2024-01-27_89895edddd6cfd072dfef81ec5e23b4b_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-27_89895edddd6cfd072dfef81ec5e23b4b_mafia
Size

7.0MB
MD5

89895edddd6cfd072dfef81ec5e23b4b
SHA1

dd405a54ca61d3bdc443e67e48b531f2d28311be
SHA256

18b0ba53859c4e41fbdb4af2c7a0ac1dea67554fc4c0f2b3d988f8034f5b41c7
SHA512

9b297d2dc040d194cdebef72a8c7c92820b60e9424c02c00deac4ac63a2db6be08dc3e42b80976da2ba06ab55121685d38af3ab6f2883d4e0aa121d38b55af7a
SSDEEP

98304:voAwWx97VlqInEgz2J1SlBIaH0OTonkyC1pUBNSTefragAqpyOMHaxkzRZn9qZ9l:fnx8OL+16jUfvLBN2ejBwzz/kZbxTHL

Score

1^/10

Malware Config

Signatures

Files

2024-01-27_89895edddd6cfd072dfef81ec5e23b4b_mafia
.exe windows:5 windows x86 arch:x86

35317531d893969706cda1dca8628b7d

Code Sign

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

09/11/2016, 08:45

Not After

09/11/2026, 08:45

Subject

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:70:31:02:ce:93:13:6d:2f:c0:91:20:00:7d:e4:8a
Certificate

Issuer

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

14/12/2017, 13:01

Not After

14/12/2019, 13:01

Subject

CN=杭州凤侠网络科技有限公司,O=杭州凤侠网络科技有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c12737570706f72744066656e6779782e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

09/11/2016, 08:45

Not After

09/11/2026, 08:45

Subject

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:70:31:02:ce:93:13:6d:2f:c0:91:20:00:7d:e4:8a
Certificate

Issuer

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

14/12/2017, 13:01

Not After

14/12/2019, 13:01

Subject

CN=杭州凤侠网络科技有限公司,O=杭州凤侠网络科技有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c12737570706f72744066656e6779782e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:fa:15:02:7d:c7:c3:ea:da:d2:88:99:78:f7:0c:ac:84:b2:14:32:25:63:47:ee:ac:6e:7f:e4:ed:60:47:de
Signer

Actual PE Digest

5e:fa:15:02:7d:c7:c3:ea:da:d2:88:99:78:f7:0c:ac:84:b2:14:32:25:63:47:ee:ac:6e:7f:e4:ed:60:47:de

Digest Algorithm

sha256

PE Digest Matches

true

b3:71:48:30:47:93:0c:59:0d:43:7e:7d:86:e8:d2:b3:6b:f2:4c:2e
Signer

Actual PE Digest

b3:71:48:30:47:93:0c:59:0d:43:7e:7d:86:e8:d2:b3:6b:f2:4c:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
CreateFileW
CreateFileA
WriteFile
SetFilePointer
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
CreateDirectoryW
SetFilePointerEx
GetFileSizeEx
SetFileAttributesW
UnmapViewOfFile
GetCurrentThreadId
MapViewOfFile
CreateFileMappingW
GetCommandLineW
GetModuleFileNameW
GetCurrentDirectoryW
GetDiskFreeSpaceExW
LoadLibraryW
CreateThread
CopyFileW
MoveFileExW
DeleteFileW
RemoveDirectoryW
CreateProcessW
OpenProcess
GetExitCodeProcess
ExitProcess
GetCurrentProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateMutexW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetTempPathW
GetCurrentProcessId
CreateEventW
OpenEventW
TerminateThread
SuspendThread
ResumeThread
OpenFileMappingW
SetEvent
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
lstrcmpiW
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiA
ResetEvent
FindClose
FindNextFileW
FindFirstFileW
GlobalMemoryStatusEx
GetSystemInfo
GetNativeSystemInfo
GetVersionExW
GetACP
GetModuleHandleA
LockResource
SizeofResource
FindResourceW
LoadLibraryExW
GetModuleFileNameA
LocalFree
SetEnvironmentVariableA
CompareStringW
GetDriveTypeW
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
SetEndOfFile
GetStringTypeW
FlushFileBuffers
GetFullPathNameA
GetConsoleMode
GetConsoleCP
SetStdHandle
IsValidCodePage
GetOEMCP
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetFileAttributesW
FindFirstFileExA
GetDriveTypeA
GetProcessHeap
HeapFree
IsBadWritePtr
VirtualFree
VirtualProtect
VirtualAlloc
GetTickCount
LoadLibraryA
GetProcAddress
FreeLibrary
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
FormatMessageW
Sleep
SleepEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapReAlloc
ExitThread
GetSystemTimeAsFileTime
WriteConsoleW
RaiseException
RtlUnwind
DecodePointer
EncodePointer
ExpandEnvironmentStringsW
WaitForSingleObject
CloseHandle
GetLastError
LoadResource

user32

ReleaseCapture
SendMessageW
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetForegroundWindow
SetWindowPos
ShowWindow
wsprintfW
ExitWindowsEx
GetDesktopWindow
GetParent
SetWindowTextW
GetWindowLongW
SetWindowLongW
DestroyIcon
IsIconic
SetFocus
LoadImageW
DestroyWindow
DefWindowProcW
SetTimer
CreateWindowExW
ScreenToClient
EndPaint
BeginPaint
GetMonitorInfoW
EnumDisplayMonitors
UnregisterClassW
PostQuitMessage
ReleaseDC
UpdateLayeredWindow
IsZoomed
LoadIconW
EnumDisplayDevicesW
EnumDisplaySettingsW
DispatchMessageW
TranslateMessage
PeekMessageW
RegisterClassExW
FindWindowW
GetSystemMetrics
GetCursorPos
PostMessageW
GetDC
GetClientRect
GetWindowRect
SetCapture

gdi32

SelectObject
DeleteObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateDIBSection

comdlg32

GetSaveFileNameW
ChooseFontW
GetOpenFileNameW

advapi32

RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteExW
ExtractIconExW
ShellExecuteW
ShellExecuteA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHFileOperationW
SHBrowseForFolderW
DragFinish
DragAcceptFiles
DragQueryFileW
ExtractIconW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
OleUninitialize
OleInitialize
StgCreateDocfile
OleCreate
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantCopy
VariantClear

imm32

ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

shlwapi

SHDeleteKeyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

htons
bind
ntohs
getsockname
select
getsockopt
recvfrom
sendto
send
getpeername
__WSAFDIsSet
ioctlsocket
listen
accept
WSAStartup
WSACleanup
gethostname
getaddrinfo
freeaddrinfo
WSASetLastError
recv
socket
closesocket
connect
setsockopt
WSAGetLastError

wldap32

ord208
ord41
ord27
ord301
ord167
ord147
ord118
ord14
ord145
ord216
ord46
ord26
ord133
ord127
ord142
ord79

psapi

GetModuleBaseNameW
GetProcessImageFileNameW
GetModuleFileNameExW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDescriptionW
SetupDiDestroyClassImageList
SetupDiGetClassDevsW
SetupDiGetClassImageIndex
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassImageList

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 540KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35317531d893969706cda1dca8628b7d

Code Sign

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:aeCertificate

Extended Key Usages

Key Usages

26:70:31:02:ce:93:13:6d:2f:c0:91:20:00:7d:e4:8aCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:aeCertificate

Extended Key Usages

Key Usages

26:70:31:02:ce:93:13:6d:2f:c0:91:20:00:7d:e4:8aCertificate

Extended Key Usages

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

5e:fa:15:02:7d:c7:c3:ea:da:d2:88:99:78:f7:0c:ac:84:b2:14:32:25:63:47:ee:ac:6e:7f:e4:ed:60:47:deSigner

b3:71:48:30:47:93:0c:59:0d:43:7e:7d:86:e8:d2:b3:6b:f2:4c:2eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

imm32

shlwapi

version

ws2_32

wldap32

psapi

setupapi

Exports

Exports

Sections

.text Size: 540KB - Virtual size: 539KB

.rdata Size: 93KB - Virtual size: 92KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 36KB - Virtual size: 36KB

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

26:70:31:02:ce:93:13:6d:2f:c0:91:20:00:7d:e4:8a
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

26:70:31:02:ce:93:13:6d:2f:c0:91:20:00:7d:e4:8a
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

5e:fa:15:02:7d:c7:c3:ea:da:d2:88:99:78:f7:0c:ac:84:b2:14:32:25:63:47:ee:ac:6e:7f:e4:ed:60:47:de
Signer

b3:71:48:30:47:93:0c:59:0d:43:7e:7d:86:e8:d2:b3:6b:f2:4c:2e
Signer

.text
Size: 540KB - Virtual size: 539KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 36KB - Virtual size: 36KB