2024-02-04_a4fa7638df1764affa998e91d65fa786_karagany_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-04_a4fa7638df1764affa998e91d65fa786_karagany_mafia
Size

428KB
MD5

a4fa7638df1764affa998e91d65fa786
SHA1

6822279d46b02c9b10c8a1fbb1ce0b3f9509f3e4
SHA256

6d662c7d03513196c1024eec22e31ff9c70b2001eb1c0f1e1567c25e34486a47
SHA512

aca90fcf329443e0dce9bc1ae82295f343d982e287f1c2bb537b5e4ae21af646f27a7f1a3777b2dcd36d6afa81b55fef838ed7c9dbadc098a585cf119768fb30
SSDEEP

3072:vaiQO1NvXvHuHfRSUh5lqCEkkafV3n/aQ8IfgWskbLYoawBphqdxX3oiTO8vgtNx:vap2NvXfu/UUV3EbADDBCdxX4kO8YtNx

Score

1^/10

Malware Config

Signatures

Files

2024-02-04_a4fa7638df1764affa998e91d65fa786_karagany_mafia
.exe windows:5 windows x86 arch:x86

d83418331d500eed0ba3d24110020264

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:00:5d:2e:2b:cd:41:37:16:82:17:d8:c7:27:74:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/05/2014, 00:00

Not After

16/05/2015, 23:59

Subject

CN=Beijing JoinHope Image Technology Ltd.,O=Beijing JoinHope Image Technology Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

94:fa:63:ce:bb:bc:07:30:52:2a:9c:a5
Certificate

Issuer

CN=Pikachu Fake CA RSA,OU=Only for Crack & Testing,O=Pikachu Faker Network CA,C=CN,2.5.4.13=#134a446f206e6f7420747275737420746869732043412063657274696669636174652c206974206973206f6e6c7920666f7220666f726765727920616e6420637261636b2074657374696e67,2.5.4.13=#0c50e8afb7e58bbfe4bfa1e4bbbbe8afa54341e8af81e4b9a6efbc8ce4bb85e4be9be4bcaae980a0e5928ce7a0b4e8a7a3e6b58be8af95efbc8ce8afb7e58bbfe794a8e4ba8ee7949fe4baa7e78eafe5a283,2.5.4.41=#0c2ae79aaee58da1e4b898e4bcaae980a0e8af81e4b9a6e7a0b4e8a7a3e7b3bbe7bb9fe6a0b9e8af81e4b9a6,2.5.4.41=#131350696b616368752046616b6520434120525341

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=Pikachu Time Fake RSA 2048 V01-E2100,OU=Identity Authentication,O=Pikachu Trust Network CA,C=CN,2.5.4.13=#132450696b616368752054696d652046616b65205253412032303438205630312d4532313030,2.5.4.13=#0c2de79aaee58da1e4b898e697b6e997b4e4bcaae980a0e8af81e4b9a62052534132303438205630312d4532313030,2.5.4.41=#0c2de79aaee58da1e4b898e697b6e997b4e4bcaae980a0e8af81e4b9a62052534132303438205630312d4532313030,2.5.4.41=#132450696b616368752054696d652046616b65205253412032303438205630312d4532313030

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9c:b2:75:90:49:94:ad:bb:10:e3:4e:61:88:66:3c:0b:7b:30:3e:58
Signer

Actual PE Digest

9c:b2:75:90:49:94:ad:bb:10:e3:4e:61:88:66:3c:0b:7b:30:3e:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\大灰狼\Release\Payload.pdb

Imports

kernel32

VirtualFree
GetProcessHeap
IsBadReadPtr
SetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
ExitProcess
HeapFree
CreateDirectoryW
GetConsoleTitleA
GetFileAttributesW
GetModuleFileNameW
CopyFileA
GetModuleFileNameA
SetEndOfFile
CreateFileW
CreateFileA
HeapAlloc
FreeLibrary
GetCurrentProcess
WriteConsoleW
SetStdHandle
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetLastError
WideCharToMultiByte
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetCurrentThreadId
HeapCreate
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
IsProcessorFeaturePresent
Sleep
WriteFile
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
RtlUnwind
CloseHandle
RaiseException
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection

user32

FindWindowA
ShowWindow

advapi32

GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW

shell32

SHGetSpecialFolderPathA
ShellExecuteA

rpcrt4

NdrClientCall2
NdrServerCall2
RpcBindingSetAuthInfoExA
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingW

shlwapi

PathFindFileNameW
PathRemoveExtensionW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 285KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d83418331d500eed0ba3d24110020264

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0a:00:5d:2e:2b:cd:41:37:16:82:17:d8:c7:27:74:7cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

94:fa:63:ce:bb:bc:07:30:52:2a:9c:a5Certificate

Extended Key Usages

Key Usages

9c:b2:75:90:49:94:ad:bb:10:e3:4e:61:88:66:3c:0b:7b:30:3e:58Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

rpcrt4

shlwapi

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 285KB - Virtual size: 293KB

.reloc Size: 9KB - Virtual size: 8KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0a:00:5d:2e:2b:cd:41:37:16:82:17:d8:c7:27:74:7c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

94:fa:63:ce:bb:bc:07:30:52:2a:9c:a5
Certificate

9c:b2:75:90:49:94:ad:bb:10:e3:4e:61:88:66:3c:0b:7b:30:3e:58
Signer

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 285KB - Virtual size: 293KB

.reloc
Size: 9KB - Virtual size: 8KB