2024-01-24_fa20e32107e6e900cdbd397ed9983646_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-24_fa20e32107e6e900cdbd397ed9983646_mafia
Size

1.4MB
MD5

fa20e32107e6e900cdbd397ed9983646
SHA1

5fce542898d7bcaa1a94987a54fed7b9fd2a3b6a
SHA256

b4bd64c332251fd6620537596aab62aa899328af84f958f5beda72b21092e5c9
SHA512

217c5c9073afe0308fb64cc3ae9e096ba28dabdcf670622465c8141f25bc11dd82d1983c3517d6cd594ca1f711a2746c06e06c4ebf5932b75bcad33af0ecfb20
SSDEEP

24576:qS06xwVUEs3HhHlUZnR9Q16mu3OEhGxSHZ0z73nD/mPN8i2Kiv8MaaZHS:qSfwiEs3HhFUnduPLn7mPN8i2KivDaaY

Score

1^/10

Malware Config

Signatures

Files

2024-01-24_fa20e32107e6e900cdbd397ed9983646_mafia
.exe windows:5 windows x86 arch:x86

6cccfc76133d2a9058b885e97dad9a7a

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

09/11/2016, 08:45

Not After

09/11/2026, 08:45

Subject

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:bd:ed:68:d9:ee:b7:c9:4b:43:3a:48:bb:de:20:19
Certificate

Issuer

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

12/12/2017, 10:04

Not After

12/12/2019, 10:04

Subject

CN=徐州灵匠信息科技有限公司,O=徐州灵匠信息科技有限公司,L=徐州市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c1373657276696365406d656e676469652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

96:f6:da:86:81:6b:f9:b8:94:0a:25:2e:7a:b4:ba:37:bb:ba:a2:f2:9c:28:c3:43:38:9b:fe:04:84:25:7f:48
Signer

Actual PE Digest

96:f6:da:86:81:6b:f9:b8:94:0a:25:2e:7a:b4:ba:37:bb:ba:a2:f2:9c:28:c3:43:38:9b:fe:04:84:25:7f:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
CreatePipe
CreateSemaphoreW
SystemTimeToFileTime
GetTickCount
GetCurrentProcessId
FindResourceW
LoadResource
WriteFile
SizeofResource
CreateFileW
LockResource
SetEvent
CreateEventW
lstrcpyW
CreateFileA
SetFilePointer
LocalAlloc
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
HeapSize
TerminateProcess
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetHandleCount
GetLocaleInfoW
GetFileAttributesA
GetStdHandle
GetStartupInfoW
FreeConsole
LoadLibraryW
OpenProcess
WaitForSingleObject
CreateProcessW
FreeLibrary
AllocConsole
CreateThread
DeleteFileA
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CreateMutexW
lstrcmpiW
GetSystemInfo
GetProcAddress
GetVersionExW
Sleep
WideCharToMultiByte
GetModuleHandleW
GetModuleFileNameW
ExitProcess
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CompareStringW
LCMapStringW
RtlUnwind
GetCPInfo
RaiseException
HeapSetInformation
GetCommandLineW
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
HeapFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
ReadFile
GetCurrentProcess
GetLastError
MultiByteToWideChar
GetCurrentThreadId
GetModuleFileNameA
SetFileAttributesA

user32

LoadIconW
SetPropW
SetWindowLongW
GetCursorPos
ShowWindow
GetWindow
SetWindowTextW
RegisterHotKey
wsprintfW
GetSystemMetrics
SetTimer
KillTimer
SendMessageW
GetWindowRect
MessageBoxA
MoveWindow
LoadCursorW
SetForegroundWindow
SetCursor
RemovePropW
UpdateWindow
PostMessageW
ScreenToClient
GetDesktopWindow
IsWindow
GetWindowLongW
GetPropW
MessageBoxW

gdi32

GetDeviceCaps
CreateDCW

comdlg32

GetOpenFileNameW

advapi32

ChangeServiceConfigA
RegOpenKeyW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
EnumServicesStatusW
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
OpenSCManagerA
QueryServiceStatus
RegDeleteValueW
StartServiceA
OpenServiceA
RegSetValueExW
RegCreateKeyW

shell32

DragAcceptFiles
DragQueryFileW
SHGetFileInfoW
ShellExecuteExA
Shell_NotifyIconW
ShellExecuteExW
DragFinish

ole32

CoCreateGuid
CoCreateInstance

ws2_32

WSAEventSelect
WSASocketW
WSACreateEvent
WSAWaitForMultipleEvents
gethostname
inet_ntoa
WSAStartup
recvfrom
inet_addr
htons
sendto
WSACleanup
bind
socket
WSAEnumNetworkEvents
gethostbyname
closesocket

iphlpapi

GetAdaptersInfo

xcgui

XAdTable_Create
XEle_SetToolTip
XEle_SetFont
XBtn_AddBkImage
XFont_EnableAutoDestroy
XEle_EnableEvent_XE_PAINT_END
XList_GetHeaderTemplateObject
XList_BindAdapterHeader
XEle_IsShow
XEle_Enable
XRichEdit_DeleteSelect
XMenu_Popup
XComboBox_SetSelItem
XEle_SetTextColor
XComboBox_BindApapter
XList_GetTemplateObject
XImage_SetTranColorEx
XC_IsHXCGUI
XRichEdit_DeleteAll
XEle_SetLayoutHeight
XAdTable_GetCount
XList_GetItemIndexFromHXCGUI
XShapePic_Create
XAdTable_DeleteItem
XExitXCGUI
XC_EnableDebugFile
XRunXCGUI
XInitXCGUI
XListView_SetAlignSizeTop
XAdListView_Item_GetCount
XImage_LoadFileFromHICON
XListView_SetItemSize
XAdListView_Group_AddItemText
XAdListView_Group_AddColumn
XAdListView_Item_AddColumn
XListView_GetSelectItem
XListView_GetItemIDFromHXCGUI
XListView_GetTemplateObject
XAdListView_Item_AddItemTextEx
XListView_RefreshData
XAdListView_Item_DeleteItem
XAdListView_Item_SetTextEx
XAdTable_AddColumn
XWnd_HitChildEle
XAdListView_Create
XRichEdit_GetTextLength
XAdListView_DeleteAllItem
XListView_BindAdapter
XListView_SetItemTemplateXML
XAdListView_Item_SetImageEx
XListView_SetColumnSpace
XListView_SetGroupHeight
XAdListView_Item_GetTextEx
XListView_SetRowSpace
XListView_SetSelectItem
XWnd_SetLayoutSize
XTree_EnableConnectLine
XEle_GetWidth
XTree_SetItemTemplateXML
XTree_GetItemData
XEle_AdjustLayout
XEle_IsEnable
XTree_SetItemHeightDefault
XTree_SetItemHeight
XBkM_AddFill
XC_GetTextShowSize
XAdTree_SetItemText
XAdTree_InsertItemImage
XAdTree_GetItemTextEx
XAdTree_Create
XSView_ScrollBottom
XEle_GetFont
XTree_BindAdapter
XTree_SetItemData
XTree_GetTemplateObject
XAdTree_AddColumn
XEle_Destroy
XEle_RemoveEle
XList_SetSelectItem
XWnd_KillTimer
XList_SetColumnWidth
XAdTable_GetItemText
XLayout_AdjustLayout
XList_SetItemTemplateXML
XEle_EnableFocus
XAdTable_AddItemText
XSBar_SetSliderMinLength
XEle_SetLayoutWidth
XList_EnableItemBkFullRow
XSView_GetScrollBarV
XEle_SetRectEx
XSBar_ShowButton
XDraw_ImageStretch
XEle_AddBkImage
XEle_SetTopmost
XProgBar_SetPos
XList_EnableDragChangeColumnWidth
XComboBox_EnableDrawButton
XEle_EnableDrawBorder
XWnd_AdjustLayoutObject
_XEle_RemoveEvent
XC_LoadLayout
XEle_ShowEle
XWnd_GetHWND
XWnd_AdjustLayout
XWnd_ShowWindow
XC_IsHELE
XFont_Create2
XList_SetItemHeightDefault
XBtn_SetText
XAdMap_AddItemText
XDraw_FillRect
XRichEdit_SelectAll
XComboBox_EnableEdit
XAdMap_Create
XEle_EnableBkTransparent
XShapeText_SetTextAlign
XComboBox_SetItemTemplateXML
XBtn_SetCheck
XEle_SetRect
XWnd_GetClientRect
XEle_GetRect
XRichEdit_SetText
XSView_SetScrollBarSize
XList_BindAdapter
XRichEdit_EnableReadOnly
XList_EnableMultiSel
XBkM_AddImage
XList_GetHeaderHELE
XList_RefreshData
XSView_SetLineSize
XRichEdit_SetRowHeight
XAdTable_DeleteItemAll
XImage_LoadFileAdaptive
XEle_GetParent
XSBar_SetSliderLength
XEle_EnableDrawFocus
XSBar_GetButtonSlider
XSView_SetBorderSize
XComboBox_GetSelItem
XShapeText_SetFont
XList_SetHeaderHeight
XRichEdit_SetDefaultTextColor
XBtn_GetText
XEle_PostEvent
XList_EnableVScrollBarTop
XShapeText_SetTextColor
XShapeText_GetText
_XWnd_RegEvent
XDraw_SetBrushColor
XWnd_SetTimer
XRichEdit_EnableEvent_XE_RICHEDIT_CHANGE
XEle_GetBkManager
XC_LoadResource
XC_GetObjectType
XRichEdit_EnablePassword
XMenu_Create
XComboBox_GetApapter
XDraw_SetBkMode
XList_AddColumn
XSView_ShowSBarH
XC_SetDefaultFont
XList_GetSelectItem
XMenu_AddItem
XImage_EnableAutoDestroy
XAdTable_SetItemText
XRichEdit_EnableMultiLine
XRichEdit_SetLimitNum
XSView_ShowSBarV
XShapePic_SetImage
XRichEdit_SetDefaultText
XImage_LoadMemory
XBtn_IsCheck
XRichEdit_EnableAutoWrap
XWnd_SetFocusEle
XRichEdit_GetText
XRichEdit_EnableAutoSelAll
XShapeText_SetText
XEle_SendEvent
XModalWnd_DoModal
XEle_RedrawEle
XWnd_RedrawWnd
XC_GetObjectByIDName
XWnd_CloseWindow
XListView_SetAlignSizeLeft
_XEle_RegEvent
XImage_LoadFile

rasapi32

RasSetEntryPropertiesW
RasSetEntryDialParamsW
RasEnumConnectionsW
RasDialW
RasConnectionNotificationW
RasHangUpW
RasGetEntryPropertiesW
RasGetProjectionInfoW
RasDeleteEntryW
RasGetErrorStringW

libcurl

curl_global_cleanup
curl_global_init
curl_easy_init
curl_slist_append
curl_easy_setopt
curl_easy_perform
curl_easy_strerror
curl_easy_cleanup

wkebrowser

XWeb_OnCreateView
XWeb_UnInit
XWeb_Init
XWeb_JsToTempStringW
XWeb_JsBindFuction
XWeb_LoadUrl
XWeb_JsArg
XWeb_Create
XWeb_GetStringW
XWeb_JsUndefined

netapi32

Netbios

wininet

InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle

Sections

.text
Size: 973KB - Virtual size: 972KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cccfc76133d2a9058b885e97dad9a7a

Code Sign

04:44:c0Certificate

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:aeCertificate

Extended Key Usages

Key Usages

62:bd:ed:68:d9:ee:b7:c9:4b:43:3a:48:bb:de:20:19Certificate

Extended Key Usages

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

96:f6:da:86:81:6b:f9:b8:94:0a:25:2e:7a:b4:ba:37:bb:ba:a2:f2:9c:28:c3:43:38:9b:fe:04:84:25:7f:48Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

iphlpapi

xcgui

rasapi32

libcurl

wkebrowser

netapi32

wininet

Sections

.text Size: 973KB - Virtual size: 972KB

.rdata Size: 205KB - Virtual size: 204KB

.data Size: 14KB - Virtual size: 540KB

.rsrc Size: 139KB - Virtual size: 139KB

.reloc Size: 53KB - Virtual size: 53KB

04:44:c0
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

62:bd:ed:68:d9:ee:b7:c9:4b:43:3a:48:bb:de:20:19
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

96:f6:da:86:81:6b:f9:b8:94:0a:25:2e:7a:b4:ba:37:bb:ba:a2:f2:9c:28:c3:43:38:9b:fe:04:84:25:7f:48
Signer

.text
Size: 973KB - Virtual size: 972KB

.rdata
Size: 205KB - Virtual size: 204KB

.data
Size: 14KB - Virtual size: 540KB

.rsrc
Size: 139KB - Virtual size: 139KB

.reloc
Size: 53KB - Virtual size: 53KB