2024-02-04_c9ebd640e11dda953fbfa5a6d2f01f67_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-04_c9ebd640e11dda953fbfa5a6d2f01f67_mafia
Size

4.6MB
MD5

c9ebd640e11dda953fbfa5a6d2f01f67
SHA1

2d8b1518d95f3248d60fbb8f3b9e9010df69a5f0
SHA256

985160ad0cf901ef433260979d36ecbc9ac20708dd215549b457e31a9ec98cfd
SHA512

19c0f021df9674471cbe58e7fb0f0b278b844ece8eb91091eda6b11862c9df0d93499ed7d4b3d5d109e82cc7432d4c0cbd1ca76b558f41c98f600b9e7809acca
SSDEEP

49152:uzwIhsZV8XFn0arA92ERFxU3TQY7ElwWfvEBOs26De7lx3SPTottdpFX5NK+19lM:S6V8Xe9Zi7ElwMb7lx3PDp19aP

Score

1^/10

Malware Config

Signatures

Files

2024-02-04_c9ebd640e11dda953fbfa5a6d2f01f67_mafia
.exe windows:5 windows x86 arch:x86

977fe6fc6f1a5f73f5fdc1a432a8c9d1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

c4:85:be:d8:4d:57:d9:f8:33:67:0a:1c:49:b0:1c:a2:36:07:7f:29
Signer

Actual PE Digest

c4:85:be:d8:4d:57:d9:f8:33:67:0a:1c:49:b0:1c:a2:36:07:7f:29

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\build3.0.3\Funshion\Rel\bin\Release\Funshion.pdb

Imports

dbghelp

MiniDumpWriteDump

shlwapi

StrFormatByteSizeW
PathIsRootW
PathAppendW
StrCmpIW
PathFindExtensionW
StrCpyW
PathAddExtensionW
PathRemoveExtensionW
PathFindFileNameW
StrStrIW
SHSetValueW
SHDeleteKeyW
SHGetValueW
SHDeleteValueW
PathRemoveFileSpecW
PathFileExistsW

ws2_32

gethostbyname
inet_ntoa
gethostname
ntohs
send
closesocket
ntohl
socket
recv
htons
select
connect
__WSAFDIsSet
getservbyname
WSAGetLastError
freeaddrinfo
getaddrinfo
getnameinfo
WSAStartup
WSACleanup
accept
bind
listen
shutdown
sendto
recvfrom
getsockname
getpeername
setsockopt
getsockopt
ioctlsocket
inet_addr

wininet

FindFirstUrlCacheEntryW
InternetGetCookieExW
InternetGetConnectedState
FindNextUrlCacheEntryW
HttpQueryInfoW
InternetSetOptionA
InternetReadFile
InternetOpenUrlW
HttpQueryInfoA
DeleteUrlCacheEntryW
InternetSetCookieW
InternetCloseHandle
InternetOpenA
FindCloseUrlCache

iphlpapi

GetIfEntry
GetBestInterface
GetAdaptersInfo

psapi

GetModuleFileNameExW

winmm

waveOutSetVolume
timeGetTime
mixerGetLineControlsW
mixerOpen
mixerGetControlDetailsW
mixerGetLineInfoW
waveOutGetVolume
mixerClose

rpcrt4

UuidCreate
UuidToStringW

dsound

ord3

kernel32

ExitProcess
FindResourceExW
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
CreateDirectoryW
GlobalLock
GetModuleHandleW
GlobalAlloc
InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
MulDiv
GetModuleFileNameW
lstrcmpW
MultiByteToWideChar
lstrlenW
GlobalUnlock
FlushInstructionCache
RaiseException
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
LockResource
CreateEventW
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
SetFileAttributesW
GetFileSize
InterlockedCompareExchange
ReadFile
CreateFileW
GlobalFree
lstrlenA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentDirectoryW
LoadLibraryW
OutputDebugStringA
FindFirstFileW
GetDriveTypeA
GetSystemDirectoryW
GetVersionExW
GetLogicalDriveStringsA
FindClose
Process32FirstW
GlobalMemoryStatusEx
RemoveDirectoryW
GetDiskFreeSpaceA
GetSystemInfo
Process32NextW
GetModuleHandleA
FindNextFileW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
DeleteFileW
OutputDebugStringW
WideCharToMultiByte
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateThread
WriteFile
GetFileAttributesW
TryEnterCriticalSection
InitializeCriticalSection
SetInformationJobObject
CreateJobObjectW
GetTickCount
AssignProcessToJobObject
OpenJobObjectW
ConnectNamedPipe
GetOverlappedResult
GetLocalTime
WaitForSingleObject
SetEvent
TerminateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcpyW
InterlockedExchange
SetThreadExecutionState
CopyFileW
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
DeviceIoControl
OpenProcess
TerminateProcess
ResetEvent
WaitForMultipleObjects
IsBadReadPtr
GetDriveTypeW
GetLogicalDrives
GlobalHandle
MoveFileW
lstrcpynW
CreateEventA
VirtualProtect
GetSystemTimeAsFileTime
LoadLibraryA
ExpandEnvironmentStringsW
FlushFileBuffers
SetHandleInformation
GetStartupInfoW
GetStdHandle
CreatePipe
GlobalReAlloc
GetFileAttributesA
GetFileAttributesExW
DeleteFileA
GetFullPathNameW
GetFullPathNameA
SetFilePointer
SetEndOfFile
QueryPerformanceCounter
UnlockFile
LockFile
FormatMessageA
GetTempPathW
LockFileEx
GetTempPathA
GetSystemTime
AreFileApisANSI
CompareStringW
HeapCreate
GetTimeZoneInformation
IsValidLocale
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
LCMapStringW
GetCPInfo
CreateNamedPipeW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
OpenEventA
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
InterlockedPushEntrySList
LocalFileTimeToFileTime
IsDebuggerPresent
UnhandledExceptionFilter
ExitThread
GetDateFormatW
GetTimeFormatW
GetDateFormatA
GetTimeFormatA
RtlUnwind
HeapSetInformation
GetCommandLineW
GetComputerNameW
GetVersionExA
SetEnvironmentVariableW
GetEnvironmentVariableW
GetLogicalDriveStringsW
GetLongPathNameW
SetFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileMappingW
ReleaseMutex
CreateMutexW
LocalFree
GetLocaleInfoW
DecodePointer
EncodePointer
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
Sleep

user32

PostThreadMessageW
GetWindowRect
ShowCursor
GetSystemMetrics
wsprintfW
SetTimer
KillTimer
SetRect
IsWindowVisible
DrawTextW
ShowWindow
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
GetMessageW
CharNextW
RegisterWindowMessageW
FillRect
IsChild
GetFocus
GetParent
InvalidateRgn
LoadCursorW
FindWindowW
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
GetDC
GetCursorPos
SetForegroundWindow
IsZoomed
IsIconic
SetActiveWindow
PostMessageW
PostQuitMessage
CreateDialogParamW
SetLayeredWindowAttributes
SendMessageA
CheckMenuItem
DestroyMenu
RemoveMenu
EnableMenuItem
LoadMenuW
wsprintfA
wvsprintfA
TranslateMessage
RegisterClassExW
InvalidateRect
GetWindowLongW
GetWindowTextW
PeekMessageW
GetClassNameW
ReleaseDC
GetDlgItem
SetWindowLongW
RedrawWindow
GetDesktopWindow
GetSysColor
SetWindowPos
IsWindow
CreateWindowExW
MessageBoxW
ReleaseCapture
SendMessageW
CreateDesktopW
RegisterClassW
GetTopWindow
WindowFromPoint
GetForegroundWindow
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageW
CreateDialogIndirectParamW
DialogBoxParamW
EndDialog
GetMenuItemID
GetMenuItemCount
CloseClipboard
SetWindowTextW
CallWindowProcW
DefWindowProcW
GetWindow
EmptyClipboard
GetSysColorBrush
OpenClipboard
MoveWindow
DispatchMessageW
SetClipboardData
IntersectRect
DisableProcessWindowsGhosting
EqualRect
AppendMenuW
UnregisterClassA
DestroyIcon
GetDlgCtrlID
GetActiveWindow
MonitorFromWindow
ExitWindowsEx
IsRectEmpty
SetRectEmpty
SetCursor
GetCapture
BringWindowToTop
GetKeyState
UnregisterHotKey
RegisterHotKey
UpdateLayeredWindow
GetWindowDC
UpdateWindow
EnumDisplayMonitors
GetMonitorInfoW
CopyRect
MonitorFromRect
OffsetRect
MapWindowPoints
LoadImageW
RegisterDeviceNotificationW
GetWindowThreadProcessId
SetWindowRgn
PtInRect
InflateRect
SystemParametersInfoW
EnableWindow
TrackPopupMenu
GetSubMenu
ModifyMenuW
CheckMenuRadioItem
SetCapture

gdi32

SelectClipRgn
CreateRectRgn
GetClipBox
ExtSelectClipRgn
GetTextColor
CreateFontW
CombineRgn
SetPixel
Rectangle
DPtoLP
RoundRect
MoveToEx
LineTo
CreatePen
SaveDC
RestoreDC
CreateFontIndirectW
ExtTextOutW
CreateRoundRectRgn
GetTextExtentPoint32W
SetTextColor
CreateDIBSection
SetBkColor
SetBkMode
BitBlt
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
CreateSolidBrush
GetStockObject
CreateRectRgnIndirect

advapi32

RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW
InitializeSecurityDescriptor
RegDeleteKeyW
SetSecurityDescriptorDacl
RegDeleteValueW
IsTextUnicode
RegOpenKeyExA
RegOpenKeyW
RegQueryValueExA
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW

shell32

SHBrowseForFolderW
SHGetMalloc
ord2
ord4
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetDesktopFolder
DragQueryFileW
Shell_NotifyIconW
SHChangeNotify
ShellExecuteExW
ord165
SHCreateDirectoryExW
ShellExecuteW
SHFileOperationW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoSetProxyBlanket
CoUninitialize
CoInitialize
OleUninitialize
StgCreateDocfile
OleCreate
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
OleSetContainedObject
OleDraw
CLSIDFromString
CLSIDFromProgID
CoTaskMemRealloc
OleLockRunning
CoCreateGuid
CoCreateInstance
CoGetClassObject

oleaut32

LoadRegTypeLi
OleLoadPicture
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VarUI4FromStr
OleCreateFontIndirect
GetErrorInfo
DispCallFunc
VariantInit
LoadTypeLi
SysAllocString
SysStringLen
VariantClear
SysAllocStringLen

comctl32

_TrackMouseEvent
ImageList_Create
InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt
GradientFill

urlmon

UrlMkGetSessionOption

gdiplus

GdipCreatePen1
GdipDrawLineI
GdipCreateFromHDC
GdipDeleteGraphics
GdipDeletePen

winhttp

WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpOpen

imagehlp

ImageGetCertificateHeader
ImageGetCertificateData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

wintrust

WinVerifyTrust

crypt32

CryptVerifyMessageSignature

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 763KB - Virtual size: 762KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

977fe6fc6f1a5f73f5fdc1a432a8c9d1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:deCertificate

Extended Key Usages

Key Usages

c4:85:be:d8:4d:57:d9:f8:33:67:0a:1c:49:b0:1c:a2:36:07:7f:29Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

shlwapi

ws2_32

wininet

iphlpapi

psapi

winmm

rpcrt4

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

urlmon

gdiplus

winhttp

imagehlp

version

comdlg32

wintrust

crypt32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 576KB - Virtual size: 575KB

.data Size: 103KB - Virtual size: 130KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 763KB - Virtual size: 762KB

.reloc Size: 176KB - Virtual size: 176KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

c4:85:be:d8:4d:57:d9:f8:33:67:0a:1c:49:b0:1c:a2:36:07:7f:29
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 576KB - Virtual size: 575KB

.data
Size: 103KB - Virtual size: 130KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 763KB - Virtual size: 762KB

.reloc
Size: 176KB - Virtual size: 176KB