2024-02-04_80b166a4bde5bfb04a1491d056581505_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-04_80b166a4bde5bfb04a1491d056581505_mafia
Size

1.9MB
MD5

80b166a4bde5bfb04a1491d056581505
SHA1

4b1537ff01c36ea127951826fe7a00b7cb0ebf85
SHA256

ac80955c06853e8fc38a1dce64b13b0cb9d8c991890523806ad6eb7a92a3899d
SHA512

0a1354b49b8dbe5dd9619195b44f86b580a08bfeddb97acf2f14ac67de120f3cabdbe0f13de6cd01488ffaf4bca11c1af08d0497945a6c2ab3ce39e8edd67389
SSDEEP

49152:t/tYN6uZzE5ULEWpbtsDVGhKVlR3JtkB/yTJXYtPvu:t/HaPLEWpbtsDiKVrrkxCite

Score

1^/10

Malware Config

Signatures

Files

2024-02-04_80b166a4bde5bfb04a1491d056581505_mafia
.exe windows:5 windows x86 arch:x86

210111709379c252a7ec0ac666c977e7

Code Sign

32:5a:37:37:b8:92:6a:78:35:f0:23:96:3d:83:8f:cc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/04/2014, 00:00

Not After

08/06/2016, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=移动云,O=Baidu Online Network Technology (Beijing) Co.\,Ltd,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cc:e4:67:92:05:5a:02:d1:f3:75:49:de:54:00:ce:9d:44:e0:ea:87
Signer

Actual PE Digest

cc:e4:67:92:05:5a:02:d1:f3:75:49:de:54:00:ce:9d:44:e0:ea:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\app\gensoft\pcsuite\native\app\mini\project\Release\MiniDownloader.pdb

Imports

gdiplus

GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipImageSelectActiveFrame
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipFree
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipSetSmoothingMode
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromFile
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawImageRectRect

kernel32

GlobalAlloc
GlobalLock
CreateEventA
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedExchangeAdd
GetLastError
TlsAlloc
CloseHandle
WaitForSingleObject
SetEvent
PostQueuedCompletionStatus
SetLastError
GetProcAddress
CreateMutexW
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryW
FreeLibrary
GetTempPathW
GetTickCount
ExpandEnvironmentStringsW
TerminateProcess
GetCurrentProcess
GlobalUnlock
CreateProcessW
lstrcpynW
lstrlenW
lstrcpynA
lstrlenA
GetVersionExW
MultiByteToWideChar
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
FindResourceExW
DeleteCriticalSection
InitializeCriticalSection
TlsFree
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
lstrcmpiW
RaiseException
LoadLibraryExW
GetModuleFileNameW
CreateMutexA
FlushInstructionCache
MulDiv
lstrcmpW
CreateThread
CreateFileW
GetFileSize
SetFilePointer
WriteFile
Sleep
CreateIoCompletionPort
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GetQueuedCompletionStatus
SetWaitableTimer
InterlockedCompareExchange
TlsSetValue
TlsGetValue
SleepEx
CreateEventW
CreateWaitableTimerW
GetEnvironmentVariableW
FindFirstFileW
CreateDirectoryW
ReleaseSemaphore
CreateSemaphoreA
ReadFile
MoveFileW
FindClose
FindNextFileW
FreeResource
GetCurrentProcessId
WideCharToMultiByte
MapViewOfFile
UnmapViewOfFile
DuplicateHandle
ResumeThread
CreateFileMappingW
GetTempPathA
GetEnvironmentVariableA
GetModuleFileNameA
GetSystemDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
CreatePipe
GetStartupInfoA
CreateProcessA
LockResource
GetStartupInfoW
GetFileAttributesW
GetVolumeInformationW
GetModuleHandleA
CreateFileA
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteFileA
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSetInformation
ExitThread
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExW
VirtualProtect
GetSystemInfo
VirtualQuery
GetTimeFormatA
GetDateFormatA
RtlUnwind
LCMapStringW
GetCPInfo
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineW
ExitProcess
GetStdHandle
HeapCreate
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
LoadResource
FindResourceW
HeapReAlloc
GetFileType
GetFullPathNameW
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
FlushFileBuffers
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
SetEndOfFile
HeapSize
SetEnvironmentVariableA
OpenEventA
ResetEvent
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
DeviceIoControl
AreFileApisANSI
GetVersion
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
GetVolumeInformationA
GlobalFree
GetStringTypeW
EncodePointer
DecodePointer
SetConsoleCtrlHandler
SizeofResource
ReadConsoleInputA
SetConsoleMode
DeleteFileW

user32

DispatchMessageW
GetWindow
MonitorFromWindow
TranslateMessage
GetMessageW
RegisterClassExW
LoadCursorW
DestroyAcceleratorTable
InvalidateRgn
ReleaseCapture
SetCapture
MoveWindow
CharNextW
GetParent
CreateAcceleratorTableW
GetDlgItem
GetMonitorInfoW
MonitorFromPoint
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenuEx
DestroyMenu
CreatePopupMenu
PeekMessageW
MapWindowPoints
LoadMenuW
LoadAcceleratorsW
LoadImageW
wvsprintfW
IsChild
UnregisterDeviceNotification
GetClassInfoExW
RedrawWindow
GetSysColor
GetClassNameW
CallWindowProcW
GetFocus
MessageBeep
DefWindowProcW
SetFocus
LoadStringA
CreateWindowExW
DestroyWindow
TranslateAcceleratorW
GetWindowTextLengthW
GetWindowTextW
PostMessageW
PtInRect
ScreenToClient
GetWindowRect
IsIconic
FillRect
DrawTextW
EndPaint
BeginPaint
PostQuitMessage
SetWindowPos
SetWindowLongW
GetWindowLongW
ShowWindow
SendMessageW
SetRect
GetClientRect
SetWindowTextW
ClientToScreen
IsWindowVisible
GetCursorPos
KillTimer
LoadStringW
ReleaseDC
GetDC
GetDesktopWindow
InvalidateRect
IsWindow
IsRectEmpty
RegisterWindowMessageW
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
SetTimer

gdi32

GetObjectW
CreateCompatibleBitmap
BitBlt
Rectangle
GetStockObject
TextOutW
SetBkMode
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
SetTextColor
CreateCompatibleDC
CreateFontIndirectW
GetDeviceCaps
SelectObject

advapi32

RegCreateKeyW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ord165
SHBrowseForFolderW

ole32

StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
OleUninitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoUninitialize
CoTaskMemFree

oleaut32

SysStringLen
SysAllocStringLen
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

PathFileExistsW
PathAppendW
SHGetValueW

comctl32

InitCommonControlsEx
_TrackMouseEvent

ws2_32

getsockopt
bind
getsockname
inet_addr
listen
accept
select
WSARecv
__WSAFDIsSet
connect
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
setsockopt
ioctlsocket
WSASetLastError
WSAGetLastError
closesocket
WSACleanup
WSAStartup

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

210111709379c252a7ec0ac666c977e7

Code Sign

32:5a:37:37:b8:92:6a:78:35:f0:23:96:3d:83:8f:ccCertificate

Extended Key Usages

Key Usages

cc:e4:67:92:05:5a:02:d1:f3:75:49:de:54:00:ce:9d:44:e0:ea:87Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

iphlpapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 300KB - Virtual size: 300KB

.data Size: 80KB - Virtual size: 98KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 260KB - Virtual size: 259KB

.reloc Size: 97KB - Virtual size: 96KB

32:5a:37:37:b8:92:6a:78:35:f0:23:96:3d:83:8f:cc
Certificate

cc:e4:67:92:05:5a:02:d1:f3:75:49:de:54:00:ce:9d:44:e0:ea:87
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 300KB - Virtual size: 300KB

.data
Size: 80KB - Virtual size: 98KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 260KB - Virtual size: 259KB

.reloc
Size: 97KB - Virtual size: 96KB