2024-01-08_00a3914dd34b8ed1567db447e65bcf54_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-08_00a3914dd34b8ed1567db447e65bcf54_mafia
Size

1.9MB
MD5

00a3914dd34b8ed1567db447e65bcf54
SHA1

365190834c17cffa8ea3688ada0f1d93a9533fb7
SHA256

7ad1bafdd1db1002b0402f35ed6940765aa767ab627e832c9e72275ceca85849
SHA512

366f95fe8fa4c65ad167a664bf25a30c1aad4baac310a217e1903d67e56c682315eb41ba8d42f9474ac3d703f9ec0a871674b10b37acefc6acfac7ddb8d456c6
SSDEEP

49152:D/tYN6uZzE5ULEWpbtsDVGhKVlR3JtkB/yTJXYtnM:D/HaPLEWpbtsDiKVrrkxCitM

Score

1^/10

Malware Config

Signatures

Files

2024-01-08_00a3914dd34b8ed1567db447e65bcf54_mafia
.exe windows:5 windows x86 arch:x86

210111709379c252a7ec0ac666c977e7

Code Sign

32:5a:37:37:b8:92:6a:78:35:f0:23:96:3d:83:8f:cc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10-04-2014 00:00

Not After

08-06-2016 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=移动云,O=Baidu Online Network Technology (Beijing) Co.\,Ltd,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:6a:d4:90:ec:ff:12:87:23:21:ed:3a:00:02:1c:20:06:7e:bd:19
Signer

Actual PE Digest

76:6a:d4:90:ec:ff:12:87:23:21:ed:3a:00:02:1c:20:06:7e:bd:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipImageSelectActiveFrame
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipFree
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipSetSmoothingMode
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromFile
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawImageRectRect

kernel32

GlobalAlloc
GlobalLock
CreateEventA
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedExchangeAdd
GetLastError
TlsAlloc
CloseHandle
WaitForSingleObject
SetEvent
PostQueuedCompletionStatus
SetLastError
GetProcAddress
CreateMutexW
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryW
FreeLibrary
GetTempPathW
GetTickCount
ExpandEnvironmentStringsW
TerminateProcess
GetCurrentProcess
GlobalUnlock
CreateProcessW
lstrcpynW
lstrlenW
lstrcpynA
lstrlenA
GetVersionExW
MultiByteToWideChar
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
DeleteCriticalSection
InitializeCriticalSection
TlsFree
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
lstrcmpiW
RaiseException
LoadLibraryExW
GetModuleFileNameW
CreateMutexA
FlushInstructionCache
MulDiv
lstrcmpW
CreateThread
CreateFileW
GetFileSize
SetFilePointer
WriteFile
Sleep
CreateIoCompletionPort
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GetQueuedCompletionStatus
SetWaitableTimer
InterlockedCompareExchange
TlsSetValue
TlsGetValue
SleepEx
CreateEventW
CreateWaitableTimerW
GetEnvironmentVariableW
FindFirstFileW
CreateDirectoryW
ReleaseSemaphore
CreateSemaphoreA
ReadFile
MoveFileW
FindClose
FindNextFileW
FreeResource
GetCurrentProcessId
WideCharToMultiByte
MapViewOfFile
UnmapViewOfFile
DuplicateHandle
ResumeThread
CreateFileMappingW
GetTempPathA
GetEnvironmentVariableA
GetModuleFileNameA
GetSystemDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
CreatePipe
GetStartupInfoA
CreateProcessA
LockResource
GetStartupInfoW
GetFileAttributesW
GetVolumeInformationW
GetModuleHandleA
CreateFileA
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteFileA
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSetInformation
ExitThread
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExW
VirtualProtect
GetSystemInfo
VirtualQuery
GetTimeFormatA
GetDateFormatA
RtlUnwind
LCMapStringW
GetCPInfo
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineW
ExitProcess
GetStdHandle
HeapCreate
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
LoadResource
FindResourceW
HeapReAlloc
GetFileType
GetFullPathNameW
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
FlushFileBuffers
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
SetEndOfFile
HeapSize
SetEnvironmentVariableA
OpenEventA
ResetEvent
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
DeviceIoControl
AreFileApisANSI
GetVersion
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
GetVolumeInformationA
GlobalFree
GetStringTypeW
EncodePointer
DecodePointer
SetConsoleCtrlHandler
SizeofResource
ReadConsoleInputA
SetConsoleMode
DeleteFileW

user32

DispatchMessageW
GetWindow
MonitorFromWindow
TranslateMessage
GetMessageW
RegisterClassExW
LoadCursorW
DestroyAcceleratorTable
InvalidateRgn
ReleaseCapture
SetCapture
MoveWindow
CharNextW
GetParent
CreateAcceleratorTableW
GetDlgItem
GetMonitorInfoW
MonitorFromPoint
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenuEx
DestroyMenu
CreatePopupMenu
PeekMessageW
MapWindowPoints
LoadMenuW
LoadAcceleratorsW
LoadImageW
wvsprintfW
IsChild
UnregisterDeviceNotification
GetClassInfoExW
RedrawWindow
GetSysColor
GetClassNameW
CallWindowProcW
GetFocus
MessageBeep
DefWindowProcW
SetFocus
LoadStringA
CreateWindowExW
DestroyWindow
TranslateAcceleratorW
GetWindowTextLengthW
GetWindowTextW
PostMessageW
PtInRect
ScreenToClient
GetWindowRect
IsIconic
FillRect
DrawTextW
EndPaint
BeginPaint
PostQuitMessage
SetWindowPos
SetWindowLongW
GetWindowLongW
ShowWindow
SendMessageW
SetRect
GetClientRect
SetWindowTextW
ClientToScreen
IsWindowVisible
GetCursorPos
KillTimer
LoadStringW
ReleaseDC
GetDC
GetDesktopWindow
InvalidateRect
IsWindow
IsRectEmpty
RegisterWindowMessageW
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
SetTimer

gdi32

GetObjectW
CreateCompatibleBitmap
BitBlt
Rectangle
GetStockObject
TextOutW
SetBkMode
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
SetTextColor
CreateCompatibleDC
CreateFontIndirectW
GetDeviceCaps
SelectObject

advapi32

RegCreateKeyW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ord165
SHBrowseForFolderW

ole32

StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
OleUninitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoUninitialize
CoTaskMemFree

oleaut32

SysStringLen
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

PathFileExistsW
PathAppendW
SHGetValueW

comctl32

InitCommonControlsEx
_TrackMouseEvent

ws2_32

getsockopt
bind
getsockname
inet_addr
listen
accept
select
WSARecv
__WSAFDIsSet
connect
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
setsockopt
ioctlsocket
WSASetLastError
WSAGetLastError
closesocket
WSACleanup
WSAStartup

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

210111709379c252a7ec0ac666c977e7

Code Sign

32:5a:37:37:b8:92:6a:78:35:f0:23:96:3d:83:8f:ccCertificate

Extended Key Usages

Key Usages

76:6a:d4:90:ec:ff:12:87:23:21:ed:3a:00:02:1c:20:06:7e:bd:19Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

iphlpapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 300KB - Virtual size: 300KB

.data Size: 80KB - Virtual size: 98KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 260KB - Virtual size: 259KB

.reloc Size: 97KB - Virtual size: 96KB

32:5a:37:37:b8:92:6a:78:35:f0:23:96:3d:83:8f:cc
Certificate

76:6a:d4:90:ec:ff:12:87:23:21:ed:3a:00:02:1c:20:06:7e:bd:19
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 300KB - Virtual size: 300KB

.data
Size: 80KB - Virtual size: 98KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 260KB - Virtual size: 259KB

.reloc
Size: 97KB - Virtual size: 96KB