2024-04-17_d4f1b30bc620dc9d391903a7c141e990_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-17_d4f1b30bc620dc9d391903a7c141e990_mafia
Size

1.6MB
MD5

d4f1b30bc620dc9d391903a7c141e990
SHA1

56c2ff169836e5295777cfaa4ffed38c8dc09a9e
SHA256

ede3ddc940e105ba34b5ee5810c69d48877d3c31022793a694fa83623e7807b6
SHA512

f781e2ff1cb054e32f5ec494246d20919d607116fd657e16e1c2da6b11b864a912e7cb4a7255bded033a5ae760f22bcdfcb32e625e3cab4f636f4463fd6867b3
SSDEEP

49152:4X1Y/VxIj/GEJi+nMUpQZoT663hN5QqMMKzeADQJ:KY/VxIj/GEJi4MU063hN5QqMMKzex

Score

1^/10

Malware Config

Signatures

Files

2024-04-17_d4f1b30bc620dc9d391903a7c141e990_mafia
.exe windows:5 windows x86 arch:x86

64bd03d2198154239a3791c83399df00

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:06:41:78:28:28:ae:ae:70:a7:76:be:e3:50:cb:a2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/07/2022, 00:00

Not After

17/07/2025, 23:59

Subject

SERIALNUMBER=2147741,CN=Fedeen Games Limited,O=Fedeen Games Limited,L=Kwun Tong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ed:c9:9a:1b:96:ec:18:d4:d4:ba:a5:ff:b1:93:6a:35:40:93:75:65:67:d5:0d:a4:83:95:22:56:a7:aa:20:72
Signer

Actual PE Digest

ed:c9:9a:1b:96:ec:18:d4:d4:ba:a5:ff:b1:93:6a:35:40:93:75:65:67:d5:0d:a4:83:95:22:56:a7:aa:20:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\hd_dev\newhd\updater\updater\Bin\Release\WmglUpdate.pdb

Imports

kernel32

LoadLibraryW
FreeLibrary
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
SetFileAttributesW
GetModuleHandleW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
OpenProcess
DuplicateHandle
RaiseException
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
HeapAlloc
GetProcessHeap
HeapFree
OpenEventW
FlushInstructionCache
SetLastError
FlushViewOfFile
FileTimeToSystemTime
GetFileTime
SetFilePointerEx
GetFileSizeEx
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
SetStdHandle
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
VirtualQuery
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileSize
GetStringTypeW
GetFileType
GetStdHandle
SetHandleCount
HeapDestroy
HeapCreate
HeapSize
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
GetProcessId
GetCurrentThreadId
TerminateThread
SetFileTime
WriteFile
GetFileAttributesW
LocalFileTimeToFileTime
MoveFileExW
SystemTimeToFileTime
ReadFile
SetFilePointer
CreateFileW
GetTickCount
DeviceIoControl
CreateFileA
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
ExitProcess
GetSystemTimeAsFileTime
CreateThread
ExitThread
DecodePointer
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
EncodePointer
InterlockedExchange
GetProfileIntA
MulDiv
GlobalSize
VirtualQueryEx
WriteProcessMemory
VirtualProtectEx
IsBadCodePtr
lstrcmpW
FreeResource
GlobalLock
GlobalUnlock
WritePrivateProfileStringW
lstrcpyW
FindResourceExW
LockResource
IsBadReadPtr
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
GetDriveTypeW
GlobalFree
GlobalAlloc
GetVersionExW
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetLocalTime
ResetEvent
WaitForSingleObject
SetEvent
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoW
GetUserDefaultUILanguage
MultiByteToWideChar
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateDirectoryW
lstrlenA
OutputDebugStringW
DebugBreak
CloseHandle
CreateEventW
InterlockedCompareExchange
GetLastError
CreateProcessW
InterlockedIncrement
GetModuleFileNameW
lstrlenW
CopyFileW
Sleep
GetCurrentDirectoryW
DeleteFileW
InterlockedDecrement

user32

GetAsyncKeyState
TrackPopupMenu
GetDoubleClickTime
GetDesktopWindow
GetSysColor
RegisterClipboardFormatW
SetCaretPos
FrameRect
GetDlgItem
GetKeyState
InflateRect
ShowCaret
HideCaret
CreateCaret
SetCursor
MsgWaitForMultipleObjects
wsprintfW
CreateDialogParamW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
DestroyWindow
InvalidateRect
SetWindowTextW
MoveWindow
SetFocus
IsWindowEnabled
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
IsWindowVisible
IsIconic
PostQuitMessage
ShowWindow
SetWindowLongW
SetTimer
KillTimer
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetForegroundWindow
GetCursorInfo
SendMessageW
GetSystemMetrics
LoadImageW
IsDialogMessageW
SetWindowPos
PostMessageW
IsWindow
CharNextW
LoadStringW
UnregisterClassA
CreateWindowExW
GetClassLongW
ReleaseCapture
TrackMouseEvent
GetAncestor
GetFocus
SetActiveWindow
CallWindowProcW
GetLayeredWindowAttributes
SetWindowsHookExW
RegisterClassExW
LoadCursorW
ValidateRect
GetCapture
EqualRect
SetClassLongW
ScreenToClient
GetCursorPos
SetCapture
ClientToScreen
CallNextHookEx
PtInRect
ReleaseDC
GetDC
WindowFromPoint
CopyRect
SetRect
OffsetRect
IntersectRect
UnionRect
SetLayeredWindowAttributes
GetNextDlgTabItem
SetWindowRgn
WindowFromDC
EndPaint
BeginPaint
UpdateWindow
RedrawWindow
SetParent
SetMenu
UpdateLayeredWindow
GetActiveWindow
GetClassInfoExW
MonitorFromPoint
SystemParametersInfoW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExA
OpenProcessToken
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
GetTokenInformation
LookupPrivilegeNameW
RegQueryValueExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW
ord74
DragQueryFileW
ShellExecuteW

ole32

OleUninitialize
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
CoCreateGuid
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleDuplicateData
OleSetContainedObject
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleInitialize

oleaut32

VarUI4FromStr

shlwapi

StrStrIW
PathFileExistsW
wnsprintfW
PathIsDirectoryW

comctl32

InitCommonControlsEx

psapi

GetMappedFileNameW

winhttp

WinHttpCrackUrl
WinHttpSetStatusCallback
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryOption
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpCloseHandle

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapLockBits
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDisposeImage
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDrawImageRectI
GdipFillRectangleI
GdipDrawRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePen
GdipCreatePen1
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits

winmm

timeSetEvent

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

riched20

ord4

gdi32

GetBkMode
SetStretchBltMode
SetDIBitsToDevice
GetObjectW
GetCurrentObject
DeleteDC
CreateCompatibleDC
GetTextExtentExPointW
GetDeviceCaps
ExtSelectClipRgn
ExcludeClipRect
GetStockObject
GdiSetBatchLimit
GetTextMetricsW
GetClipBox
GetTextExtentPoint32W
SetTextColor
SetBkMode
TextOutW
CreateFontIndirectW
SelectClipRgn
CreateRectRgn
CombineRgn
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject
SetBkColor
ExtTextOutW
BitBlt
CreateDIBSection

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

??0CSafeCrtBuffer@sonic_ui@@QAE@ABV01@@Z
??0CSafeCrtBuffer@sonic_ui@@QAE@XZ
??1CSafeCrtBuffer@sonic_ui@@UAE@XZ
??2CSafeCrtBuffer@sonic_ui@@SAPAXI@Z
??2CSafeCrtBuffer@sonic_ui@@SAPAXIPBDH@Z
??3CSafeCrtBuffer@sonic_ui@@SAXPAX@Z
??4CSafeCrtBuffer@sonic_ui@@QAEAAV01@ABV01@@Z
??_7CSafeCrtBuffer@sonic_ui@@6B@
??_UCSafeCrtBuffer@sonic_ui@@SAPAXI@Z
??_VCSafeCrtBuffer@sonic_ui@@SAXPAX@Z
GetSonicUI

Sections

.text
Size: 906KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64bd03d2198154239a3791c83399df00

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:06:41:78:28:28:ae:ae:70:a7:76:be:e3:50:cb:a2Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

ed:c9:9a:1b:96:ec:18:d4:d4:ba:a5:ff:b1:93:6a:35:40:93:75:65:67:d5:0d:a4:83:95:22:56:a7:aa:20:72Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

winhttp

iphlpapi

version

gdiplus

winmm

imm32

riched20

gdi32

msimg32

Exports

Exports

Sections

.text Size: 906KB - Virtual size: 906KB

.rdata Size: 190KB - Virtual size: 190KB

.data Size: 15KB - Virtual size: 31KB

.rsrc Size: 443KB - Virtual size: 442KB

.reloc Size: 63KB - Virtual size: 62KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:06:41:78:28:28:ae:ae:70:a7:76:be:e3:50:cb:a2
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

ed:c9:9a:1b:96:ec:18:d4:d4:ba:a5:ff:b1:93:6a:35:40:93:75:65:67:d5:0d:a4:83:95:22:56:a7:aa:20:72
Signer

.text
Size: 906KB - Virtual size: 906KB

.rdata
Size: 190KB - Virtual size: 190KB

.data
Size: 15KB - Virtual size: 31KB

.rsrc
Size: 443KB - Virtual size: 442KB

.reloc
Size: 63KB - Virtual size: 62KB