2024-10-10_da517a46d6987c98e8a18eb5f6e7799d_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-10_da517a46d6987c98e8a18eb5f6e7799d_mafia
Size

1.5MB
MD5

da517a46d6987c98e8a18eb5f6e7799d
SHA1

fea9dcf8c601b429c83fb99dd4a79438f07e9c2f
SHA256

40a4c9f1f1daab682d53c7180c46f1afb17f32bcf452c152d21363aa6342af0a
SHA512

f82928c0ac749a069efd41be0930ad92f9be9b02b7f2fa3dc87d97372e64341817952647c79eebc03ead16ce037c885d2c25976e9c788b4d9ee1d9824b42ef30
SSDEEP

24576:PpZfq9lICALw5VAzBgJjVXTdHwNHWxxTpTXDdzwW9j26Y2sa:PDq9lIClAhNHWxRpTXDd3j9jsa

Score

1^/10

Malware Config

Signatures

Files

2024-10-10_da517a46d6987c98e8a18eb5f6e7799d_mafia
.exe windows:5 windows x86 arch:x86

847dec6233c8cf9492776dfd5bad98a2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:bc:d2:37:50:15:36:99:e1:f5:9a:ce:47:7a:6d:e0:70
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/02/2014, 09:15

Not After

25/02/2015, 09:15

Subject

CN=Taiwan Shui Mu Chih Ching Technology Limited,O=Taiwan Shui Mu Chih Ching Technology Limited,L=New Taipei City,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

28:b8:ac:65:84:04:ce:84:03:f9:f1:ce:20:62:f9:0a:dc:23:68:37
Signer

Actual PE Digest

28:b8:ac:65:84:04:ce:84:03:f9:f1:ce:20:62:f9:0a:dc:23:68:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Build\ecyber\trunk\sc\bin.32\eInstall.pdb

Imports

shlwapi

PathAppendW
PathIsURLW
SHGetValueW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsDirectoryW
PathIsRelativeW
PathFindExtensionW
PathFindFileNameW
PathRenameExtensionW
PathFileExistsW
PathCombineW
SHDeleteKeyW

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
GetProcessHeap
HeapFree
TlsSetValue
OpenEventA
TlsGetValue
DecodePointer
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
GetCommandLineW
HeapSetInformation
GetTickCount
GetStartupInfoW
ExitProcess
SetEndOfFile
TlsFree
GetProfileIntW
GlobalSize
GlobalUnlock
GlobalLock
TlsAlloc
InterlockedIncrement
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFileAttributesW
SetFilePointer
SetFileAttributesW
GetFileSize
lstrlenA
WriteFile
SetNamedPipeHandleState
WaitNamedPipeW
ReadFile
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
lstrcmpiW
Process32NextW
Process32FirstW
GlobalFree
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileSectionW
DebugBreak
MulDiv
HeapDestroy
CreateProcessW
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
CreateMutexW
HeapReAlloc
HeapSize
VirtualProtect
RaiseException
CreateEventW
GetCurrentThreadId
WaitForSingleObject
InterlockedExchange
InitializeCriticalSectionAndSpinCount
ResumeThread
CreateThread
TerminateThread
ResetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
CreateDirectoryW
GetModuleFileNameW
GetSystemInfo
GetVersionExW
GetModuleHandleW
GetCurrentProcess
CreateFileW
InterlockedDecrement
LocalFree
GetSystemDefaultLCID
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CopyFileW
OutputDebugStringW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
MoveFileW
GetWindowsDirectoryW
DeleteFileW
SetEvent
CloseHandle
CreateEventA
GetLastError
FormatMessageA
SetEnvironmentVariableA
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
QueryPerformanceCounter
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetLastError
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
ExitThread
CompareStringW
GetCPInfo
LCMapStringW
RtlUnwind
VirtualQuery
SystemTimeToFileTime

user32

TrackMouseEvent
SetWindowTextW
CreateAcceleratorTableW
GetWindowRgn
FrameRect
DrawFocusRect
FillRect
PeekMessageW
GetCapture
EndPaint
SendMessageW
FindWindowW
GetWindowThreadProcessId
BeginPaint
GetWindowRect
ShowWindow
ScreenToClient
MoveWindow
ExitWindowsEx
GetSystemMetrics
MonitorFromWindow
GetMonitorInfoW
SystemParametersInfoW
IsIconic
GetParent
RegisterClassW
DestroyWindow
PostMessageW
CreateWindowExW
DefWindowProcW
DrawTextW
CopyImage
MapWindowPoints
ReleaseDC
UpdateLayeredWindow
SetWindowRgn
GetUpdateRect
CallWindowProcW
ReleaseCapture
SetCapture
GetPropW
SetPropW
GetForegroundWindow
ClientToScreen
GetDesktopWindow
GetWindowLongW
SetWindowLongW
GetCursorPos
GetFocus
IsChild
wvsprintfW
CopyRect
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
EqualRect
InflateRect
OffsetRect
IntersectRect
UnionRect
CharLowerW
CharNextW
GetKeyState
SetCursor
LoadCursorW
InvalidateRect
CreateCaret
ShowCaret
HideCaret
SetCaretPos
SetTimer
KillTimer
GetSysColor
SetWindowPos
GetDoubleClickTime
IsWindow
GetWindow
GetWindowTextW
WindowFromPoint
RegisterClipboardFormatW
InvalidateRgn
GetClientRect
GetDC
GetClassInfoExW
RegisterClassExW
EnableWindow
GetMessageW
SetFocus
TranslateMessage
DispatchMessageW
PostQuitMessage
GetLastActivePopup

gdi32

DeleteDC
SetDIBits
CreatePatternBrush
CreatePen
EnumFontFamiliesW
CreateFontW
SetStretchBltMode
StretchBlt
SelectClipRgn
OffsetClipRgn
LineTo
ArcTo
GetStockObject
Rectangle
Ellipse
Polygon
CreateCompatibleBitmap
SetTextColor
FillRgn
FrameRgn
GetRgnBox
CopyMetaFileW
PtInRegion
CreateSolidBrush
SetPixel
RestoreDC
SaveDC
GetClipBox
MoveToEx
GetCharABCWidthsW
GetTextExtentPoint32W
GetDIBits
CreateRectRgn
CreateRoundRectRgn
OffsetRgn
SetWindowOrgEx
BitBlt
CombineRgn
CreateRectRgnIndirect
GetPixel
CreateDIBSection
SetBkMode
CreateCompatibleDC
GetDeviceCaps
GetObjectW
AddFontResourceW
SetWorldTransform
GetObjectA
SetGraphicsMode
SelectObject
DeleteObject
Polyline

advapi32

RegQueryValueExW
SetNamedSecurityInfoW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
CloseServiceHandle
DeleteService
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyW
RegCreateKeyExW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW

shell32

SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW
SHGetFolderPathW
ord165
ord680
SHAddToRecentDocs
SHGetFolderPathAndSubDirW
SHFileOperationW
ord43
CommandLineToArgvW

ole32

CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
IIDFromString
DoDragDrop
OleLockRunning
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CLSIDFromString
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeSecurity
OleRun

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
SysAllocStringLen
VariantCopy
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
DispCallFunc
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
GetErrorInfo
LoadTypeLi

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
HttpOpenRequestW

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipTranslateWorldTransform
GdipResetWorldTransform
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectWithAngleI
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipDrawLineI
GdipDrawRectangleI
GdipDrawEllipseI
GdipGraphicsClear
GdipRotateWorldTransform
GdipFillEllipseI
GdipDrawString
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipMeasureString
GdipDrawImageI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipFillRectangleI
GdipDrawLines
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipGetFamily
GdipLoadImageFromStream
GdipSaveImageToStream
GdipGetImageFlags
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream

winmm

timeKillEvent
timeSetEvent

ws2_32

WSACleanup
inet_ntoa
WSAStartup
gethostbyname
gethostname

urlmon

UrlMkGetSessionOption

comctl32

ord17

Sections

.text
Size: 1023KB - Virtual size: 1022KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

847dec6233c8cf9492776dfd5bad98a2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:bc:d2:37:50:15:36:99:e1:f5:9a:ce:47:7a:6d:e0:70Certificate

Extended Key Usages

Key Usages

28:b8:ac:65:84:04:ce:84:03:f9:f1:ce:20:62:f9:0a:dc:23:68:37Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

msimg32

gdiplus

winmm

ws2_32

urlmon

comctl32

Sections

.text Size: 1023KB - Virtual size: 1022KB

.rdata Size: 287KB - Virtual size: 286KB

.data Size: 33KB - Virtual size: 51KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 106KB - Virtual size: 106KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:bc:d2:37:50:15:36:99:e1:f5:9a:ce:47:7a:6d:e0:70
Certificate

28:b8:ac:65:84:04:ce:84:03:f9:f1:ce:20:62:f9:0a:dc:23:68:37
Signer

.text
Size: 1023KB - Virtual size: 1022KB

.rdata
Size: 287KB - Virtual size: 286KB

.data
Size: 33KB - Virtual size: 51KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 106KB - Virtual size: 106KB