2024-01-11_2dde4e6502e76fba0a052bec9b403f33_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-11_2dde4e6502e76fba0a052bec9b403f33_mafia
Size

5.5MB
MD5

2dde4e6502e76fba0a052bec9b403f33
SHA1

3b1813df1047c9d65dc114dbeadc1c0d91837c7d
SHA256

da209815983e78198a1698e41c7b6eb55aeba2957b86d3347286f0075a3fe47b
SHA512

ea673ba23ad8e3716fe0542020764d6e87d3b432baa8b2320dc02f7bde3c6b1efd15fbec6b1cfe1c839ebc3c62c0081f5537c377a7ed7962d8e39e44019ac9e1
SSDEEP

98304:oYspokfx2lQCS1AQwGoDbnHaCgJIy9Rf7PA:onpoflQzctDbHS9ZI

Score

1^/10

Malware Config

Signatures

Files

2024-01-11_2dde4e6502e76fba0a052bec9b403f33_mafia
.exe windows:5 windows x86 arch:x86

5ecae3174db18151bb1ed58a66fbd08a

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f2:70:50:fa:bf:4f:35:36:03:b0:6e:10:f2:30:ce:61:34:f5:ee:ca
Signer

Actual PE Digest

f2:70:50:fa:bf:4f:35:36:03:b0:6e:10:f2:30:ce:61:34:f5:ee:ca

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
sendto
gethostbyname
WSACleanup
WSAStartup
inet_ntoa
gethostname
freeaddrinfo
getaddrinfo
ioctlsocket
getsockopt
__WSAFDIsSet
WSAGetLastError
select
recv
send
setsockopt
closesocket
accept
getnameinfo
connect
getsockname
listen
getservbyname
bind
htonl
WSASocketA
WSAIoctl
recvfrom
inet_addr
shutdown
ntohs
getpeername
htons
socket

dbghelp

MiniDumpWriteDump

shlwapi

PathIsRootW
PathAppendW
StrCmpIW
PathFindExtensionW
StrCpyW
PathAddExtensionW
PathRemoveExtensionW
PathFindFileNameW
StrStrIW
SHSetValueW
SHDeleteKeyW
SHGetValueW
SHDeleteValueW
PathRemoveFileSpecW
PathFileExistsW
StrFormatByteSizeW

wininet

InternetReadFile
InternetGetCookieExW
InternetOpenUrlW
HttpQueryInfoA
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache
InternetSetOptionA
HttpQueryInfoW
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetSetCookieW

iphlpapi

GetBestInterface
GetIfEntry
GetAdaptersInfo

psapi

GetModuleFileNameExW

winmm

mixerClose
mixerGetControlDetailsW
mixerGetLineInfoW
mixerOpen
mixerGetLineControlsW
timeGetTime
waveOutSetVolume
waveOutGetVolume

rpcrt4

UuidCreate
UuidToStringW

dsound

ord3

kernel32

TlsSetValue
TlsFree
FreeEnvironmentStringsW
TlsAlloc
TlsGetValue
GetCPInfo
ExitThread
GetConsoleMode
GetConsoleCP
HeapCreate
FindFirstFileExW
UnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
ExitProcess
FindResourceExW
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
CreateDirectoryW
GlobalLock
OutputDebugStringW
GetModuleHandleW
GlobalAlloc
InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
MulDiv
GetModuleFileNameW
lstrcmpW
MultiByteToWideChar
lstrlenW
GlobalUnlock
FlushInstructionCache
RaiseException
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
LockResource
CreateEventW
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
GetFileSize
InterlockedCompareExchange
ReadFile
CreateFileW
GlobalFree
lstrlenA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentDirectoryW
LoadLibraryW
OutputDebugStringA
FindFirstFileW
GetDriveTypeA
GetSystemDirectoryW
GetVersionExW
GetLogicalDriveStringsA
FindClose
Process32FirstW
GlobalMemoryStatusEx
IsValidCodePage
GetDiskFreeSpaceA
GetSystemInfo
Process32NextW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
DeleteFileW
SetFileAttributesW
WideCharToMultiByte
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateThread
Sleep
WriteFile
GetFileAttributesW
TryEnterCriticalSection
InitializeCriticalSection
SetInformationJobObject
CreateJobObjectW
GetTickCount
AssignProcessToJobObject
OpenJobObjectW
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
GetLocalTime
WaitForSingleObject
SetEvent
TerminateThread
CopyFileW
FileTimeToSystemTime
MoveFileW
FileTimeToLocalFileTime
lstrcpyW
InterlockedExchange
SetThreadExecutionState
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
DeviceIoControl
CreateMutexA
ReleaseMutex
CreateEventA
ResetEvent
SetThreadPriority
GetThreadPriority
GetLogicalDrives
GetTimeZoneInformation
GetSystemTimeAsFileTime
OpenProcess
TerminateProcess
WaitForMultipleObjects
IsBadReadPtr
GetDriveTypeW
GlobalHandle
lstrcpynW
VirtualProtect
LoadLibraryA
ExpandEnvironmentStringsW
FlushFileBuffers
SetHandleInformation
GetStartupInfoW
GetStdHandle
CreatePipe
GlobalReAlloc
GetFileAttributesA
GetFileAttributesExW
DeleteFileA
GetFullPathNameW
GetFullPathNameA
SetFilePointer
SetEndOfFile
QueryPerformanceCounter
UnlockFile
LockFile
FormatMessageA
GetTempPathW
LockFileEx
GetTempPathA
GetSystemTime
AreFileApisANSI
LCMapStringW
CompareStringW
SetHandleCount
GetFileType
SetEnvironmentVariableA
GetFileInformationByHandle
PeekNamedPipe
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetDateFormatW
InterlockedPushEntrySList
GetTimeFormatW
GetDateFormatA
GetTimeFormatA
RtlUnwind
HeapSetInformation
GetCommandLineW
GetComputerNameW
GetVersionExA
SetEnvironmentVariableW
GetEnvironmentVariableW
GetLogicalDriveStringsW
GetLongPathNameW
SetFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WriteConsoleW
OpenEventA
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
LocalFileTimeToFileTime
CreateFileMappingW
CreateMutexW
LocalFree
GetLocaleInfoW
DecodePointer
EncodePointer
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
GetEnvironmentStringsW
VirtualFree
IsProcessorFeaturePresent
RemoveDirectoryW

user32

CreateDesktopW
wvsprintfA
wsprintfA
GetSystemMetrics
SetTimer
KillTimer
SetRect
IsWindowVisible
DrawTextW
ShowWindow
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
GetMessageW
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
GetFocus
GetParent
InvalidateRgn
LoadCursorW
FindWindowW
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
wsprintfW
CheckMenuRadioItem
TranslateMessage
RegisterClassExW
InvalidateRect
GetWindowLongW
GetWindowTextW
PeekMessageW
GetClassNameW
GetDlgItem
RedrawWindow
GetDesktopWindow
GetSysColor
SetWindowPos
IsWindow
CreateWindowExW
MessageBoxW
ReleaseCapture
SendMessageW
SetWindowTextW
GetTopWindow
WindowFromPoint
GetForegroundWindow
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageW
CreateDialogIndirectParamW
DialogBoxParamW
EndDialog
GetMenuItemID
GetMenuItemCount
CloseClipboard
EmptyClipboard
GetSysColorBrush
OpenClipboard
SetClipboardData
IntersectRect
DisableProcessWindowsGhosting
EqualRect
AppendMenuW
CallWindowProcW
DefWindowProcW
GetWindow
MoveWindow
DispatchMessageW
SetRectEmpty
RegisterClassW
IsRectEmpty
SetCursor
GetCapture
BringWindowToTop
GetKeyState
UnregisterHotKey
RegisterHotKey
UpdateLayeredWindow
GetWindowDC
UpdateWindow
EnumDisplayMonitors
GetMonitorInfoW
LoadMenuW
EnableMenuItem
RemoveMenu
DestroyMenu
CheckMenuItem
SendMessageA
SetLayeredWindowAttributes
CreateDialogParamW
PostQuitMessage
SetActiveWindow
IsIconic
PostMessageW
IsZoomed
CopyRect
MonitorFromRect
OffsetRect
MapWindowPoints
SetForegroundWindow
IsWindowEnabled
GetCursorPos
LoadImageW
RegisterDeviceNotificationW
GetWindowThreadProcessId
SetWindowRgn
PtInRect
InflateRect
SystemParametersInfoW
TrackPopupMenu
UnregisterClassA
DestroyIcon
GetDlgCtrlID
GetActiveWindow
MonitorFromWindow
GetSubMenu
ReleaseDC
ModifyMenuW
ExitWindowsEx
EnableWindow
PostThreadMessageW
GetWindowRect
GetDC
ShowCursor
SetWindowLongW

gdi32

CreatePen
LineTo
SaveDC
RoundRect
DPtoLP
Rectangle
CreateRectRgn
CombineRgn
SetPixel
RestoreDC
CreateFontIndirectW
ExtTextOutW
CreateRoundRectRgn
GetTextExtentPoint32W
SetTextColor
CreateDIBSection
SetBkColor
SetBkMode
BitBlt
DeleteDC
GetDeviceCaps
DeleteObject
CreateFontW
GetTextColor
ExtSelectClipRgn
GetClipBox
CreateRectRgnIndirect
SelectClipRgn
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
CreateSolidBrush
GetStockObject
MoveToEx

advapi32

OpenProcessToken
RegQueryInfoKeyW
InitializeSecurityDescriptor
IsTextUnicode
RegOpenKeyExA
RegOpenKeyW
RegDeleteKeyW
SetSecurityDescriptorDacl
RegDeleteValueW
RegQueryValueExA
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

shell32

ShellExecuteExW
SHChangeNotify
Shell_NotifyIconW
DragQueryFileW
SHGetDesktopFolder
SHGetPathFromIDListW
ord4
ord165
SHBrowseForFolderW
SHGetMalloc
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW
ord2
SHFileOperationW

ole32

CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleCreate
StgCreateDocfile
CoCreateGuid
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
OleSetContainedObject
OleDraw
OleUninitialize
OleInitialize
CoCreateInstance
OleLockRunning
CoTaskMemRealloc
StringFromGUID2

oleaut32

GetErrorInfo
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
LoadRegTypeLi
SysFreeString
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
VariantClear
SysStringLen
SysAllocString

comctl32

ImageList_Create
InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend
TransparentBlt
GradientFill

urlmon

CoInternetSetFeatureEnabled
UrlMkGetSessionOption

winhttp

WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpCrackUrl
WinHttpReceiveResponse

imagehlp

ImageGetCertificateHeader
ImageGetCertificateData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

wintrust

WinVerifyTrust

crypt32

CryptVerifyMessageSignature

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 899KB - Virtual size: 898KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 763KB - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ecae3174db18151bb1ed58a66fbd08a

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:deCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

f2:70:50:fa:bf:4f:35:36:03:b0:6e:10:f2:30:ce:61:34:f5:ee:caSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

dbghelp

shlwapi

wininet

iphlpapi

psapi

winmm

rpcrt4

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

urlmon

winhttp

imagehlp

version

comdlg32

wintrust

crypt32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 899KB - Virtual size: 898KB

.data Size: 128KB - Virtual size: 156KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 763KB - Virtual size: 764KB

.reloc Size: 211KB - Virtual size: 210KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

f2:70:50:fa:bf:4f:35:36:03:b0:6e:10:f2:30:ce:61:34:f5:ee:ca
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 899KB - Virtual size: 898KB

.data
Size: 128KB - Virtual size: 156KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 763KB - Virtual size: 764KB

.reloc
Size: 211KB - Virtual size: 210KB