2024-04-19_1213e00531977a5a291fb5be118f3795_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-19_1213e00531977a5a291fb5be118f3795_mafia
Size

589KB
MD5

1213e00531977a5a291fb5be118f3795
SHA1

5ac48ac5dc4020511e91b41c38275280483869c8
SHA256

f88d4e85a00bd5aeab704049e993763778bb38aac8ab3b76dd28b6a9ada04303
SHA512

bcc864170680ec23799a45b06a466958927ebadd7629af5779f9c4b95b577bea4b1104fe816ef4e200ada7c43679c287de79b5bacbc6724ee8641fcccd7fbebc
SSDEEP

12288:PByvagTITH9gLT4zcw92rdzAJGv3ryKYyvgO:PcvdWuLT6cw9MdzAJpFO

Score

1^/10

Malware Config

Signatures

Files

2024-04-19_1213e00531977a5a291fb5be118f3795_mafia
.exe windows:5 windows x86 arch:x86

1fce48835efe5370291ac72f2f7d6b10

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:ea:4a:fa:a9:42:d8
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/09/2012, 15:02

Not After

01/10/2015, 20:15

Subject

CN=悠然天地科技有限公司,O=悠然天地科技有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c0f7573406b756169796f6e672e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

9c:cb:55:97:d7:79:41:b3:70:24:72:9a:0a:7a:cc:b8:c8:47:34:fd
Signer

Actual PE Digest

9c:cb:55:97:d7:79:41:b3:70:24:72:9a:0a:7a:cc:b8:c8:47:34:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\快用\project\PCTools2010\pdb\release\setup.pdb

Imports

kernel32

ExitProcess
SetFileAttributesA
DeleteFileA
TerminateThread
LoadLibraryA
FreeLibrary
GetExitCodeProcess
Sleep
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
CreateEventA
LocalFree
CreateProcessA
WaitForSingleObject
CreateDirectoryA
GetModuleFileNameA
OpenProcess
TerminateProcess
GetLastError
CloseHandle
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetLocalTime
lstrlenA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetExitCodeThread
MulDiv
GetFileSize
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
HeapFree
RaiseException
RtlUnwind
HeapAlloc
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
WriteFile
GetModuleFileNameW
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeW
HeapReAlloc
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
WriteConsoleW
SetStdHandle
CreateFileA
CreateFileW
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetCurrentDirectoryA
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceA
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
SetFileTime

user32

ReleaseCapture
GetCapture
UpdateLayeredWindow
GetWindowRect
IsRectEmpty
SetFocus
GetFocus
MapWindowPoints
EqualRect
GetUpdateRect
GetWindow
ScreenToClient
GetCursorPos
GetParent
OffsetRect
InflateRect
SetCursor
wvsprintfA
IsIconic
GetMonitorInfoA
MonitorFromWindow
IsZoomed
SetWindowRgn
MessageBoxA
EnableWindow
SetCapture
CallWindowProcA
GetPropA
SetPropA
IsWindowVisible
RegisterClassA
GetClassInfoExA
InvalidateRect
MoveWindow
IntersectRect
PtInRect
CharNextA
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
CharPrevA
SetRect
RegisterWindowMessageA
GetWindowTextA
GetWindowTextLengthA
GetAsyncKeyState
SetWindowTextA
FillRect
InvalidateRgn
CreateAcceleratorTableA
SetWindowLongA
GetWindowLongA
SetWindowPos
GetClientRect
GetKeyState
IsWindow
GetDC
ReleaseDC
LoadAcceleratorsA
TranslateAcceleratorA
LoadIconA
LoadCursorA
RegisterClassExA
BeginPaint
EndPaint
PostMessageA
DefWindowProcA
DestroyWindow
DialogBoxParamA
SendMessageA
KillTimer
SetTimer
PostQuitMessage
MsgWaitForMultipleObjects
PeekMessageA
FindWindowA
GetWindowThreadProcessId
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
EndDialog
CreateWindowExA
ShowWindow
UpdateWindow

gdi32

GetStockObject
GetObjectA
CreateFontIndirectA
EnumFontFamiliesExA
Rectangle
BitBlt
DeleteObject
SelectObject
CombineRgn
CreateSolidBrush
SetBkMode
SetTextColor
SetBkColor
GetCharABCWidthsA
GetTextColor
CreateDCA
GetDIBits
GetDeviceCaps
GetTextMetricsA
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
PtInRegion
ExcludeClipRect
CreateRoundRectRgn
SetWindowOrgEx
DeleteDC
CreatePen
CreateCompatibleDC
CreateDIBSection
SaveDC
RestoreDC

advapi32

StartServiceA
QueryServiceStatus
OpenServiceA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorA
ChangeServiceConfigA
OpenSCManagerA
CloseServiceHandle

shell32

SHChangeNotify
ShellExecuteExA
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoCreateInstance

shlwapi

PathFileExistsA
PathRemoveFileSpecA

gdiplus

GdipCloneImage
GdipCloneBrush
GdipGetFontSize
GdipGetFamily
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreatePath
GdipDeletePath
GdipDeleteGraphics
GdipDeleteRegion
GdipGetRegionBounds
GdipDeleteFontFamily
GdipDeleteFont
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateLineBrushI
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesColorKeys
GdipCreateSolidFill
GdipCreateLineBrushFromRectI
GdipSetPenDashStyle
GdipSetStringFormatFlags
GdipGetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdipSetStringFormatMeasurableCharacterRanges
GdipGetStringFormatMeasurableCharacterRangeCount
GdipResetPath
GdipAddPathLineI
GdipAddPathArcI
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipDrawString
GdipMeasureString
GdipMeasureCharacterRanges
GdipDrawImageRectRectI
GdipSetClipRectI
GdipResetClip
GdipCreateRegion

oleaut32

VariantInit
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear

comctl32

_TrackMouseEvent
ord17

Sections

.text
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fce48835efe5370291ac72f2f7d6b10

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

19:9d:f8:8eCertificate

Key Usages

1f:ea:4a:fa:a9:42:d8Certificate

Extended Key Usages

Key Usages

9c:cb:55:97:d7:79:41:b3:70:24:72:9a:0a:7a:cc:b8:c8:47:34:fdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

gdiplus

oleaut32

comctl32

Sections

.text Size: 354KB - Virtual size: 354KB

.rdata Size: 78KB - Virtual size: 78KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 31KB - Virtual size: 30KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

19:9d:f8:8e
Certificate

1f:ea:4a:fa:a9:42:d8
Certificate

9c:cb:55:97:d7:79:41:b3:70:24:72:9a:0a:7a:cc:b8:c8:47:34:fd
Signer

.text
Size: 354KB - Virtual size: 354KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 31KB - Virtual size: 30KB