2024-01-10_70dfca4ae6ac5a37c4c77d00e927c65e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-10_70dfca4ae6ac5a37c4c77d00e927c65e_mafia
Size

5.5MB
MD5

70dfca4ae6ac5a37c4c77d00e927c65e
SHA1

350925cc39dbb098bd8f069075251067752d13ac
SHA256

d0ffc8370c9c9956291e58587b9aa89a77530200c9593f8b5004477beed01a97
SHA512

2d2c84a9209a19b5145cd8ace56c4f87139d302b441db810a044cc11efbef4696f5741c73bc8816f26295746bc179a2b9ad2ff8bd14904e56d3d01e150c9d2e6
SSDEEP

98304:I6eXNSqwCm2W9R/6KKravZh6l0RNUwZn8O775i:I6eXNA2eUuvZhCynn8ii

Score

1^/10

Malware Config

Signatures

Files

2024-01-10_70dfca4ae6ac5a37c4c77d00e927c65e_mafia
.exe windows:5 windows x86 arch:x86

fb090c4c127b9334a99765eb778f8c92

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

68:5e:68:ac:a4:01:3c:da:83:e1:e1:f8:f4:4b:34:1a:1e:01:6b:24
Signer

Actual PE Digest

68:5e:68:ac:a4:01:3c:da:83:e1:e1:f8:f4:4b:34:1a:1e:01:6b:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
sendto
gethostbyname
WSACleanup
WSAStartup
inet_ntoa
gethostname
freeaddrinfo
getaddrinfo
ioctlsocket
getsockopt
__WSAFDIsSet
WSAGetLastError
select
recv
send
setsockopt
closesocket
accept
getnameinfo
connect
getsockname
listen
getservbyname
bind
htonl
WSASocketA
WSAIoctl
recvfrom
inet_addr
shutdown
ntohs
getpeername
htons
socket

dbghelp

MiniDumpWriteDump

shlwapi

StrFormatByteSizeW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
SHDeleteValueW
SHGetValueW
SHDeleteKeyW
SHSetValueW
StrStrIW
PathFindFileNameW
PathRemoveExtensionW
PathAddExtensionW
StrCpyW
PathFindExtensionW
StrCmpIW
PathIsRootW

wininet

InternetReadFile
InternetGetCookieExW
InternetOpenUrlW
HttpQueryInfoA
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache
InternetSetOptionA
HttpQueryInfoW
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetSetCookieW

iphlpapi

GetBestInterface
GetIfEntry
GetAdaptersInfo

psapi

GetModuleFileNameExW

winmm

mixerGetLineControlsW
mixerGetControlDetailsW
mixerOpen
mixerClose
mixerGetLineInfoW
timeGetTime
waveOutSetVolume
waveOutGetVolume

rpcrt4

UuidCreate
UuidToStringW

dsound

ord3

kernel32

GetConsoleMode
GetConsoleCP
TlsAlloc
TlsGetValue
TlsSetValue
IsProcessorFeaturePresent
VirtualFree
HeapCreate
GetFileType
SetHandleCount
VirtualAlloc
InterlockedPopEntrySList
HeapDestroy
TlsFree
FreeEnvironmentStringsW
ExitProcess
FindResourceExW
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
CreateDirectoryW
GlobalLock
OutputDebugStringW
GetModuleHandleW
GlobalAlloc
InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
MulDiv
GetModuleFileNameW
lstrcmpW
MultiByteToWideChar
lstrlenW
GlobalUnlock
FlushInstructionCache
RaiseException
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
LockResource
CreateEventW
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
GetFileSize
InterlockedCompareExchange
ReadFile
CreateFileW
GetTempPathW
GlobalFree
lstrlenA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentDirectoryW
LoadLibraryW
OutputDebugStringA
FindFirstFileW
GetDriveTypeA
GetSystemDirectoryW
GetVersionExW
GetLogicalDriveStringsA
FindClose
Process32FirstW
GlobalMemoryStatusEx
RemoveDirectoryW
GetDiskFreeSpaceA
GetSystemInfo
Process32NextW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
DeleteFileW
SetFileAttributesW
WideCharToMultiByte
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateThread
SetFilePointer
SystemTimeToFileTime
SetFileTime
WriteFile
GetFileAttributesW
LocalFileTimeToFileTime
Sleep
TryEnterCriticalSection
InitializeCriticalSection
SetInformationJobObject
CreateJobObjectW
GetTickCount
AssignProcessToJobObject
OpenJobObjectW
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
GetLocalTime
WaitForSingleObject
SetEvent
TerminateThread
CopyFileW
FileTimeToSystemTime
MoveFileW
FileTimeToLocalFileTime
lstrcpyW
InterlockedExchange
SetThreadExecutionState
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
DeviceIoControl
CreateMutexA
ReleaseMutex
CreateEventA
ResetEvent
SetThreadPriority
GetThreadPriority
GetLogicalDrives
GetTimeZoneInformation
GetSystemTimeAsFileTime
OpenProcess
TerminateProcess
WaitForMultipleObjects
IsBadReadPtr
GetDriveTypeW
GlobalHandle
lstrcpynW
VirtualProtect
LoadLibraryA
ExpandEnvironmentStringsW
FlushFileBuffers
SetHandleInformation
GetStartupInfoW
GetStdHandle
CreatePipe
GlobalReAlloc
GetFileAttributesA
GetFileAttributesExW
DeleteFileA
GetFullPathNameW
GetFullPathNameA
SetEndOfFile
QueryPerformanceCounter
UnlockFile
LockFile
FormatMessageA
LockFileEx
GetTempPathA
GetSystemTime
AreFileApisANSI
HeapReAlloc
HeapSize
GetStringTypeW
EncodePointer
DecodePointer
GetLocaleInfoW
LocalFree
CreateMutexW
CreateFileMappingW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetEnvironmentStringsW
GetLongPathNameW
GetLogicalDriveStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetVersionExA
GetComputerNameW
GetCommandLineW
HeapSetInformation
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetTimeFormatW
GetDateFormatW
GetCPInfo
ExitThread
FindFirstFileExW
UnhandledExceptionFilter
IsDebuggerPresent
LCMapStringW
CompareStringW
CreateWaitableTimerA
SetWaitableTimer
ResumeThread
OpenEventA
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
PeekNamedPipe
GetFileInformationByHandle
InterlockedPushEntrySList
SetEnvironmentVariableA
IsValidCodePage
GetOEMCP
GetACP

user32

WindowFromPoint
GetTopWindow
CreateDesktopW
wvsprintfA
wsprintfA
SetRect
IsWindowVisible
DrawTextW
ShowWindow
ClientToScreen
DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
GetMessageW
GetForegroundWindow
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageW
CreateDialogIndirectParamW
DialogBoxParamW
EndDialog
GetMenuItemID
GetMenuItemCount
CloseClipboard
EmptyClipboard
GetSysColorBrush
OpenClipboard
SetClipboardData
IntersectRect
DisableProcessWindowsGhosting
EqualRect
AppendMenuW
SetRectEmpty
RegisterClassW
IsRectEmpty
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
GetFocus
GetParent
InvalidateRgn
UnregisterClassA
DestroyIcon
GetDlgCtrlID
GetActiveWindow
MonitorFromWindow
ExitWindowsEx
SetCursor
GetCapture
BringWindowToTop
GetKeyState
UnregisterHotKey
RegisterHotKey
UpdateLayeredWindow
GetWindowDC
UpdateWindow
EnumDisplayMonitors
GetMonitorInfoW
CopyRect
MonitorFromRect
OffsetRect
MapWindowPoints
LoadImageW
RegisterDeviceNotificationW
GetWindowThreadProcessId
SetWindowRgn
PtInRect
InflateRect
LoadCursorW
FindWindowW
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
wsprintfW
GetDC
TranslateMessage
RegisterClassExW
InvalidateRect
GetWindowLongW
GetWindowTextW
PeekMessageW
GetClassNameW
ReleaseDC
GetDlgItem
SetWindowLongW
SystemParametersInfoW
TrackPopupMenu
GetSubMenu
ModifyMenuW
CheckMenuRadioItem
LoadMenuW
EnableMenuItem
RemoveMenu
DestroyMenu
CheckMenuItem
SendMessageA
SetLayeredWindowAttributes
CreateDialogParamW
PostQuitMessage
SetActiveWindow
IsIconic
PostMessageW
IsZoomed
SetForegroundWindow
IsWindowEnabled
RedrawWindow
GetDesktopWindow
SetWindowPos
IsWindow
CreateWindowExW
MessageBoxW
ReleaseCapture
SendMessageW
SetWindowTextW
CallWindowProcW
DefWindowProcW
GetWindow
MoveWindow
DispatchMessageW
GetCursorPos
EnableWindow
PostThreadMessageW
GetWindowRect
ShowCursor
GetSystemMetrics
SetTimer
KillTimer
EndPaint
GetSysColor

gdi32

ExtSelectClipRgn
GetClipBox
CreateRectRgnIndirect
SelectClipRgn
SetPixel
CombineRgn
CreateRectRgn
Rectangle
DPtoLP
RoundRect
MoveToEx
LineTo
CreatePen
SaveDC
RestoreDC
GetTextColor
ExtTextOutW
CreateRoundRectRgn
GetTextExtentPoint32W
SetTextColor
CreateDIBSection
SetBkColor
SetBkMode
BitBlt
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush
CreateFontIndirectW
CreateFontW

advapi32

RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyW
RegQueryValueExA
RegCreateKeyExW
RegOpenKeyW
InitializeSecurityDescriptor
RegDeleteKeyW
SetSecurityDescriptorDacl
RegDeleteValueW
RegOpenKeyExW
IsTextUnicode
RegOpenKeyExA
RegEnumKeyExW

shell32

SHGetPathFromIDListW
SHFileOperationW
SHGetMalloc
SHBrowseForFolderW
SHGetSpecialFolderPathW
ord4
ord2
SHGetDesktopFolder
DragQueryFileW
Shell_NotifyIconW
SHChangeNotify
ShellExecuteExW
ord165
SHCreateDirectoryExW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleCreate
StgCreateDocfile
CoCreateGuid
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
OleSetContainedObject
OleDraw
OleUninitialize
OleInitialize
CoCreateInstance
OleLockRunning
CoTaskMemRealloc
StringFromGUID2

oleaut32

VariantClear
SysAllocStringLen
OleCreateFontIndirect
SysStringLen
SysAllocString
GetErrorInfo
LoadTypeLi
VariantInit
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
LoadRegTypeLi
SysFreeString
VarUI4FromStr

comctl32

ImageList_Create
_TrackMouseEvent
InitCommonControlsEx

msimg32

GradientFill
TransparentBlt
AlphaBlend

urlmon

CoInternetSetFeatureEnabled
UrlMkGetSessionOption

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpCrackUrl
WinHttpReceiveResponse

imagehlp

ImageGetCertificateHeader
ImageGetCertificateData

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

wintrust

WinVerifyTrust

crypt32

CryptVerifyMessageSignature

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 898KB - Virtual size: 897KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 763KB - Virtual size: 763KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb090c4c127b9334a99765eb778f8c92

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:deCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

68:5e:68:ac:a4:01:3c:da:83:e1:e1:f8:f4:4b:34:1a:1e:01:6b:24Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

dbghelp

shlwapi

wininet

iphlpapi

psapi

winmm

rpcrt4

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

urlmon

winhttp

imagehlp

version

comdlg32

wintrust

crypt32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 898KB - Virtual size: 897KB

.data Size: 128KB - Virtual size: 156KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 763KB - Virtual size: 763KB

.reloc Size: 211KB - Virtual size: 210KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

68:5e:68:ac:a4:01:3c:da:83:e1:e1:f8:f4:4b:34:1a:1e:01:6b:24
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 898KB - Virtual size: 897KB

.data
Size: 128KB - Virtual size: 156KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 763KB - Virtual size: 763KB

.reloc
Size: 211KB - Virtual size: 210KB