2024-02-19_0896a6027928aca2480413304f74305a_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-19_0896a6027928aca2480413304f74305a_mafia
Size

2.3MB
MD5

0896a6027928aca2480413304f74305a
SHA1

7ba025784d36aa32e468c93ede7bab0a8b1d8fe7
SHA256

a5f2c26c0c064df3461d8988e0eb3c48bfea3d7b541c68fce127fa6ef770cd56
SHA512

9bb783f2b58d2e1b41490f1c48ee93beef882f2403a82b3af1932dcb056c82580a56ad10b8ce42bd04a21049ff720f67400137678f48ff11608339ac7abdee0c
SSDEEP

49152:jMjd5HKgAfckjmCXhe9NQ8RVkDiKbLrz/Y3k7BPE4qvnEL7DvBVLjt1DeVbkCkin:jMR5ickjnXhek8RVkD9Lrz/Y3kNPE4qP

Score

1^/10

Malware Config

Signatures

Files

2024-02-19_0896a6027928aca2480413304f74305a_mafia
.exe windows:5 windows x86 arch:x86

74ae1396c498ba026bf7153a1125c241

Code Sign

24
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

24/10/2007, 22:01

Not After

24/10/2017, 22:01

Subject

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:13
Certificate

Issuer

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

21/11/2014, 20:45

Not After

22/11/2016, 06:52

Subject

CN=Chong Fang,L=Futian\, Shenzhen City,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c1777696c6c69616d732e766f6f6e40676d61696c2e636f6d,2.5.4.13=#13107332484e41596451764e377038755130

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

63:fa:73:e7:a8:11:26:0b:89:8a:8e:42:36:48:29:a8:ee:71:01:1e
Signer

Actual PE Digest

63:fa:73:e7:a8:11:26:0b:89:8a:8e:42:36:48:29:a8:ee:71:01:1e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetCookieA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenA
HttpQueryInfoA
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA

kernel32

IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
HeapCreate
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTimeZoneInformation
GetConsoleMode
GetDriveTypeW
CompareStringW
SetEnvironmentVariableA
WriteConsoleW
GetCurrentDirectoryW
CreateFileW
IsDebuggerPresent
SetUnhandledExceptionFilter
GetConsoleCP
UnhandledExceptionFilter
Sleep
GetModuleFileNameA
SizeofResource
TerminateProcess
LockResource
LoadResource
FindResourceW
GetLastError
GetProcAddress
LoadLibraryA
GetTempFileNameA
FreeLibrary
GetVolumeInformationA
LocalFree
FormatMessageA
FindClose
FindFirstFileA
WideCharToMultiByte
GetWindowsDirectoryA
DeleteFileA
GlobalAlloc
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
lstrlenA
WinExec
GetModuleHandleA
SetLastError
DeactivateActCtx
HeapSize
HeapQueryInformation
ExitProcess
CreateThread
ExitThread
GetFileType
SetStdHandle
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
RaiseException
HeapAlloc
HeapFree
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
RtlUnwind
FindResourceExW
VirtualProtect
GetNumberFormatA
GetCurrentDirectoryA
SetErrorMode
GetFileSizeEx
LocalFileTimeToFileTime
ActivateActCtx
CopyFileA
GetStdHandle
WriteFile
GetTempPathA
MultiByteToWideChar
GetFileAttributesExA
InterlockedDecrement
GetUserDefaultLangID
GlobalSize
lstrcpyA
GetSystemDirectoryW
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
TlsGetValue
GlobalFlags
GetProfileIntA
SearchPathA
GetDiskFreeSpaceA
GetFileTime
SetFileTime
ReplaceFileA
GetFileAttributesA
SystemTimeToFileTime
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
LoadLibraryExA
GetModuleHandleW
InterlockedExchange
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
FindNextFileA
lstrcmpA
GetShortPathNameA
GetFullPathNameA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
MoveFileA
CreateFileA
GetThreadLocale
GetStringTypeExA
lstrlenW
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalGetAtomNameA
GlobalReAlloc
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LoadLibraryW
lstrcmpW
FindResourceA
FreeResource
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetCurrentThreadId
GetVersionExA
lstrcmpiA
lstrcpynA
GetSystemDefaultLangID
GetLocaleInfoA
GetACP

user32

IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
CreateAcceleratorTableA
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawEdge
SetClassLongA
DestroyAcceleratorTable
DrawIconEx
GetIconInfo
NotifyWinEvent
EnableScrollBar
HideCaret
InvertRect
GetAsyncKeyState
GetMenuDefaultItem
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
LoadMenuW
LoadAcceleratorsW
LockWindowUpdate
GetDCEx
CharNextA
InvalidateRgn
CopyAcceleratorTableA
UnregisterClassA
SetLayeredWindowAttributes
EnumDisplayMonitors
GetSysColorBrush
CopyImage
RealChildWindowFromPoint
WaitMessage
SetWindowRgn
DrawIcon
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
SystemParametersInfoA
GetMenuItemInfoA
IsZoomed
SetParent
GetSystemMenu
DeleteMenu
UnionRect
IsRectEmpty
LoadCursorW
SetCursorPos
EndPaint
BeginPaint
GetWindowDC
GetMessageA
TranslateMessage
MapVirtualKeyA
GetKeyNameTextA
GetCursorPos
WindowFromPoint
ClientToScreen
SetRect
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
DestroyIcon
LoadAcceleratorsA
IsIconic
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
CharUpperA
GetSystemMetrics
GetMenuStringA
AppendMenuA
RemoveMenu
GetWindowThreadProcessId
ShowWindow
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
MapVirtualKeyExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
ValidateRect
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
GetMenu
SetWindowPos
GetWindow
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
LoadBitmapW
KillTimer
SetTimer
GrayStringA
DrawTextExA
TabbedTextOutA
GetSysColor
ReleaseCapture
LoadImageA
GetWindowLongA
SetCapture
GetCapture
GetActiveWindow
GetWindowRgn
SubtractRect
GetDoubleClickTime
CharUpperBuffA
CopyIcon
GetUpdateRect
IsClipboardFormatAvailable
SetMenuDefaultItem
RedrawWindow
InvalidateRect
GetClientRect
DrawFocusRect
FrameRect
FillRect
OffsetRect
InflateRect
PtInRect
CopyRect
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
IsMenu
MonitorFromPoint
DrawStateA
DestroyCursor
IsWindowEnabled
GetWindowTextLengthA
GetParent
PostMessageA
GetDlgItem
GetWindowTextA
SetWindowTextA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
IsWindow
ScreenToClient
GetForegroundWindow
SetActiveWindow
SetForegroundWindow
MessageBoxA
SetCursor
LoadStringA
LoadCursorA
UpdateWindow
InsertMenuA
GetSubMenu
SetWindowLongA
CallWindowProcA
LoadBitmapA
LoadIconW
GetWindowRect
DrawTextA
GetDC
ReleaseDC
wsprintfA
SendMessageA
EnableWindow
GetClassLongA
UpdateLayeredWindow
IntersectRect

gdi32

SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreateHatchBrush
GetCharWidthA
StretchDIBits
GetTextMetricsA
CreateFontIndirectA
CreateEllipticRgn
LPtoDP
Ellipse
CreateDIBSection
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetRectRgn
CombineRgn
GetMapMode
GetRgnBox
GetTextColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateRoundRectRgn
CreatePolygonRgn
Polyline
Polygon
SetDIBColorTable
StretchBlt
SetPixel
OffsetRgn
EnumFontFamiliesExA
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceA
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
GetBkColor
CreateDCA
CopyMetaFileA
CreateBitmap
SetBkColor
SetTextColor
GetObjectA
Escape
ExtTextOutA
RectVisible
PtVisible
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPoint32W
LineTo
TextOutA
CreatePen
CreateSolidBrush
MoveToEx
Rectangle
DeleteObject
GetDeviceCaps
CreateFontA
DPtoLP
GetTextExtentPoint32A
SelectObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA
EnumJobsA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetUserNameA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
RegCloseKey
RegOpenKeyExW
RegSetValueA
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegOpenKeyA

shell32

SHAppBarMessage
SHGetFileInfoA
DragFinish
DragQueryFileA
SHAddToRecentDocs
ExtractIconA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
SHBrowseForFolderA

comctl32

ImageList_GetIconSize

shlwapi

UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindExtensionA
PathFindFileNameA

ole32

OleRun
CoDisconnectObject
CoInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
OleDraw
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
StringFromCLSID
CoTaskMemFree
CreateILockBytesOnHGlobal
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRegisterMessageFilter

oleaut32

LoadTypeLi
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SysStringLen
VariantChangeType
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
OleCreateFontIndirect
SafeArrayPutElement
SysAllocStringByteLen
VariantClear
SysAllocString
VariantInit
VariantCopy
GetErrorInfo
SafeArrayAccessData
CreateErrorInfo

oledlg

ord8

ws2_32

bind
WSASetLastError
sendto
recvfrom
WSAAsyncSelect
gethostname
WSAStartup
htonl
socket
inet_addr
gethostbyname
gethostbyaddr
closesocket
htons
connect
send
recv
WSACleanup
select
accept
WSAGetLastError

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipGetImageWidth
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74ae1396c498ba026bf7153a1125c241

Code Sign

24Certificate

Key Usages

11:13Certificate

Extended Key Usages

Key Usages

63:fa:73:e7:a8:11:26:0b:89:8a:8e:42:36:48:29:a8:ee:71:01:1eSigner

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

ws2_32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 378KB - Virtual size: 377KB

.data Size: 27KB - Virtual size: 57KB

.rsrc Size: 88KB - Virtual size: 87KB

.reloc Size: 202KB - Virtual size: 202KB

24
Certificate

11:13
Certificate

63:fa:73:e7:a8:11:26:0b:89:8a:8e:42:36:48:29:a8:ee:71:01:1e
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 378KB - Virtual size: 377KB

.data
Size: 27KB - Virtual size: 57KB

.rsrc
Size: 88KB - Virtual size: 87KB

.reloc
Size: 202KB - Virtual size: 202KB