2024-02-24_12dfd2d9bfca37d9c287fe2f21056c86_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-24_12dfd2d9bfca37d9c287fe2f21056c86_mafia
Size

5.5MB
MD5

12dfd2d9bfca37d9c287fe2f21056c86
SHA1

ca81283db27060ec031a9a0b4cb4b1a03041dab9
SHA256

de6b6e55e751ff137842e8f6fef721dc72ac97555d2977f82e43b6f097b395dc
SHA512

5ccdc8c188bbe50b31357e2133ffeae34b50618620163c2fe7aa3763d235742124930dafe3d5a27d237f6c5801c8cb642492369b2fd7f95fafabacdc372d45de
SSDEEP

98304:OSHvfNjEO+NQvijc4vT6NPMKQC55FzQdsVh:OSvfqNcsvT6NV3

Score

1^/10

Malware Config

Signatures

Files

2024-02-24_12dfd2d9bfca37d9c287fe2f21056c86_mafia
.exe windows:5 windows x86 arch:x86

55a5139326313a588057f1f22aff9111

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c2:88:9d:f8:d2:8b:50:11:60:ed:78:68:55:d4:4f:f6:7d:f3:82:6f
Signer

Actual PE Digest

c2:88:9d:f8:d2:8b:50:11:60:ed:78:68:55:d4:4f:f6:7d:f3:82:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\build3.0.3\Funshion\Rel\bin\Release\Funshion.pdb

Imports

ws2_32

ntohl
sendto
gethostbyname
WSACleanup
WSAStartup
inet_ntoa
gethostname
freeaddrinfo
getaddrinfo
ioctlsocket
getsockopt
__WSAFDIsSet
WSAGetLastError
select
recv
send
setsockopt
closesocket
accept
getnameinfo
connect
getsockname
listen
getservbyname
bind
htonl
WSASocketA
WSAIoctl
recvfrom
inet_addr
shutdown
ntohs
getpeername
htons
socket

dbghelp

MiniDumpWriteDump

shlwapi

PathIsRootW
PathAppendW
StrCmpIW
PathFindExtensionW
StrCpyW
PathAddExtensionW
PathRemoveExtensionW
PathFindFileNameW
StrStrIW
SHSetValueW
SHDeleteKeyW
SHGetValueW
SHDeleteValueW
PathRemoveFileSpecW
PathFileExistsW
StrFormatByteSizeW

wininet

InternetReadFile
InternetGetCookieExW
InternetOpenUrlW
HttpQueryInfoA
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache
InternetSetOptionA
HttpQueryInfoW
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetSetCookieW

iphlpapi

GetBestInterface
GetIfEntry
GetAdaptersInfo

psapi

GetModuleFileNameExW

winmm

mixerClose
mixerGetControlDetailsW
mixerGetLineInfoW
mixerOpen
mixerGetLineControlsW
timeGetTime
waveOutSetVolume
waveOutGetVolume

rpcrt4

UuidCreate
UuidToStringW

dsound

ord3

kernel32

TlsSetValue
TlsFree
FreeEnvironmentStringsW
TlsAlloc
TlsGetValue
GetCPInfo
ExitThread
GetConsoleMode
GetConsoleCP
HeapCreate
FindFirstFileExW
UnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
ExitProcess
FindResourceExW
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
CreateDirectoryW
GlobalLock
OutputDebugStringW
GetModuleHandleW
GlobalAlloc
InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
MulDiv
GetModuleFileNameW
lstrcmpW
MultiByteToWideChar
lstrlenW
GlobalUnlock
FlushInstructionCache
RaiseException
GetLastError
SetLastError
GetProcAddress
EnterCriticalSection
LockResource
CreateEventW
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
GetFileSize
InterlockedCompareExchange
ReadFile
CreateFileW
GlobalFree
lstrlenA
LoadLibraryW
GetPrivateProfileIntW
OutputDebugStringA
FindFirstFileW
GetDriveTypeA
GetSystemDirectoryW
GetVersionExW
GetLogicalDriveStringsA
FindClose
Process32FirstW
GlobalMemoryStatusEx
RemoveDirectoryW
GetDiskFreeSpaceA
GetSystemInfo
Process32NextW
IsValidCodePage
FindNextFileW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
DeleteFileW
SetFileAttributesW
WideCharToMultiByte
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateThread
Sleep
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentDirectoryW
WriteFile
GetFileAttributesW
TryEnterCriticalSection
InitializeCriticalSection
SetInformationJobObject
CreateJobObjectW
GetTickCount
AssignProcessToJobObject
OpenJobObjectW
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
GetLocalTime
WaitForSingleObject
SetEvent
TerminateThread
CopyFileW
FileTimeToSystemTime
MoveFileW
FileTimeToLocalFileTime
lstrcpyW
InterlockedExchange
SetThreadExecutionState
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
DeviceIoControl
CreateMutexA
ReleaseMutex
CreateEventA
ResetEvent
SetThreadPriority
GetThreadPriority
GetLogicalDrives
GetTimeZoneInformation
GetSystemTimeAsFileTime
OpenProcess
TerminateProcess
WaitForMultipleObjects
IsBadReadPtr
GetDriveTypeW
GlobalHandle
lstrcpynW
VirtualProtect
LoadLibraryA
ExpandEnvironmentStringsW
FlushFileBuffers
SetHandleInformation
GetStartupInfoW
GetStdHandle
CreatePipe
GlobalReAlloc
GetFileAttributesA
GetFileAttributesExW
DeleteFileA
GetFullPathNameW
GetFullPathNameA
SetFilePointer
SetEndOfFile
QueryPerformanceCounter
UnlockFile
LockFile
FormatMessageA
GetTempPathW
LockFileEx
GetTempPathA
GetSystemTime
AreFileApisANSI
LCMapStringW
CompareStringW
SetHandleCount
GetFileType
SetEnvironmentVariableA
GetFileInformationByHandle
PeekNamedPipe
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetDateFormatW
InterlockedPushEntrySList
GetTimeFormatW
GetDateFormatA
GetTimeFormatA
RtlUnwind
HeapSetInformation
GetCommandLineW
GetComputerNameW
GetVersionExA
SetEnvironmentVariableW
GetEnvironmentVariableW
GetLogicalDriveStringsW
GetLongPathNameW
SetFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WriteConsoleW
OpenEventA
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
LocalFileTimeToFileTime
CreateFileMappingW
CreateMutexW
LocalFree
GetLocaleInfoW
DecodePointer
EncodePointer
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
GetEnvironmentStringsW
VirtualFree
IsProcessorFeaturePresent
GetModuleHandleA

user32

CreateDesktopW
wvsprintfA
wsprintfA
GetSystemMetrics
SetTimer
KillTimer
SetRect
IsWindowVisible
DrawTextW
ShowWindow
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
GetMessageW
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
GetFocus
GetParent
InvalidateRgn
LoadCursorW
FindWindowW
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
wsprintfW
CheckMenuRadioItem
TranslateMessage
RegisterClassExW
InvalidateRect
GetWindowLongW
GetWindowTextW
PeekMessageW
GetClassNameW
GetDlgItem
RedrawWindow
GetDesktopWindow
GetSysColor
SetWindowPos
IsWindow
CreateWindowExW
MessageBoxW
ReleaseCapture
SendMessageW
SetWindowTextW
GetTopWindow
WindowFromPoint
GetForegroundWindow
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageW
CreateDialogIndirectParamW
DialogBoxParamW
EndDialog
GetMenuItemID
GetMenuItemCount
CloseClipboard
EmptyClipboard
GetSysColorBrush
OpenClipboard
SetClipboardData
IntersectRect
DisableProcessWindowsGhosting
EqualRect
AppendMenuW
CallWindowProcW
DefWindowProcW
GetWindow
MoveWindow
DispatchMessageW
SetRectEmpty
RegisterClassW
IsRectEmpty
SetCursor
GetCapture
BringWindowToTop
GetKeyState
UnregisterHotKey
RegisterHotKey
UpdateLayeredWindow
GetWindowDC
UpdateWindow
EnumDisplayMonitors
GetMonitorInfoW
LoadMenuW
EnableMenuItem
RemoveMenu
DestroyMenu
CheckMenuItem
SendMessageA
SetLayeredWindowAttributes
CreateDialogParamW
PostQuitMessage
SetActiveWindow
IsIconic
PostMessageW
IsZoomed
CopyRect
MonitorFromRect
OffsetRect
MapWindowPoints
SetForegroundWindow
IsWindowEnabled
GetCursorPos
LoadImageW
RegisterDeviceNotificationW
GetWindowThreadProcessId
SetWindowRgn
PtInRect
InflateRect
SystemParametersInfoW
TrackPopupMenu
UnregisterClassA
DestroyIcon
GetDlgCtrlID
GetActiveWindow
MonitorFromWindow
GetSubMenu
ReleaseDC
ModifyMenuW
ExitWindowsEx
EnableWindow
PostThreadMessageW
GetWindowRect
GetDC
ShowCursor
SetWindowLongW

gdi32

CreatePen
LineTo
SaveDC
RoundRect
DPtoLP
Rectangle
CreateRectRgn
CombineRgn
SetPixel
RestoreDC
CreateFontIndirectW
ExtTextOutW
CreateRoundRectRgn
GetTextExtentPoint32W
SetTextColor
CreateDIBSection
SetBkColor
SetBkMode
BitBlt
DeleteDC
GetDeviceCaps
DeleteObject
CreateFontW
GetTextColor
ExtSelectClipRgn
GetClipBox
CreateRectRgnIndirect
SelectClipRgn
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
CreateSolidBrush
GetStockObject
MoveToEx

advapi32

OpenProcessToken
RegQueryInfoKeyW
InitializeSecurityDescriptor
IsTextUnicode
RegOpenKeyExA
RegOpenKeyW
RegDeleteKeyW
SetSecurityDescriptorDacl
RegDeleteValueW
RegQueryValueExA
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

shell32

ShellExecuteExW
SHChangeNotify
Shell_NotifyIconW
DragQueryFileW
SHGetDesktopFolder
SHGetPathFromIDListW
ord4
ord165
SHBrowseForFolderW
SHGetMalloc
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW
ord2
SHFileOperationW

ole32

CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleCreate
StgCreateDocfile
CoCreateGuid
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
OleSetContainedObject
OleDraw
OleUninitialize
OleInitialize
CoCreateInstance
OleLockRunning
CoTaskMemRealloc
StringFromGUID2

oleaut32

GetErrorInfo
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
OleLoadPicture
LoadRegTypeLi
SysFreeString
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
VariantClear
SysStringLen
SysAllocString

comctl32

ImageList_Create
InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend
TransparentBlt
GradientFill

urlmon

CoInternetSetFeatureEnabled
UrlMkGetSessionOption

winhttp

WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpCrackUrl
WinHttpReceiveResponse

imagehlp

ImageGetCertificateHeader
ImageGetCertificateData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

wintrust

WinVerifyTrust

crypt32

CryptVerifyMessageSignature

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 899KB - Virtual size: 899KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 763KB - Virtual size: 763KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55a5139326313a588057f1f22aff9111

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:deCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

c2:88:9d:f8:d2:8b:50:11:60:ed:78:68:55:d4:4f:f6:7d:f3:82:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

dbghelp

shlwapi

wininet

iphlpapi

psapi

winmm

rpcrt4

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

urlmon

winhttp

imagehlp

version

comdlg32

wintrust

crypt32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 899KB - Virtual size: 899KB

.data Size: 128KB - Virtual size: 156KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 763KB - Virtual size: 763KB

.reloc Size: 211KB - Virtual size: 210KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

c2:88:9d:f8:d2:8b:50:11:60:ed:78:68:55:d4:4f:f6:7d:f3:82:6f
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 899KB - Virtual size: 899KB

.data
Size: 128KB - Virtual size: 156KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 763KB - Virtual size: 763KB

.reloc
Size: 211KB - Virtual size: 210KB