThreadId
ExitThread
GetStartupInfoW
HeapSetInformation
CreateEventW
CreateDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
WTSGetActiveConsoleSessionId
Sleep
MultiByteToWideChar
GetCurrentDirectoryW
DeleteFileA
CreateFileW
SetFilePointer
WriteFile
CloseHandle
OutputDebugStringW
GetModuleFileNameW
GetLastError
WideCharToMultiByte
FindResourceExW
LoadResource
GetFullPathNameW
LockResource
SizeofResource
FindResourceW
InterlockedDecrement
VirtualQuery
SetStdHandle
SetEnvironmentVariableA
SetEnvironmentVariableW
GetExitCodeProcess
GetTimeZoneInformation
SearchPathW
GetTempFileNameW
GetProcessTimes
GlobalMemoryStatus
LoadLibraryExW
GetFileInformationByHandle
GetFileSize
FindFirstFileExW
GetDriveTypeW
GetFileType
WriteConsoleW
ExitProcess
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
InterlockedCompareExchange
GetStringTypeW
InterlockedIncrement
RaiseException
GetShortPathNameW
MoveFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetConsoleMode
GetConsoleMode
SystemTimeToFileTime
GetSystemTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetStdHandle
SetEndOfFile
SetConsoleCtrlHandler
SetFileApisToOEM
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenEventW
FormatMessageW
FileTimeToLocalFileTime
SetCurrentDirectoryW
VirtualFree
VirtualAlloc
SetEvent
InitializeCriticalSection
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
ReadFile

user32

CharToOemW
EndPaint
SendMessageW
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
FillRect
BeginPaint
CharUpperW
CharPrevExA
CharNextA
CharUpperA
EndDialog
GetClientRect
EnableMenuItem
GetSystemMenu
SetWindowPos
wsprintfW
PostThreadMessageW
PostMessageW
FlashWindow
GetWindowThreadProcessId
EnumWindows
CharLowerW
wsprintfA
SendNotifyMessageW
MessageBoxW
CheckDlgButton
IsDlgButtonChecked
LoadStringW
SetWindowTextW
LoadImageW
GetWindowLongW
AdjustWindowRect

gdi32

SetBkMode
CreateCompatibleDC
SelectObject
CreateSolidBrush
BitBlt
DeleteDC
GetStockObject
SetTextColor
CreateFontIndirectW
TextOutW
DeleteObject
GetObjectW

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW

advapi32

RegQueryInfoKeyW
OpenThreadToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid
RegOpenKeyW
RegCreateKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegFlushKey
RegRestoreKeyW
RegSaveKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
LookupAccountSidW
ConvertSidToStringSidW
GetTokenInformation

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW

ole32

CoInitializeEx
StringFromGUID2
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
CreateErrorInfo
SysAllocStringByteLen
VariantCopy
GetErrorInfo
VariantChangeType
VariantInit
SetErrorInfo

shlwapi

SHQueryValueExW
PathStripPathW
PathIsRelativeA
PathFileExistsW
PathRemoveFileSpecW

urlmon

URLDownloadToFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

rpcrt4

UuidCreate

Sections

.text
Size: 926KB - Virtual size: 925KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73d30bafd92781bedbd32b22f2b11e28

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:cf:42:3b:e7:7b:3a:e7:53:7b:1b:ce:9f:96:a3:c3:e5Certificate

Extended Key Usages

Key Usages

34:1b:58:d2:77:38:46:c1:50:22:8e:42:16:b3:c7:5b:01:95:8f:b1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

winhttp

kernel32

user32

gdi32

wtsapi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

version

rpcrt4

Sections

.text Size: 926KB - Virtual size: 925KB

.rdata Size: 175KB - Virtual size: 175KB

.data Size: 17KB - Virtual size: 35KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 46KB - Virtual size: 45KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:cf:42:3b:e7:7b:3a:e7:53:7b:1b:ce:9f:96:a3:c3:e5
Certificate

34:1b:58:d2:77:38:46:c1:50:22:8e:42:16:b3:c7:5b:01:95:8f:b1
Signer

.text
Size: 926KB - Virtual size: 925KB

.rdata
Size: 175KB - Virtual size: 175KB

.data
Size: 17KB - Virtual size: 35KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 46KB - Virtual size: 45KB