2024-04-16_350be959599395a0a130e321ad2b85e3_karagany_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_350be959599395a0a130e321ad2b85e3_karagany_mafia
Size

484KB
MD5

350be959599395a0a130e321ad2b85e3
SHA1

0d9ad031cd7739f54747a343c5f264c3b8cfe537
SHA256

373c6a27e0715aa3a9b7f09194d44c14635c5a5a3993701108e96ff0a0b21314
SHA512

b412a5b8df4a95584b688062bfe6c0a3af83c809a6fbd839cefdc27f6f5b423931b652d314da6c355b309c272403ed9a2b2d9b9c5706b52c91e0669e0960134e
SSDEEP

6144:IJiPhfHFNfJAALdRywh9TIJhFRUywREw7hvnlpw:MilHThA4Vh9sJhnmREShv

Score

1^/10

Malware Config

Signatures

Files

2024-04-16_350be959599395a0a130e321ad2b85e3_karagany_mafia
.exe windows:5 windows x86 arch:x86

7e8794cad1dfb5fcd7c2e4d24af38b06

Code Sign

1b:5f:8b:ae:6a:22:6a:72:48:ff:b5:93:c5:4c:14:a5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/05/2013, 00:00

Not After

14/05/2016, 23:59

Subject

CN=ZWCAD Software Co.\,LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ZWCAD Software Co.\,LTD,L=guangzhou,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

75:35:96:3d:cb:6c:70:cf:93:fd:3c:cb:e6:91:cf:c4:75:9d:4e:30
Signer

Actual PE Digest

75:35:96:3d:cb:6c:70:cf:93:fd:3c:cb:e6:91:cf:c4:75:9d:4e:30

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\setup\ZWCADplusSetup\CHS\Setup.pdb

Imports

kernel32

LoadLibraryExW
GetModuleFileNameW
GetPrivateProfileStringW
CreateThread
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
LCMapStringW
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetLocaleInfoW
LoadLibraryW
MultiByteToWideChar
SetConsoleCtrlHandler
FatalAppExitA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
FreeLibrary
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
lstrlenW
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateProcessW
WaitForSingleObject
CloseHandle
GetCurrentThread
GetLastError
GetCurrentProcess
LocalAlloc
LocalFree
GetCurrentThreadId
FindResourceExW
RaiseException
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
WriteFile
HeapCreate
EnterCriticalSection
InterlockedExchange
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
Sleep
ExitProcess
IsProcessorFeaturePresent
IsValidLocale

user32

SetDlgItemTextW
SendMessageW
IsDialogMessageW
GetWindowLongW
DestroyWindow
LoadImageW
DefWindowProcW
MessageBoxW
CharNextW
SetWindowPos
PostQuitMessage
GetSystemMetrics
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints

advapi32

RegDeleteKeyW
RevertToSelf
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysFreeString
VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e8794cad1dfb5fcd7c2e4d24af38b06

Code Sign

1b:5f:8b:ae:6a:22:6a:72:48:ff:b5:93:c5:4c:14:a5Certificate

Extended Key Usages

Key Usages

75:35:96:3d:cb:6c:70:cf:93:fd:3c:cb:e6:91:cf:c4:75:9d:4e:30Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 105KB - Virtual size: 104KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 322KB - Virtual size: 321KB

.reloc Size: 29KB - Virtual size: 29KB

1b:5f:8b:ae:6a:22:6a:72:48:ff:b5:93:c5:4c:14:a5
Certificate

75:35:96:3d:cb:6c:70:cf:93:fd:3c:cb:e6:91:cf:c4:75:9d:4e:30
Signer

.text
Size: 105KB - Virtual size: 104KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 322KB - Virtual size: 321KB

.reloc
Size: 29KB - Virtual size: 29KB