2024-01-18_bd06b8354adca3c158cc1dd864a8e7a1_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-18_bd06b8354adca3c158cc1dd864a8e7a1_mafia
Size

2.0MB
MD5

bd06b8354adca3c158cc1dd864a8e7a1
SHA1

c22e42a4362018f832297c9bd7cb5811acdb886a
SHA256

3bbbe9a903ae89d6a0ea7e6b498aae44b2e9e87bda963d0c71c67bdcc085752e
SHA512

3071fd6ef95696564113a83368c0571649471b9b3bfed7882ccd60cc31e04917ec9021347808304bbd837c2b1a4f232ea0c36b7937f5ed0402152402f7893823
SSDEEP

49152:pylp+Ls0sbk4KRHWtoVlMKu+rqaitnVEn3Zl4hv:4DKt4KRHWK6K2tnVW3Q

Score

1^/10

Malware Config

Signatures

Files

2024-01-18_bd06b8354adca3c158cc1dd864a8e7a1_mafia
.exe windows:5 windows x86 arch:x86

21e8bdb184c356554273096165d4e583

Code Sign

48:01:c6:88:cd:91:b9:d3:e9:3b:ea:fb:47:c4:fd:07
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

27/01/2022, 10:38

Not After

27/01/2023, 10:38

Subject

CN=ChongQing YiSuTong Data Technology Co.\, Ltd,O=ChongQing YiSuTong Data Technology Co.\, Ltd,L=Chongqing,ST=Chongqing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:01:c6:88:cd:91:b9:d3:e9:3b:ea:fb:47:c4:fd:07
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

27/01/2022, 10:38

Not After

27/01/2023, 10:38

Subject

CN=ChongQing YiSuTong Data Technology Co.\, Ltd,O=ChongQing YiSuTong Data Technology Co.\, Ltd,L=Chongqing,ST=Chongqing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:30:ed:8c:4f:fc:a9:3d:b0:33:53:34:5e:a5:55:7f:46:7a:9d:c0:e8:b6:5b:ec:5e:d9:dc:12:e8:4d:8a:14
Signer

Actual PE Digest

e2:30:ed:8c:4f:fc:a9:3d:b0:33:53:34:5e:a5:55:7f:46:7a:9d:c0:e8:b6:5b:ec:5e:d9:dc:12:e8:4d:8a:14

Digest Algorithm

sha256

PE Digest Matches

true

4b:9d:2a:43:f5:3f:5d:db:a8:8f:be:f5:ce:8a:18:a4:30:9f:d1:f2
Signer

Actual PE Digest

4b:9d:2a:43:f5:3f:5d:db:a8:8f:be:f5:ce:8a:18:a4:30:9f:d1:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_ReplaceIcon
PropertySheetW
CreateStatusWindowW
InitCommonControlsEx
CreateToolbarEx
ord17
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Create
ImageList_Destroy
PropertySheetA

mpr

WNetCloseEnum
WNetOpenEnumA
WNetOpenEnumW
WNetEnumResourceW
WNetGetResourceParentA
WNetGetResourceParentW
WNetGetResourceInformationA
WNetGetResourceInformationW
WNetAddConnection2A
WNetAddConnection2W
WNetEnumResourceA

kernel32

GetProcAddress
LoadLibraryW
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcess
GetFileAttributesA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
CreateDirectoryA
DeleteFileA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
VirtualFree
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
AreFileApisANSI
GetTickCount
GlobalLock
GlobalUnlock
LoadLibraryExW
LoadLibraryExA
GetModuleFileNameW
LocalFree
FormatMessageW
FormatMessageA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetSystemDirectoryW
GetSystemDirectoryA
SetFileTime
SetFileAttributesW
SetFileAttributesA
RemoveDirectoryW
RemoveDirectoryA
MoveFileW
MoveFileA
GetModuleHandleW
CreateDirectoryW
SetCurrentDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetTempPathW
GetTempPathA
GetCurrentProcessId
GetCurrentThreadId
FindClose
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
GetFileAttributesW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstChangeNotificationA
GetLogicalDriveStringsW
GetLogicalDriveStringsA
DeviceIoControl
SetEndOfFile
GetFileInformationByHandle
GetVolumeInformationW
GetVolumeInformationA
GetDriveTypeW
GetDriveTypeA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
WideCharToMultiByte
GlobalFree
GlobalReAlloc
CreateProcessW
CreateProcessA
GetSystemInfo
FileTimeToSystemTime
lstrlenA
HeapFree
GetProcessHeap
HeapAlloc
GlobalMemoryStatus
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
GetStdHandle
SetProcessAffinityMask
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenEventA
WaitForMultipleObjects
CreateFileMappingA
FileTimeToLocalFileTime
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
MulDiv
FindNextChangeNotification
CopyFileA
GetStartupInfoA
CreatePipe
GetCommandLineW
GetCompressedFileSizeW
CopyFileW
GetPrivateProfileIntA
WritePrivateProfileStringA
OutputDebugStringA
ResumeThread
GlobalSize
Process32First
Process32Next
SetPriorityClass
SuspendThread
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
HeapSize
GetLocaleInfoW
FlushFileBuffers
FatalAppExitA
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
SetHandleCount
HeapDestroy
HeapCreate
GetConsoleMode
GetConsoleCP
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
FindFirstFileExA
HeapReAlloc
ExitThread
GetDateFormatA
GetTimeFormatA
RaiseException
RtlUnwind
InterlockedCompareExchange
DecodePointer
EncodePointer
InterlockedExchange
GetVersionExA
CompareFileTime
MultiByteToWideChar
SetLastError
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
BeginUpdateResourceA
LoadLibraryA
FindResourceA
FreeLibrary
SizeofResource
LoadResource
LockResource
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceA
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateThread
DeleteFileW
CreateFileA
SetFilePointer
CloseHandle
ReadFile
WriteFile
GetLastError
CreateFileW
GetFileSize
GetCommandLineA
Sleep
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableA
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
SetConsoleCtrlHandler
WriteConsoleW
CompareStringW
GlobalAlloc

user32

SetCaretPos
SetCapture
ReleaseCapture
SetFocus
SetCursor
ClientToScreen
BeginPaint
GetClientRect
GetDC
ReleaseDC
RegisterClassExW
wsprintfW
EnableWindow
SetParent
GetMessageA
TranslateMessage
DispatchMessageA
SetForegroundWindow
RegisterClipboardFormatA
InvalidateRect
FindWindowA
SetWindowPos
UpdateWindow
KillTimer
SetTimer
EndDialog
IsWindowVisible
DestroyWindow
DestroyMenu
CreatePopupMenu
LoadBitmapA
MessageBoxW
GetWindowTextW
GetWindowTextA
GetWindowTextLengthA
SetWindowTextW
SetWindowTextA
CreateWindowExW
RegisterClassW
LoadStringA
LoadStringW
DestroyIcon
GetMenuItemCount
TrackPopupMenuEx
GetCursorPos
IsWindowEnabled
ChildWindowFromPointEx
WindowFromPoint
MapVirtualKeyA
EnableMenuItem
CheckMenuItem
CheckMenuRadioItem
RemoveMenu
GetMenu
LoadMenuA
SetMenu
DrawMenuBar
GetSubMenu
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
FillRect
IsZoomed
PostQuitMessage
GetCapture
GetWindowPlacement
SetWindowPlacement
LoadIconA
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
DispatchMessageW
LoadAcceleratorsA
TranslateAcceleratorA
GetParent
HideCaret
GetFocus
GetKeyState
GetClipboardData
PostMessageA
GetSystemMetrics
GetWindowLongA
SetWindowLongA
CharUpperA
CharUpperW
OpenClipboard
CloseClipboard
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
SendMessageA
SendMessageW
GetDialogBaseUnits
SystemParametersInfoA
MapDialogRect
GetWindowRect
GetDlgItem
ScreenToClient
GetIconInfo
GetSysColor
AppendMenuA
AppendMenuW
InsertMenuItemW
CreateCaret
ShowCaret
GetWindowTextLengthW
MoveWindow
ShowWindow
CreateDialogParamA
DialogBoxParamA
CreateDialogParamW
DialogBoxParamW
CreateWindowExA
CallWindowProcA
CallWindowProcW
SetWindowLongW
RegisterClassA
LoadCursorA
GetClassInfoA
DefWindowProcA
DefWindowProcW
GetClassInfoW
GetMenuItemInfoA
GetMenuItemInfoW
SetMenuItemInfoA
SetMenuItemInfoW
InsertMenuItemA
EndPaint

gdi32

GetDeviceCaps
CreateDIBSection
SelectObject
GetStockObject
CreateFontIndirectA
BitBlt
DeleteDC
CreateCompatibleDC
SetBkColor
CreateSolidBrush
GetObjectA
DeleteObject

comdlg32

GetOpenFileNameA
GetOpenFileNameW
CommDlgExtendedError

advapi32

RegCloseKey
LookupPrivilegeValueA
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
GetUserNameA
GetFileSecurityW
SetFileSecurityW
GetUserNameW
RegQueryValueExW
RegSetValueExW
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegEnumValueA

shell32

SHBrowseForFolderW
ShellExecuteA
SHChangeNotify
ExtractIconExW
SHFileOperationA
SHGetDesktopFolder
ShellExecuteExA
SHGetSpecialFolderLocation
SHGetFileInfoA
SHGetSpecialFolderPathA
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileW
DragQueryFileA
DragFinish
SHGetMalloc

ole32

CoCreateInstance
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CoTaskMemAlloc
OleUninitialize
OleInitialize
ReleaseStgMedium
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysFreeString
SysStringByteLen
VariantClear
SysAllocString
SysStringLen
SysAllocStringLen
VariantCopy

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

imagehlp

MakeSureDirectoryPathExists

ws2_32

getsockopt
select
recv
connect
gethostbyname
htons
socket
WSAStartup
send
closesocket
inet_ntoa
__WSAFDIsSet

netapi32

Netbios

imm32

ImmGetContext
ImmReleaseContext

shlwapi

PathFileExistsW
PathFileExistsA

gdiplus

GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipStringFormatGetGenericDefault
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetCompositingMode
GdipDeleteBrush
GdipCreateSolidFill
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipAlloc
GdipFree
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatAlign
GdipBitmapGetPixel
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImageThumbnail
GdipGetImagePixelFormat
GdipDeleteFont
GdipDrawImageRectRectI
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectI
GdipCloneBrush
GdipDrawString

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21e8bdb184c356554273096165d4e583

Code Sign

48:01:c6:88:cd:91:b9:d3:e9:3b:ea:fb:47:c4:fd:07Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

48:01:c6:88:cd:91:b9:d3:e9:3b:ea:fb:47:c4:fd:07Certificate

Extended Key Usages

Key Usages

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

e2:30:ed:8c:4f:fc:a9:3d:b0:33:53:34:5e:a5:55:7f:46:7a:9d:c0:e8:b6:5b:ec:5e:d9:dc:12:e8:4d:8a:14Signer

4b:9d:2a:43:f5:3f:5d:db:a8:8f:be:f5:ce:8a:18:a4:30:9f:d1:f2Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

version

imagehlp

ws2_32

netapi32

imm32

shlwapi

gdiplus

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 213KB - Virtual size: 213KB

.data Size: 18KB - Virtual size: 33KB

.rsrc Size: 222KB - Virtual size: 221KB

.reloc Size: 58KB - Virtual size: 58KB

48:01:c6:88:cd:91:b9:d3:e9:3b:ea:fb:47:c4:fd:07
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

48:01:c6:88:cd:91:b9:d3:e9:3b:ea:fb:47:c4:fd:07
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

e2:30:ed:8c:4f:fc:a9:3d:b0:33:53:34:5e:a5:55:7f:46:7a:9d:c0:e8:b6:5b:ec:5e:d9:dc:12:e8:4d:8a:14
Signer

4b:9d:2a:43:f5:3f:5d:db:a8:8f:be:f5:ce:8a:18:a4:30:9f:d1:f2
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 213KB - Virtual size: 213KB

.data
Size: 18KB - Virtual size: 33KB

.rsrc
Size: 222KB - Virtual size: 221KB

.reloc
Size: 58KB - Virtual size: 58KB