2024-02-28_a3c4026379d4605ae852db87926ea523_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-28_a3c4026379d4605ae852db87926ea523_mafia
Size

253KB
MD5

a3c4026379d4605ae852db87926ea523
SHA1

a1cfc9c0cc28c083d237f8ba145761532023fca5
SHA256

a08dd1290d50ea00afa1a9bf8ca49baf464f2a3e99d5dd30e167b75c688e2fd6
SHA512

a09507670a80a03db04542436601bcbb256a7e00b821d7409ee2b69a30c87fcde12056d325a09baebf88bd6fd8b891632fac875c9336339fc282dcd9f584496a
SSDEEP

3072:MGbSfuFylkv4soajf9IxSbrN7UpO+X+Gs69EIHTNNq6flP/KBS2y:MGbGkwMjVIxSN7cO+9s69EIzzq6dPJ

Score

1^/10

Malware Config

Signatures

Files

2024-02-28_a3c4026379d4605ae852db87926ea523_mafia
.exe windows:5 windows x86 arch:x86

6ebd2f9246dea5351307db8bc47c70b0

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:12:c4:51:40:4a:ef:c1:da:37:01:b2:58:cd:73:0d
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/12/2013, 00:00

Not After

06/12/2015, 23:59

Subject

CN=Shenzhen Raywing Technology Co.\, Ltd,O=Shenzhen Raywing Technology Co.\, Ltd,POSTALCODE=518000,STREET=Rm1205 Blk B\, Haisong Bld\, ChegongMiao\, Futian District,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:80:73:0c:ff:4f:e6:9e:23:fb:f1:cf:f1:39:9a:24:aa:81:e6:f4
Signer

Actual PE Digest

6c:80:73:0c:ff:4f:e6:9e:23:fb:f1:cf:f1:39:9a:24:aa:81:e6:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
Sleep
UnlockFile
WriteFile
LockFile
SetFilePointer
GetPrivateProfileStringW
DeleteFileW
CreateFileA
SetCurrentDirectoryA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
OutputDebugStringA
GetFileAttributesW
CreateDirectoryW
GetFileSize
GetLastError
GetLocalTime
GetPrivateProfileIntW
GetTempPathW
InitializeCriticalSectionAndSpinCount
FlushInstructionCache
GetCurrentProcess
lstrlenW
GetProcAddress
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SetLastError
FreeLibrary
LoadLibraryExW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SizeofResource
SetEndOfFile
CreateFileW
SetStdHandle
WriteConsoleW
ReadFile
FlushFileBuffers
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
LoadLibraryW
GetLocaleInfoW
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
OutputDebugStringW
CreateProcessW
WaitForSingleObject
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
RaiseException
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
MultiByteToWideChar
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetCPInfo
LCMapStringW
MoveFileA
DeleteFileA
ExitProcess
CreateThread
ExitThread
RtlUnwind
GetStartupInfoW
HeapSetInformation
InterlockedExchange
EncodePointer
DecodePointer
GetCommandLineW

user32

MonitorFromWindow
GetWindowRect
GetWindow
GetParent
PostQuitMessage
SetWindowLongW
GetMonitorInfoW
GetSystemMetrics
MessageBoxW
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
GetClientRect
LoadImageW
DefWindowProcW
DestroyWindow
SendMessageW
GetWindowLongW
GetDlgItem
IsDialogMessageW
SetWindowPos
UnregisterClassA
PeekMessageW
CreateDialogParamW
CharNextW
MapWindowPoints

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

ws2_32

WSACleanup
WSAStartup
getsockopt
__WSAFDIsSet
select
connect
ioctlsocket
htons
closesocket
gethostbyname
WSAGetLastError
socket
recv
send

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ebd2f9246dea5351307db8bc47c70b0

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

22:12:c4:51:40:4a:ef:c1:da:37:01:b2:58:cd:73:0dCertificate

Extended Key Usages

Key Usages

6c:80:73:0c:ff:4f:e6:9e:23:fb:f1:cf:f1:39:9a:24:aa:81:e6:f4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

comctl32

ws2_32

Sections

.text Size: 157KB - Virtual size: 157KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 21KB - Virtual size: 20KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

22:12:c4:51:40:4a:ef:c1:da:37:01:b2:58:cd:73:0d
Certificate

6c:80:73:0c:ff:4f:e6:9e:23:fb:f1:cf:f1:39:9a:24:aa:81:e6:f4
Signer

.text
Size: 157KB - Virtual size: 157KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 21KB - Virtual size: 20KB