2024-01-01_294abb64de49ce8c00ecb6408a490d72_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-01_294abb64de49ce8c00ecb6408a490d72_mafia
Size

1.7MB
MD5

294abb64de49ce8c00ecb6408a490d72
SHA1

36350a3e6896738f1dee022575925aa22bc97a2f
SHA256

ce13f8c64d00b37564d8818475df2e771aee2ed57050ed1040841d4c8383a8e1
SHA512

5c8d831c66d66d6ef4839c72be76788e0c79c85af77b80ea448f9faf3396ddd31707264a9a41102221701e6ee6d156a08631687ed603c5242829324c778437da
SSDEEP

24576:i7as/JU4NFomE/M3U15W8uvQd77TLLwrk1Z+CdlUl8Rq43VqEnUkEJ74m9:sas/JU4NhhIRLwrk1sCXUiN3VCFl

Score

1^/10

Malware Config

Signatures

Files

2024-01-01_294abb64de49ce8c00ecb6408a490d72_mafia
.exe windows:5 windows x86 arch:x86

0ba3af1e893df4b34ee00b61b072cec1

Code Sign

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:ce:22:93:bb:80:6f
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

04/06/2013, 20:23

Not After

07/09/2016, 17:18

Subject

CN=北京天神互动科技有限公司,O=北京天神互动科技有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c207a68616e676368756e70696e67407469616e7368656e6875646f6e672e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:87:12:d8:55:30:a5:fb:cd:48:ae:7f:01:67:c9:62:7d:12:52:c9
Signer

Actual PE Digest

78:87:12:d8:55:30:a5:fb:cd:48:ae:7f:01:67:c9:62:7d:12:52:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
SetFileAttributesA
FindClose
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateFileA
lstrlenW
CreateProcessW
CloseHandle
SetFilePointer
ReadFile
SetEndOfFile
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
CompareStringW
LoadLibraryW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
SetLastError
TlsFree
DeleteFileW
GetLastError
GetModuleFileNameW
WriteFile
SizeofResource
LoadResource
CreateFileW
FindResourceW
TlsSetValue
TlsGetValue
TlsAlloc
GetEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
Sleep
EncodePointer
DecodePointer
HeapFree
MoveFileA
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapAlloc
RtlUnwind
LCMapStringW
GetCPInfo
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsW
GetProcessHeap

user32

DialogBoxParamW
wsprintfW
EndDialog
PostQuitMessage
EndPaint
BeginPaint
LoadStringW
DestroyWindow
DefWindowProcW
UpdateWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
MessageBoxW

advapi32

RegCreateKeyW
GetUserNameW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

shlwapi

PathAppendA

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ba3af1e893df4b34ee00b61b072cec1

Code Sign

19:9d:f8:8eCertificate

Key Usages

1b:ce:22:93:bb:80:6fCertificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

78:87:12:d8:55:30:a5:fb:cd:48:ae:7f:01:67:c9:62:7d:12:52:c9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Sections

.text Size: 110KB - Virtual size: 110KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 155KB - Virtual size: 4.2MB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 23KB - Virtual size: 22KB

19:9d:f8:8e
Certificate

1b:ce:22:93:bb:80:6f
Certificate

3d
Certificate

78:87:12:d8:55:30:a5:fb:cd:48:ae:7f:01:67:c9:62:7d:12:52:c9
Signer

.text
Size: 110KB - Virtual size: 110KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 155KB - Virtual size: 4.2MB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 23KB - Virtual size: 22KB