2024-04-11_0b4c9085ada21f6299f26b26c3506033_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-11_0b4c9085ada21f6299f26b26c3506033_mafia
Size

302KB
MD5

0b4c9085ada21f6299f26b26c3506033
SHA1

d4ccaf2929be601c8a6dd3565b1634b87f990605
SHA256

adb88bdc75d28acefcf8e604fc8c7eef954a351d186deafac2f5420239306a30
SHA512

64355fdef0c1318753d9003461612ff30d3105dc599cdd8765e206c27d562ed2000a977b4065d94fef9da672363ef66c2adee3c4e58fd7f3ab348012d865e572
SSDEEP

6144:QHkP9+bRq7aKEtDuhARW4HvXQ3bJSZTBr4+S+:QEF+bU7fEpuh8W4439SZT13S+

Score

1^/10

Malware Config

Signatures

Files

2024-04-11_0b4c9085ada21f6299f26b26c3506033_mafia
.exe windows:5 windows x86 arch:x86

3ef935dbaf7d7b21fa4f8cbda4e2f15f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

76:3a:3a:6b:f8:60:14:3d:8d:4e:ca:c6:60:60:1b:dc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/02/2012, 00:00

Not After

15/07/2014, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong \ ,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:cd:ee:d3:78:2a:4a:6a:d9:07:96:84:f7:b0:16:67:12:e6:91:d3
Signer

Actual PE Digest

67:cd:ee:d3:78:2a:4a:6a:d9:07:96:84:f7:b0:16:67:12:e6:91:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\RuanMei\PCMaster\bin\Release\pcmastersvc.pdb

Imports

kernel32

GlobalLock
GlobalAlloc
ReadFile
GetFileSizeEx
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileTime
GetFileAttributesW
DeviceIoControl
GetVersionExW
FileTimeToSystemTime
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
IsBadCodePtr
IsBadReadPtr
WriteProcessMemory
GlobalUnlock
LoadLibraryW
LocalFree
CopyFileW
ConnectNamedPipe
Sleep
CreateNamedPipeW
lstrcmpiW
WaitNamedPipeW
MultiByteToWideChar
RaiseException
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
WideCharToMultiByte
CompareStringW
SetEndOfFile
WriteConsoleW
GlobalFree
GetFullPathNameW
SetUnhandledExceptionFilter
GetModuleFileNameW
CreateDirectoryW
GetLastError
GetLocalTime
GetCurrentThreadId
CreateFileW
GetCurrentProcessId
GetCommandLineW
WriteFile
DeleteFileW
CreateProcessW
lstrlenW
lstrcpyW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
WTSGetActiveConsoleSessionId
GetTickCount
CreateEventW
WaitForSingleObject
CloseHandle
VirtualProtect
UnmapViewOfFile
CreateFileA
IsValidLocale
SetEnvironmentVariableA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
FlushFileBuffers
SetStdHandle
FatalAppExitA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
HeapCreate
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetCurrentThread
InterlockedDecrement
SetLastError
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
ResumeThread
CreateThread
EncodePointer
DecodePointer
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

wsprintfW
MessageBoxW

advapi32

RegisterServiceCtrlHandlerExW
SetServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegCreateKeyExW
RegFlushKey
RegCloseKey
RegOpenKeyExW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
CreateServiceW
CloseServiceHandle
ChangeServiceConfigW
ChangeServiceConfig2W
StartServiceW
GetTokenInformation
CreateProcessAsUserW
StartServiceCtrlDispatcherW

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoInitializeEx
CoInitialize
CoUninitialize

oleaut32

SysFreeString

shlwapi

PathFileExistsW
PathAppendW
PathFindFileNameW
PathFindExtensionW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCloseHandle

dbghelp

MiniDumpWriteDump

userenv

CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSQuerySessionInformationW
WTSFreeMemory

Sections

.text
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ef935dbaf7d7b21fa4f8cbda4e2f15f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

76:3a:3a:6b:f8:60:14:3d:8d:4e:ca:c6:60:60:1b:dcCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

67:cd:ee:d3:78:2a:4a:6a:d9:07:96:84:f7:b0:16:67:12:e6:91:d3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

wininet

dbghelp

userenv

wtsapi32

Sections

.text Size: 233KB - Virtual size: 232KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

76:3a:3a:6b:f8:60:14:3d:8d:4e:ca:c6:60:60:1b:dc
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

67:cd:ee:d3:78:2a:4a:6a:d9:07:96:84:f7:b0:16:67:12:e6:91:d3
Signer

.text
Size: 233KB - Virtual size: 232KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB