2024-05-05_14624015cdfad28b6f484d5bc8d5a3ac_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-05_14624015cdfad28b6f484d5bc8d5a3ac_mafia
Size

1.0MB
MD5

14624015cdfad28b6f484d5bc8d5a3ac
SHA1

6b7844a1124d4cbdaabac4e4b2bca888ee75c739
SHA256

d096a3a132222d4679b213028a5ef838af82b84d006fc915006019838d303a6c
SHA512

1e61648a0d3a53ae1e1c70d35c8bdbf8ae64fb6cd2f9193b48adf61bec0876cd59227b79dbc84fdfab06b881e9021d306eda133ba47c09e003c751e236b07d8f
SSDEEP

24576:1cC+mvxwGIV5dOgDfE2/GTbZw4GZ4T3bIm6gQJgk877Pg:C45wbnGTb3GZ4zbIm6gQJgk877I

Score

1^/10

Malware Config

Signatures

Files

2024-05-05_14624015cdfad28b6f484d5bc8d5a3ac_mafia
.exe windows:5 windows x86 arch:x86

590b16ae8cb61e53b8d36922205f42d4

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:cc:4e:45:67:8a:4c:9d:e1:5b:0d:e3:a6:1f:42:af:5d:05:5e:9d
Signer

Actual PE Digest

cb:cc:4e:45:67:8a:4c:9d:e1:5b:0d:e3:a6:1f:42:af:5d:05:5e:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\client_1-1411-1_BRANCH\build\Release\SparkRepair.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathAddBackslashW
PathRemoveBackslashW
PathAppendW
StrToIntA
PathStripPathW
PathFindExtensionW
PathGetDriveNumberW
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW

ws2_32

WSAGetLastError
connect
WSAIoctl
getpeername
send
__WSAFDIsSet
select
sendto
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
htons
ntohs
getsockname
setsockopt
recv
bind
WSASetLastError
closesocket
getsockopt
htonl
gethostbyname
WSAStartup
WSACleanup
socket

iphlpapi

IcmpSendEcho
IcmpCloseHandle
GetAdaptersAddresses
GetIpForwardTable
IcmpCreateFile

wininet

InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetCloseHandle
HttpQueryInfoW

kernel32

WaitForSingleObject
InterlockedExchange
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
Sleep
GetFileAttributesW
CreateDirectoryW
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExW
GetNativeSystemInfo
GetTickCount
LoadLibraryW
FreeLibrary
GetSystemDirectoryW
CopyFileW
CreateFileW
ReadFile
DeleteFileW
WideCharToMultiByte
GlobalFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateEventW
ResetEvent
lstrlenA
SetEvent
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FlushInstructionCache
RaiseException
GetCurrentThreadId
SetLastError
GetCommandLineW
GetCurrentProcessId
ReleaseMutex
SetFilePointer
WriteFile
OutputDebugStringA
FormatMessageA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
IsDebuggerPresent
CreateThread
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
FileTimeToSystemTime
CloseHandle
HeapSetInformation
GetStdHandle
ExpandEnvironmentStringsW
TlsGetValue
TlsFree
TlsAlloc
InterlockedIncrement
GetDiskFreeSpaceExW
SetUnhandledExceptionFilter
WaitForMultipleObjects
CreateFileA
DeviceIoControl
SetEndOfFile
GetLocalTime
GetTempPathW
GetVolumeInformationW
OpenFileMappingW
GetDriveTypeW
SleepEx
GetVersionExA
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueueTimer
CreateTimerQueue
PeekNamedPipe
LoadLibraryA
GetFileType
ExpandEnvironmentStringsA
FlushFileBuffers
GetLocaleInfoW
HeapCreate
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
ExitProcess
GetConsoleMode
GetConsoleCP
UnhandledExceptionFilter
RtlUnwind
GetStartupInfoW
ExitThread
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSize
HeapReAlloc
HeapDestroy
DecodePointer
EncodePointer
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
GetModuleHandleW
InterlockedCompareExchange
MultiByteToWideChar
FreeResource
LoadResource
FindResourceW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
WTSGetActiveConsoleSessionId
LockResource
GetProcAddress
lstrlenW
GetModuleFileNameW
GetCurrentProcess
WriteConsoleW
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryW
GetUserDefaultLCID
GetLocaleInfoA
InterlockedDecrement
FindResourceExW
GetLastError
TlsSetValue
CreateMutexW
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA

user32

UnregisterClassA
PostQuitMessage
EnableWindow
IsWindowVisible
GetCursor
MessageBoxW
SetActiveWindow
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallWindowProcW
UpdateLayeredWindow
LoadIconW
RegisterClassExW
GetClassInfoExW
DefWindowProcW
FindWindowW
ShowWindow
SetForegroundWindow
SendMessageW
LoadCursorW
SetCursor
GetMonitorInfoW
MonitorFromWindow
GetParent
GetWindow
KillTimer
SetTimer
ReleaseDC
GetDC
MapWindowPoints
GetClientRect
GetWindowRect
SetWindowLongW
GetWindowLongW
CreateWindowExW
PostMessageW
SetWindowPos

gdi32

CreateDIBSection
DeleteObject
CreateCompatibleDC
DeleteDC
SelectObject

advapi32

GetUserNameW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
OpenSCManagerW
RegDeleteValueW
RegSetValueExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
RegOpenKeyExW
RevertToSelf
RegOpenCurrentUser
ImpersonateLoggedOnUser
LookupPrivilegeValueW
LookupAccountNameW
RegQueryValueExW
RegCreateKeyExW
CloseServiceHandle
OpenProcessToken
StartServiceW
QueryServiceStatusEx
RegEnumKeyExW
OpenServiceW

shell32

SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
SHFileOperationW

ole32

CoCreateInstance
CoCreateGuid
IIDFromString
CoUninitialize
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
VariantClear

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

wlanapi

WlanOpenHandle
WlanQueryInterface
WlanConnect
WlanSetInterface
WlanScan
WlanFreeMemory
WlanCloseHandle
WlanGetProfileList
WlanGetNetworkBssList

setupapi

SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiChangeState

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpConnect

gdiplus

GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDrawImageRectRect
GdipDrawString
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipDeleteFontFamily
GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateFont
GdipDeleteFont
GdipCreateImageAttributes

winmm

timeGetTime

wldap32

ord46
ord301
ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord211
ord143
ord50
ord22
ord35
ord32
ord200

Sections

.text
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

590b16ae8cb61e53b8d36922205f42d4

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

cb:cc:4e:45:67:8a:4c:9d:e1:5b:0d:e3:a6:1f:42:af:5d:05:5e:9dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

ws2_32

iphlpapi

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wtsapi32

rpcrt4

wlanapi

setupapi

winhttp

gdiplus

winmm

wldap32

Sections

.text Size: 640KB - Virtual size: 639KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 18KB - Virtual size: 30KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 201KB - Virtual size: 201KB

.reloc Size: 53KB - Virtual size: 53KB

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cb:cc:4e:45:67:8a:4c:9d:e1:5b:0d:e3:a6:1f:42:af:5d:05:5e:9d
Signer

.text
Size: 640KB - Virtual size: 639KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 18KB - Virtual size: 30KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 201KB - Virtual size: 201KB

.reloc
Size: 53KB - Virtual size: 53KB