General

Malware Config

Signatures

Files

• 2024-04-20_dabadfba992c0ed5b5035adc866e901d_karagany_mafia

  .exe windows:5 windows x86 arch:x86

  27d5cc28c02d92bdd0d607202531b52a

  
  

  Code Sign

  3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  24-04-2012 00:00

  Not After

  24-04-2015 23:59

  Subject

  CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  99:e6:53:43:37:94:79:e3:99:a4:12:8d:d4:de:c7:8e:56:85:21:4e

  Signer

  Actual PE Digest

  99:e6:53:43:37:94:79:e3:99:a4:12:8d:d4:de:c7:8e:56:85:21:4e

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  d:\clientci\workspace\Spark MiniSetup\spark_plugin\BDBrowserOutput\Release\bdMiniDownloader.pdb

  Imports

  ws2_32

  getaddrinfo

  freeaddrinfo

  WSAIoctl

  htonl

  wininet

  InternetConnectW

  HttpOpenRequestW

  InternetOpenW

  HttpSendRequestW

  InternetCloseHandle

  InternetCrackUrlW

  InternetReadFile

  HttpQueryInfoW

  shlwapi

  PathGetDriveNumberW

  PathRemoveFileSpecW

  PathFindExtensionW

  PathFileExistsW

  PathAppendW

  PathCombineW

  PathStripPathW

  PathFindFileNameW

  PathIsDirectoryW

  iphlpapi

  GetAdaptersAddresses

  GetIpForwardTable

  psapi

  EnumProcesses

  GetModuleFileNameExW

  kernel32

  SetLastError

  CloseHandle

  WaitForSingleObject

  SetEvent

  DeleteFileW

  SizeofResource

  LockResource

  LoadResource

  FindResourceW

  FindResourceExW

  MultiByteToWideChar

  CreateFileA

  DeviceIoControl

  GlobalFree

  GlobalAlloc

  WideCharToMultiByte

  DeleteCriticalSection

  TerminateThread

  GetTickCount

  lstrlenA

  InitializeCriticalSection

  CreateSemaphoreW

  ReleaseSemaphore

  WritePrivateProfileStringW

  GetPrivateProfileIntW

  GetPrivateProfileStringW

  WriteFile

  SetEndOfFile

  SetFilePointer

  CreateFileW

  GetLastError

  Sleep

  GetUserDefaultUILanguage

  lstrlenW

  GetTimeZoneInformation

  CreateDirectoryW

  lstrcmpiW

  OpenProcess

  GetFileAttributesW

  lstrcpyW

  GetProcAddress

  GetModuleHandleW

  GetVersionExW

  GetWindowsDirectoryW

  LocalFree

  GetCommandLineW

  CreateMutexW

  SetUnhandledExceptionFilter

  GetSystemTimeAsFileTime

  GetExitCodeProcess

  CopyFileW

  GetModuleFileNameW

  GetLocalTime

  OutputDebugStringA

  GetModuleFileNameA

  TlsGetValue

  RemoveDirectoryW

  TlsSetValue

  FreeResource

  GlobalUnlock

  GlobalLock

  CreateFileMappingW

  GetFileSize

  UnmapViewOfFile

  DecodePointer

  GetTempPathW

  InterlockedExchange

  GetCurrentThreadId

  GetVolumeInformationW

  OpenFileMappingW

  MoveFileExW

  GetDriveTypeW

  ReadFile

  SleepEx

  GetVersionExA

  IsDebuggerPresent

  QueryPerformanceCounter

  QueryPerformanceFrequency

  DeleteTimerQueueTimer

  DeleteTimerQueueEx

  CreateTimerQueueTimer

  CreateTimerQueue

  PeekNamedPipe

  FreeLibrary

  GetStdHandle

  LoadLibraryA

  GetFileType

  WaitForMultipleObjects

  ExpandEnvironmentStringsA

  FormatMessageA

  InterlockedCompareExchange

  InterlockedPushEntrySList

  HeapFree

  GetProcessHeap

  HeapAlloc

  IsProcessorFeaturePresent

  VirtualFree

  VirtualAlloc

  InterlockedPopEntrySList

  InitializeCriticalSectionAndSpinCount

  HeapDestroy

  HeapReAlloc

  HeapSize

  GetStartupInfoW

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  GetFileInformationByHandle

  FindClose

  GetDriveTypeA

  FindFirstFileExA

  LCMapStringW

  GetCPInfo

  GetLocaleInfoW

  TlsAlloc

  TlsFree

  TerminateProcess

  UnhandledExceptionFilter

  GetACP

  GetOEMCP

  IsValidCodePage

  ExitProcess

  HeapCreate

  SetHandleCount

  GetConsoleCP

  GetConsoleMode

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCurrentProcess

  FlushInstructionCache

  LeaveCriticalSection

  EnterCriticalSection

  RaiseException

  HeapSetInformation

  CreateThread

  ExitThread

  GetCurrentProcessId

  SetStdHandle

  FlushFileBuffers

  GetFullPathNameA

  GetCurrentDirectoryW

  EncodePointer

  InterlockedDecrement

  InterlockedIncrement

  RtlUnwind

  GetDiskFreeSpaceExW

  GetStringTypeW

  GetUserDefaultLCID

  GetLocaleInfoA

  EnumSystemLocalesA

  IsValidLocale

  LoadLibraryW

  WriteConsoleW

  CompareStringW

  SetEnvironmentVariableA

  GetPrivateProfileSectionNamesW

  MapViewOfFile

  GetPrivateProfileSectionW

  user32

  GetMonitorInfoW

  MonitorFromWindow

  GetWindow

  GetClientRect

  MapWindowPoints

  RedrawWindow

  SendMessageW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  DestroyWindow

  CharNextW

  GetParent

  IsWindowVisible

  GetWindowRect

  CallWindowProcW

  GetWindowLongW

  SetForegroundWindow

  UpdateLayeredWindow

  PostMessageW

  CreateWindowExW

  RegisterClassExW

  DefWindowProcW

  GetCursorPos

  WindowFromPoint

  GetCapture

  ReleaseCapture

  LoadCursorW

  GetClassInfoExW

  SetCapture

  ReleaseDC

  GetDC

  SetWindowPos

  SetWindowLongW

  GetCursor

  SetCursor

  LoadImageW

  GetSystemMetrics

  MsgWaitForMultipleObjectsEx

  PeekMessageW

  EndDeferWindowPos

  DeferWindowPos

  BeginDeferWindowPos

  ClientToScreen

  PostQuitMessage

  LoadIconW

  DestroyIcon

  wsprintfW

  FindWindowW

  UnregisterClassA

  IsWindow

  advapi32

  RegCloseKey

  RegSetValueExW

  RegDeleteValueW

  RegQueryValueExW

  RegEnumValueW

  RegEnumKeyExW

  RegOpenKeyExW

  RegCreateKeyExW

  RegDeleteKeyW

  CryptGetHashParam

  CryptReleaseContext

  CryptAcquireContextA

  CryptCreateHash

  CryptDestroyHash

  CryptHashData

  ole32

  CoCreateInstance

  CoUninitialize

  CoInitialize

  CreateStreamOnHGlobal

  CoCreateGuid

  shell32

  Shell_NotifyIconW

  CommandLineToArgvW

  SHGetSpecialFolderPathW

  ShellExecuteExW

  SHFileOperationW

  oleaut32

  SysAllocString

  VariantClear

  SysFreeString

  gdi32

  DeleteObject

  CreateCompatibleDC

  SelectObject

  CreateDIBSection

  DeleteDC

  SetBitmapBits

  GetBitmapBits

  gdiplus

  GdipSetStringFormatAlign

  GdipDeleteFont

  GdipCreateFont

  GdipDeleteFontFamily

  GdipGetGenericFontFamilySansSerif

  GdipCreateFontFamilyFromName

  GdipDeleteStringFormat

  GdipCreateStringFormat

  GdipCloneBrush

  GdipFillRectangleI

  GdipDrawRectangleI

  GdipCreateFromHDC

  GdipCreateSolidFill

  GdipDeleteGraphics

  GdipDeletePen

  GdipCreatePen1

  GdipAlloc

  GdipFree

  GdipDeleteBrush

  GdipDrawImageRectRect

  GdipSetImageAttributesWrapMode

  GdipGetImageHeight

  GdipGetImageWidth

  GdipDisposeImageAttributes

  GdipCreateImageAttributes

  GdipCloneImage

  GdipDisposeImage

  GdipLoadImageFromStream

  GdipAddPathString

  GdipGetPathWorldBounds

  GdipDeletePath

  GdipDrawString

  GdiplusStartup

  GdiplusShutdown

  GdipCreatePath

  wsock32

  inet_ntoa

  listen

  accept

  recvfrom

  sendto

  select

  __WSAFDIsSet

  send

  getpeername

  closesocket

  gethostname

  WSAStartup

  WSACleanup

  connect

  WSAGetLastError

  WSASetLastError

  htons

  ntohs

  getsockname

  setsockopt

  recv

  bind

  socket

  getsockopt

  winhttp

  WinHttpGetProxyForUrl

  WinHttpOpen

  WinHttpGetIEProxyConfigForCurrentUser

  WinHttpCloseHandle

  wldap32

  ord33

  ord79

  ord30

  ord60

  ord26

  ord41

  ord27

  ord211

  ord46

  ord301

  ord143

  ord50

  ord22

  ord200

  ord32

  ord35

  Sections

  .text

  Size: 663KB - Virtual size: 662KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 112KB - Virtual size: 112KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 18KB - Virtual size: 29KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 756KB - Virtual size: 756KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 45KB - Virtual size: 45KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ