2024-04-16_635a6a7c5b5a83c43d680ec81d4f1c56_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_635a6a7c5b5a83c43d680ec81d4f1c56_mafia
Size

995KB
MD5

635a6a7c5b5a83c43d680ec81d4f1c56
SHA1

f9de7066a601b69d2b7e8ce002142bd6651b6b53
SHA256

87758c759313dba45569bd14acc57176b39bf292964883fc3b5d86abf52f4fa9
SHA512

d3e8d9041e8b4621cc41627301b7b879fbd1d8e9a4d3a04935496210c9217607fecbae14fe81e3f472c978cc1a71b2ce52d59abd765b998ec9618e5e340f64c2
SSDEEP

12288:kUa/ifjCFXhvxBiHaucnHDuoB7QQHjUjUoUyc2lvFvUaITtBhEGDczX:kUaqcXVxBi6ztjUwoUyVlvFsaIT6G+X

Score

1^/10

Malware Config

Signatures

Files

2024-04-16_635a6a7c5b5a83c43d680ec81d4f1c56_mafia
.exe windows:5 windows x86 arch:x86

4cd074037f28197f0933c0ce704fdcb6

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:7e:d4:aa:54:da:96:dd:a0:b6:31:ef:1d:ce:7f:03
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

27/11/2012, 00:00

Not After

27/11/2013, 23:59

Subject

CN=Wuhan Yu Ku of Network Technology Co.\, Ltd,OU=Ministry of Technology,O=Wuhan Yu Ku of Network Technology Co.\, Ltd,L=wuhan,ST=hubei,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d6:6c:61:d3:07:e0:25:5a:eb:aa:f1:6b:e0:0d:b6:0b:8a:62:bf:84
Signer

Actual PE Digest

d6:6c:61:d3:07:e0:25:5a:eb:aa:f1:6b:e0:0d:b6:0b:8a:62:bf:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\yuku\svn\XKGameBox2.0\Release\XKFlashGameBrowser.pdb

Imports

kernel32

OutputDebugStringW
MulDiv
FreeResource
GetCurrentDirectoryW
ReadFile
GetACP
ExitProcess
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
GetFileType
DuplicateHandle
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetStringTypeW
GetLocaleInfoW
SetLastError
TlsFree
TlsSetValue
GetExitCodeThread
TlsAlloc
IsValidCodePage
GetOEMCP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapCreate
IsProcessorFeaturePresent
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CompareStringW
GetCPInfo
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
GetStdHandle
WriteConsoleW
DecodePointer
EncodePointer
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryW
lstrlenA
GetCurrentProcessId
GetCurrentThreadId
GetThreadPriority
GetSystemInfo
VirtualProtectEx
VirtualAlloc
FlushInstructionCache
SetThreadPriority
InitializeCriticalSection
VirtualFree
GetCurrentProcess
VirtualQuery
GetThreadContext
CreateDirectoryW
CreateProcessW
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
GetProcAddress
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
InterlockedIncrement
LoadLibraryExW
FreeLibrary
GetLastError
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
GetTickCount
CreateThread
ResumeThread
SuspendThread
LockResource
OpenThread
SizeofResource
InterlockedDecrement
LoadResource
FindResourceW
FindResourceExW
Sleep
GetCurrentThread
LocalFree
WriteFile
GetFileSize
CloseHandle
CreateFileW
GetVersionExW
TlsGetValue

user32

GetClassInfoExW
SetPropW
TranslateMessage
IsWindow
RegisterClassW
GetPropW
CallWindowProcW
DispatchMessageW
HideCaret
ShowCaret
GetSysColor
LoadImageW
SetCaretPos
IsRectEmpty
GetFocus
GetWindowTextLengthW
GetMessageW
DestroyIcon
DrawIconEx
GetUpdateRect
SetRect
CharPrevW
DefWindowProcW
RegisterClassExW
LoadCursorW
PostQuitMessage
ReleaseDC
MoveWindow
GetDC
SetFocus
KillTimer
SetTimer
DrawTextW
LoadIconW
OffsetRect
InflateRect
wvsprintfW
CreateCaret
SendMessageW
ShowWindow
GetClientRect
SetWindowLongW
GetWindowLongW
IsIconic
GetWindowRect
GetKeyState
GetWindowTextW
EnableWindow
SetWindowTextW
PtInRect
ScreenToClient
SetWindowRgn
MessageBoxW
SetWindowPos
CharNextW
GetMonitorInfoW
IsWindowVisible
GetSystemMetrics
CreateWindowExW
SetLayeredWindowAttributes
MonitorFromWindow
GetParent
AnimateWindow
IsZoomed
PostMessageW
DestroyWindow
ClientToScreen
MapWindowPoints
GetDesktopWindow
IntersectRect
SetForegroundWindow
GetWindow
GetCursorPos
InvalidateRect
FillRect
SetCursor
ReleaseCapture
BeginPaint
CreateAcceleratorTableW
InvalidateRgn
SetCapture
EndPaint

gdi32

CreateSolidBrush
DeleteObject
CreateRoundRectRgn
GetObjectW
PtInRegion
RestoreDC
CreatePen
SaveDC
Rectangle
GetTextMetricsW
SetWindowOrgEx
TextOutW
CreateCompatibleBitmap
RoundRect
GetClipBox
SetStretchBltMode
GetCharABCWidthsW
ExtTextOutW
CreateRectRgnIndirect
CreatePenIndirect
SelectClipRgn
SetBkColor
StretchBlt
CreateDIBSection
LineTo
MoveToEx
CreateCompatibleDC
SelectObject
DeleteDC
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetStockObject
SetBkMode
SetTextColor
CreateFontIndirectW
GetPixel
CreateRectRgn
ExtSelectClipRgn
GetObjectA
CombineRgn

advapi32

RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW

shell32

Shell_NotifyIconW
SHGetFolderPathW

ole32

CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoTaskMemAlloc
CoInitialize
OleUninitialize
OleInitialize
CoTaskMemRealloc
CoInitializeEx
CoTaskMemFree
PropVariantClear
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
VarUI4FromStr
SysFreeString
SysAllocString

shlwapi

PathFileExistsW

winmm

timeGetDevCaps
timeBeginPeriod
timeKillEvent
timeEndPeriod
timeGetTime
timeSetEvent

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipDeleteFont
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipDeleteBrush
GdiplusStartup
GdipSetStringFormatAlign
GdipDrawImageI
GdiplusShutdown
GdipImageGetFrameCount
GdipCloneImage
GdipImageGetFrameDimensionsCount
GdipCreateFromHDC
GdipGetPropertyItemSize
GdipDisposeImage
GdipAlloc
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipLoadImageFromFile
GdipDeleteGraphics
GdipFree
GdipCreateFontFromDC
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateLineBrushI
GdipDrawString

wininet

InternetReadFile
InternetCloseHandle
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetOpenW
InternetCrackUrlW
InternetConnectW

Sections

.text
Size: 646KB - Virtual size: 646KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cd074037f28197f0933c0ce704fdcb6

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

09:7e:d4:aa:54:da:96:dd:a0:b6:31:ef:1d:ce:7f:03Certificate

Extended Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

d6:6c:61:d3:07:e0:25:5a:eb:aa:f1:6b:e0:0d:b6:0b:8a:62:bf:84Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

winmm

comctl32

gdiplus

wininet

Sections

.text Size: 646KB - Virtual size: 646KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 164KB - Virtual size: 188KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 49KB - Virtual size: 49KB

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

09:7e:d4:aa:54:da:96:dd:a0:b6:31:ef:1d:ce:7f:03
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

d6:6c:61:d3:07:e0:25:5a:eb:aa:f1:6b:e0:0d:b6:0b:8a:62:bf:84
Signer

.text
Size: 646KB - Virtual size: 646KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 164KB - Virtual size: 188KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 49KB - Virtual size: 49KB