2025-03-12_5b7cf52155754788f5277ef7745306ec_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-12_5b7cf52155754788f5277ef7745306ec_mafia
Size

6.6MB
MD5

5b7cf52155754788f5277ef7745306ec
SHA1

57429d324340031d73f92824cfeb4a5bd2307348
SHA256

d76b1a7ffd0c9b3d86de88fd6bc34831d712cb4c143cde6d0e8221382dd4db94
SHA512

c0bf42f1e0be7d587d7f3d8fcc9367df2d7de98281e889b3a0c3af029cf590cb04a879b116c6e957caf2bc5b3e39a5513b5720e7a82011d3428b09eafe32917e
SSDEEP

49152:Eer5tvO2nzs4h9TsYaK9YxtP9PBZiqRouij6sBR4u8nn:X/vO2nQkaYMz5ZitP60R4u8n

Score

1^/10

Malware Config

Signatures

Files

2025-03-12_5b7cf52155754788f5277ef7745306ec_mafia
.exe windows:5 windows x86 arch:x86

1fc99b3f25e0436062507c75670b0e00

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:4f:4d:ea:a5:0c:13:c8:84:b8:12:e2:21:c6:bc:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/11/2022, 00:00

Not After

29/11/2025, 23:59

Subject

CN=DevEnterprise Software,O=DevEnterprise Software,ST=KwaZulu-Natal,C=ZA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:4f:4d:ea:a5:0c:13:c8:84:b8:12:e2:21:c6:bc:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/11/2022, 00:00

Not After

29/11/2025, 23:59

Subject

CN=DevEnterprise Software,O=DevEnterprise Software,ST=KwaZulu-Natal,C=ZA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:53:c1:74:24:28:dc:b8:1c:76:55:16:82:91:8e:4f:5c:49:1f:ba:83:b7:8b:85:78:a9:5e:1e:81:70:61:a1
Signer

Actual PE Digest

e1:53:c1:74:24:28:dc:b8:1c:76:55:16:82:91:8e:4f:5c:49:1f:ba:83:b7:8b:85:78:a9:5e:1e:81:70:61:a1

Digest Algorithm

sha256

PE Digest Matches

false

8a:29:0d:de:a6:f5:3c:5b:5c:2c:c3:3c:42:f2:3c:0b:7e:07:12:b4
Signer

Actual PE Digest

8a:29:0d:de:a6:f5:3c:5b:5c:2c:c3:3c:42:f2:3c:0b:7e:07:12:b4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendCommandW
mciSendStringW

kernel32

GlobalSize
MulDiv
GetTickCount
FileTimeToSystemTime
GetDiskFreeSpaceExW
LocalUnlock
LocalLock
GetVolumeInformationW
GetCurrentProcessId
ExpandEnvironmentStringsA
LoadLibraryA
CreateFileW
SetFilePointer
ReadFile
WriteFile
GetFileTime
GetFileSize
GetFileAttributesW
DeleteFileW
GetTempFileNameW
WideCharToMultiByte
FormatMessageW
LocalAlloc
LocalFree
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesExW
AreFileApisANSI
CreateMutexW
CreateEventW
ReleaseMutex
SetEvent
TerminateThread
GetExitCodeProcess
ResetEvent
PeekNamedPipe
WaitForMultipleObjects
CreatePipe
DuplicateHandle
CreateProcessW
TerminateProcess
GetTimeZoneInformation
GetDriveTypeW
DeviceIoControl
ExitProcess
QueryPerformanceCounter
GetFileType
SetHandleCount
LoadLibraryW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
HeapSize
HeapReAlloc
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetCPInfo
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineW
RtlUnwind
InitializeCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetNumberFormatW
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
DosDateTimeToFileTime
CompareFileTime
GetTempPathW
SystemTimeToFileTime
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetLocalTime
GetDateFormatW
LockResource
lstrlenA
lstrcpynW
lstrcmpW
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FreeLibrary
lstrcmpiW
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
lstrlenW
lstrcpyW
lstrcatW
SetLastError
CreateThread
WaitForSingleObject
Sleep
CloseHandle
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetEnvironmentStringsW

user32

GetClipboardData
CloseClipboard
IsMenu
wsprintfW
PostQuitMessage
OpenClipboard
IsZoomed
IsIconic
SetMenu
GetMenu
ModifyMenuW
LoadIconW
KillTimer
SetTimer
DestroyIcon
GetWindowTextLengthW
GetSystemMenu
SetDlgItemTextW
IsClipboardFormatAvailable
GetDlgItemTextW
CheckDlgButton
EndDialog
GetCursor
GetWindowPlacement
IsWindowEnabled
ClientToScreen
GetMenuItemCount
RemoveMenu
InsertMenuW
GetFocus
GetWindowLongA
SetWindowLongA
IsWindowUnicode
CallWindowProcA
FindWindowExW
SetRectEmpty
AppendMenuW
GetForegroundWindow
SendDlgItemMessageW
GetClassNameW
GetKeyState
CharLowerW
RegisterWindowMessageW
WindowFromPoint
FrameRect
GetWindowThreadProcessId
MessageBeep
CheckMenuRadioItem
LoadStringA
IsDialogMessageW
TranslateAcceleratorW
GetCapture
DrawEdge
IsDlgButtonChecked
GetMessagePos
UnregisterClassA
UpdateWindow
PtInRect
ReleaseCapture
LoadBitmapW
SetCapture
GetWindowDC
InflateRect
OffsetRect
DrawFrameControl
DrawStateW
GetSubMenu
DestroyMenu
GetWindowTextW
EndPaint
BeginPaint
RedrawWindow
GetCursorPos
TrackPopupMenuEx
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
PostMessageW
SetFocus
GetSysColor
DrawFocusRect
DrawTextW
GetSystemMetrics
GetDC
GetSysColorBrush
FillRect
TrackMouseEvent
GetDlgItem
ReleaseDC
SetWindowsHookExW
CallWindowProcW
CallNextHookEx
UnhookWindowsHookEx
ScreenToClient
MoveWindow
CheckMenuItem
IsWindowVisible
EnableMenuItem
InvalidateRect
SendMessageW
RegisterClipboardFormatW
DefWindowProcW
MessageBoxW
LoadStringW
LoadMenuW
LoadAcceleratorsW
CreateWindowExW
GetClassInfoExW
LoadImageW
RegisterClassExW
CharNextW
LoadCursorW
SetCursor
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetWindowLongW
DestroyWindow
GetActiveWindow
EnableWindow
CreateDialogParamW
DialogBoxParamW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
ShowWindow
SetWindowTextW
SetWindowLongW
CreatePopupMenu

gdi32

CreateFontIndirectW
GetObjectW
ExtTextOutW
CreateCompatibleBitmap
SetBkColor
SetTextColor
SetBkMode
GetTextMetricsW
GetStockObject
GetTextExtentPoint32W
ExcludeClipRect
SetBrushOrgEx
CreateBitmap
CreatePatternBrush
PatBlt
GetDeviceCaps
SelectObject
BitBlt
DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
CreateSolidBrush

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExW

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderLocation
ord25
DragQueryPoint
DragQueryFileW
DragFinish
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListW
ord18
ord17
ord16
ord155
ord4
ord2
ShellExecuteExW

ole32

DoDragDrop
OleInitialize
CoLockObjectExternal
CoCreateInstance
CoTaskMemRealloc
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree
RevokeDragDrop
RegisterDragDrop
OleUninitialize

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr

comctl32

InitCommonControlsEx
ImageList_Draw
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_ReplaceIcon
ImageList_Add
CreateStatusWindowW
ImageList_GetImageCount
PropertySheetW

msimg32

GradientFill

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 750KB - Virtual size: 750KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fc99b3f25e0436062507c75670b0e00

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

5e:4f:4d:ea:a5:0c:13:c8:84:b8:12:e2:21:c6:bc:29Certificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

5e:4f:4d:ea:a5:0c:13:c8:84:b8:12:e2:21:c6:bc:29Certificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

e1:53:c1:74:24:28:dc:b8:1c:76:55:16:82:91:8e:4f:5c:49:1f:ba:83:b7:8b:85:78:a9:5e:1e:81:70:61:a1Signer

8a:29:0d:de:a6:f5:3c:5b:5c:2c:c3:3c:42:f2:3c:0b:7e:07:12:b4Signer

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

version

Sections

.text Size: 750KB - Virtual size: 750KB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 29KB - Virtual size: 40KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 1.3MB - Virtual size: 1.3MB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

5e:4f:4d:ea:a5:0c:13:c8:84:b8:12:e2:21:c6:bc:29
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

5e:4f:4d:ea:a5:0c:13:c8:84:b8:12:e2:21:c6:bc:29
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

e1:53:c1:74:24:28:dc:b8:1c:76:55:16:82:91:8e:4f:5c:49:1f:ba:83:b7:8b:85:78:a9:5e:1e:81:70:61:a1
Signer

8a:29:0d:de:a6:f5:3c:5b:5c:2c:c3:3c:42:f2:3c:0b:7e:07:12:b4
Signer

.text
Size: 750KB - Virtual size: 750KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 29KB - Virtual size: 40KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 1.3MB - Virtual size: 1.3MB