2024-02-12_f3d2f03b6dd1d2d0cc31c606bcef1f0c_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-12_f3d2f03b6dd1d2d0cc31c606bcef1f0c_mafia
Size

464KB
MD5

f3d2f03b6dd1d2d0cc31c606bcef1f0c
SHA1

2d7e7551ffb48dc3c639c4671a6120efb6a3f7bd
SHA256

e0fd269ba9088ed06037d372c528a60cbfb4b997ca5bad013953e564a6284a8a
SHA512

cc7a0778ddf8b07a1ddadea69ab4ea340a33bbe1eff6a79babeac052a17d65fc572610aa356b747d9a0159c72efa89f9f6dce0ea275829b0979a6d528ff882fe
SSDEEP

12288:6jxnjmPyaXkZJeowvmwhFs6VLC/pjhJHePV4IcshwKjqQMFh:ewd0gmwDVSjhJHuVws3qQMFh

Score

1^/10

Malware Config

Signatures

Files

2024-02-12_f3d2f03b6dd1d2d0cc31c606bcef1f0c_mafia
.exe windows:5 windows x86 arch:x86

95c180bce00e7298685e091752e844c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:0a:fe:56:29:0b:42:3d:16:9d:8b:8e:c7:bd:6a:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27-06-2014 00:00

Not After

26-06-2017 23:59

Subject

CN=POWERSTAR TECH,O=POWERSTAR TECH,L=Vancouver,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:f5:1e:7d:fa:9c:a6:4f:ab:1f:69:3f:23:41:93:1d:3f:16:6c:d0
Signer

Actual PE Digest

ad:f5:1e:7d:fa:9c:a6:4f:ab:1f:69:3f:23:41:93:1d:3f:16:6c:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\project\vjms3\branches\yaokan-oem\src\bin_r\MuMuService.pdb

Imports

mumudown

?ShowDlg@@YAPAUHWND__@@XZ

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

ws2_32

select
connect
WSAStartup
send
recv
closesocket
WSAGetLastError
recvfrom
sendto
ntohl
ntohs
__WSAFDIsSet
setsockopt
htons
getsockopt
shutdown
inet_addr
gethostbyname
getsockname
ioctlsocket
WSASetLastError
socket
htonl
bind
listen
accept

kernel32

GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
CreateThread
GetPrivateProfileStringW
CloseHandle
GetModuleFileNameW
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
lstrlenW
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
ReleaseSemaphore
WaitForSingleObject
GetCurrentThreadId
CreateEventA
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
GetStdHandle
SetEvent
WaitForMultipleObjects
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
FreeLibrary
LoadLibraryW
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetSystemInfo
GetProcAddress
GetModuleHandleW
lstrcmpiW
CreateMutexW
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
Sleep
EnterCriticalSection
LeaveCriticalSection
SetProcessWorkingSetSize
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
CreateDirectoryW
SetLastError
FormatMessageA
ExitThread
LCMapStringW
ReadFile
GetConsoleMode
GetConsoleCP
WriteFile
GetCPInfo
GetTimeZoneInformation
GetLocaleInfoW
SetHandleCount
GetFileType
FlushFileBuffers
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
WriteConsoleW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
SetEndOfFile
IsValidLocale
CreateFileA
CompareStringW
SetEnvironmentVariableA
CreateFileW
HeapAlloc
SetConsoleCtrlHandler
GetStartupInfoW
HeapSetInformation
GetCommandLineW
VirtualQuery
VirtualAlloc
VirtualProtect
ExitProcess
GetLocalTime
GetDateFormatA
GetTimeFormatA
RtlUnwind
CreateWaitableTimerA
SetWaitableTimer
SystemTimeToFileTime
GetTickCount
ResumeThread
TlsSetValue
ResetEvent
OpenEventA
GetCurrentProcessId
TlsGetValue
TlsFree
TlsAlloc
DecodePointer
EncodePointer
InitializeCriticalSection
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy

user32

TranslateMessage
CharNextW
PostThreadMessageW
IsWindow
DispatchMessageW
GetMessageW
SendMessageW

advapi32

RegEnumKeyExW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
ControlService
DeleteService
SetServiceStatus
RegQueryInfoKeyW
RegSetValueExW
CreateServiceW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW

ole32

CoAddRefServerProcess
CoInitialize
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoReleaseServerProcess
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocStringByteLen
SysStringByteLen

shlwapi

PathIsURLA
PathRemoveFileSpecA
PathFileExistsW
PathRemoveFileSpecW
PathIsDirectoryW
PathIsURLW
PathAppendW

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95c180bce00e7298685e091752e844c3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1d:0a:fe:56:29:0b:42:3d:16:9d:8b:8e:c7:bd:6a:f5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ad:f5:1e:7d:fa:9c:a6:4f:ab:1f:69:3f:23:41:93:1d:3f:16:6c:d0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mumudown

winmm

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 344KB - Virtual size: 344KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 15KB - Virtual size: 23KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 27KB - Virtual size: 27KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1d:0a:fe:56:29:0b:42:3d:16:9d:8b:8e:c7:bd:6a:f5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ad:f5:1e:7d:fa:9c:a6:4f:ab:1f:69:3f:23:41:93:1d:3f:16:6c:d0
Signer

.text
Size: 344KB - Virtual size: 344KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 15KB - Virtual size: 23KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 27KB - Virtual size: 27KB