2024-05-09_2f515fa1b9c988b79a2213bf3d148999_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-09_2f515fa1b9c988b79a2213bf3d148999_mafia
Size

3.8MB
MD5

2f515fa1b9c988b79a2213bf3d148999
SHA1

b55eee57afeb6fdc367d3835596ecbf2d2120f17
SHA256

52a7b56c5c8f0b6f619fa25df893eb2580d95f794dec68211f669b4429841f0f
SHA512

d9599614ab9ae16dbd4c368b7dc63f9e2379aef3d4acdeb6603b7143fbb5dc1d1ac069ba4a5f3629645bf405026f04b3e276addaeefa19c17f445abdb9d170e6
SSDEEP

98304:DkB+KticjUjpIDuQErxB+uIXOJTir7IDOnvbGSmN:oB+EIkVEerqGr72ojkN

Score

1^/10

Malware Config

Signatures

Files

2024-05-09_2f515fa1b9c988b79a2213bf3d148999_mafia
.exe windows:5 windows x86 arch:x86

30c4233c3ce738930a391ec58a8b0966

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:d7:70:83:56:3b:1c:2e:79:c2:f9:fe:a5:5b:59:3f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/11/2015, 00:00

Not After

18/11/2016, 23:59

Subject

CN=Beijing Zhizhu Network Technology Limited,OU=Produce department,O=Beijing Zhizhu Network Technology Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:e0:9e:7b:ea:9e:5f:12:98:db:1b:bd:8b:20:3e:74:7a:a5:4e:3d
Signer

Actual PE Digest

ad:e0:9e:7b:ea:9e:5f:12:98:db:1b:bd:8b:20:3e:74:7a:a5:4e:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\BigFoot_SetUp\dota2\BigFoot-Dota2\Release\BigFoot-Dota2.pdb

Imports

wininet

InternetQueryDataAvailable
InternetConnectA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpQueryInfoA
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetQueryOptionW
InternetSetOptionW
InternetCrackUrlA

dbghelp

MiniDumpWriteDump
MakeSureDirectoryPathExists

shlwapi

PathIsDirectoryW
PathRemoveExtensionA
PathRemoveFileSpecA
PathAppendA
PathFindFileNameA
PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathAppendW
PathAddBackslashA
SHDeleteKeyW
PathIsRelativeW
PathFindExtensionW
PathCanonicalizeW

kernel32

GetWindowsDirectoryW
GetSystemDirectoryW
GetShortPathNameW
lstrlenW
GetFullPathNameW
GetCurrentDirectoryW
SearchPathW
GetTempPathW
GetTempFileNameW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
GetFileInformationByHandle
SetEndOfFile
CompareFileTime
FileTimeToSystemTime
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
WriteProcessMemory
GetLocalTime
SetUnhandledExceptionFilter
CreateMutexW
ReleaseMutex
WaitForSingleObject
UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
MapViewOfFile
CreateFileMappingW
LocalFree
LocalAlloc
IsBadReadPtr
WritePrivateProfileStringW
SetEvent
CreateEventW
HeapSize
HeapAlloc
GetProcessHeap
OutputDebugStringW
GetModuleFileNameA
MoveFileExA
lstrcpyW
InitializeCriticalSection
MoveFileExW
GetFileAttributesW
GetVersionExW
SystemTimeToFileTime
GetFileTime
LockResource
lstrcmpW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcatW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateEventA
CopyFileW
DeleteFileW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
CloseHandle
LoadLibraryW
LoadLibraryExW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
WriteFile
GetStdHandle
ReadFile
GetModuleFileNameW
GetLastError
GetProcAddress
InterlockedExchange
EncodePointer
DecodePointer
HeapFree
RtlUnwind
HeapReAlloc
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetStringTypeW
DuplicateHandle
GetSystemInfo
GetFileSizeEx
FlushViewOfFile
FindFirstVolumeW
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
FindVolumeClose
lstrcmpiA
Module32NextW
ExitThread
GetConsoleCP
GetConsoleMode
FindNextFileA
ExitProcess
Module32FirstW
GetExitCodeThread
VirtualAllocEx
TerminateProcess
VirtualFreeEx
OpenProcess
CreateRemoteThread
FormatMessageW
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
GetNativeSystemInfo
QueryPerformanceFrequency
TzSpecificLocalTimeToSystemTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
FlushFileBuffers
SetFilePointerEx
InterlockedExchangeAdd
InterlockedCompareExchange
GetCommandLineW
TryEnterCriticalSection
CreateThread
IsDebuggerPresent
SetHandleCount
ExpandEnvironmentStringsW
GetUserDefaultLangID
GetFileAttributesExW
QueryDosDeviceW
SetCurrentDirectoryW
GetLongPathNameW
ReplaceFileW
lstrcpynW
OutputDebugStringA
GetModuleHandleA
CreateProcessW
ExpandEnvironmentStringsA
LoadLibraryA
GetFileType
WaitForMultipleObjects
PeekNamedPipe
FormatMessageA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
GetTickCount
SetLastError
Sleep
FatalAppExitA
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFullPathNameA
CreateFileA
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
CompareStringW
SetEnvironmentVariableA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetVersion
GlobalMemoryStatus
GetVersionExA
GetCurrentThread
GetLocaleInfoW
IsProcessorFeaturePresent
HeapCreate
GetNumberOfConsoleInputEvents
PeekConsoleInputA
SetConsoleMode
ReadConsoleInputA
GetFileAttributesA
HeapDestroy
FindFirstFileA
FlushConsoleInputBuffer
SetFileAttributesA

gdi32

CreateDCA
GetDeviceCaps
CreateCompatibleBitmap
GetObjectA
BitBlt
GetBitmapBits
CreateDIBSection
SaveDC
CreateCompatibleDC
DeleteDC
SelectObject
RestoreDC
DeleteObject

advapi32

CryptExportKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegNotifyChangeKeyValue
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptDecrypt
CryptEncrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage
Shell_NotifyIconW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderLocation
ShellExecuteA
CommandLineToArgvW
SHFileOperationW
SHGetMalloc
ShellExecuteExW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
VariantClear
VariantCopy
SysAllocStringByteLen
SysAllocString
VarUI4FromStr

user32

SetFocus
SetCapture
TrackMouseEvent
GetCapture
ReleaseCapture
WindowFromPoint
SetClassLongW
EndPaint
BeginPaint
SetCursor
GetKeyState
SetWindowLongW
RegisterWindowMessageW
SetWindowTextW
ScreenToClient
IsZoomed
GetSystemMetrics
DefWindowProcW
PtInRect
GetActiveWindow
EnableWindow
GetParent
GetDesktopWindow
MoveWindow
DestroyIcon
GetCursorPos
GetClientRect
GetDoubleClickTime
SetTimer
SetForegroundWindow
IsIconic
SetActiveWindow
DrawAnimatedRects
ShowWindow
FindWindowExW
GetWindowRect
SystemParametersInfoW
SendMessageW
LoadIconW
MessageBoxA
SetPropW
PostMessageW
KillTimer
ClientToScreen
IsWindow
SetWindowPos
RemovePropW
DestroyWindow
MessageBoxW
CharNextW
CharToOemW
GetMessageTime
GetWindowLongW
GetAncestor
RegisterClassExW
LoadCursorW
CreateWindowExW
ReleaseDC
UpdateLayeredWindow
GetDC
GetPropW
SendMessageTimeoutW
CharUpperW
WaitForInputIdle
FindWindowW
EnumWindows
wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
SetRect
IsWindowVisible

libcef

cef_remove_cross_origin_whitelist_entry
cef_begin_tracing
cef_parse_url
cef_add_web_plugin_path
cef_add_web_plugin_directory
cef_remove_web_plugin_path
cef_unregister_internal_web_plugin
cef_force_web_plugin_shutdown
cef_register_web_plugin_crash
cef_execute_process
cef_api_hash
cef_initialize
cef_get_geolocation
cef_get_path
cef_launch_process
cef_register_scheme_handler_factory
cef_post_task
cef_post_delayed_task
cef_end_tracing_async
cef_create_url
cef_register_extension
cef_visit_web_plugin_info
cef_is_web_plugin_unstable
cef_get_mime_type
cef_clear_cross_origin_whitelist
cef_browser_host_create_browser
cef_string_list_free
cef_string_list_alloc
cef_browser_host_create_browser_sync
cef_list_value_create
cef_v8value_create_undefined
cef_v8value_create_null
cef_v8value_create_bool
cef_v8value_create_int
cef_v8value_create_uint
cef_v8value_create_double
cef_v8value_create_date
cef_v8value_create_string
cef_v8value_create_object
cef_v8value_create_array
cef_v8value_create_function
cef_cookie_manager_get_global_manager
cef_cookie_manager_create_manager
cef_v8context_in_context
cef_v8context_get_current_context
cef_add_cross_origin_whitelist_entry
cef_stream_reader_create_for_file
cef_stream_reader_create_for_data
cef_stream_reader_create_for_handler
cef_zip_reader_create
cef_request_context_get_global_context
cef_request_context_create_context
cef_string_list_append
cef_string_map_append
cef_string_multimap_append
cef_string_list_value
cef_string_list_size
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_binary_value_create
cef_dictionary_value_create
cef_task_runner_get_for_current_thread
cef_task_runner_get_for_thread
cef_command_line_create
cef_command_line_get_global
cef_string_map_free
cef_string_map_alloc
cef_string_multimap_free
cef_string_multimap_alloc
cef_request_create
cef_string_list_copy
cef_v8stack_trace_get_current
cef_response_create
cef_post_data_create
cef_post_data_element_create
cef_set_osmodal_loop
cef_quit_message_loop
cef_run_message_loop
cef_do_message_loop_work
cef_shutdown
cef_refresh_web_plugins
cef_now_from_system_trace_time
cef_string_utf16_cmp
cef_string_utf16_to_utf8
cef_string_utf8_clear
cef_string_utf8_to_utf16
cef_string_utf16_set
cef_string_utf16_clear
cef_currently_on
cef_string_userfree_utf16_free
cef_v8context_get_entered_context
cef_clear_scheme_handler_factories
cef_process_message_create

d3d9

Direct3DCreate9

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

ntohs
setsockopt
send
recv
select
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
getsockname
shutdown
WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
WSAIoctl

psapi

EnumProcesses
GetModuleFileNameExW

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 897KB - Virtual size: 897KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30c4233c3ce738930a391ec58a8b0966

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

35:d7:70:83:56:3b:1c:2e:79:c2:f9:fe:a5:5b:59:3fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

ad:e0:9e:7b:ea:9e:5f:12:98:db:1b:bd:8b:20:3e:74:7a:a5:4e:3dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

dbghelp

shlwapi

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

user32

libcef

d3d9

iphlpapi

version

ws2_32

psapi

winmm

wldap32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 405KB - Virtual size: 404KB

.data Size: 57KB - Virtual size: 75KB

.rsrc Size: 897KB - Virtual size: 897KB

.reloc Size: 110KB - Virtual size: 110KB

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

35:d7:70:83:56:3b:1c:2e:79:c2:f9:fe:a5:5b:59:3f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

ad:e0:9e:7b:ea:9e:5f:12:98:db:1b:bd:8b:20:3e:74:7a:a5:4e:3d
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 405KB - Virtual size: 404KB

.data
Size: 57KB - Virtual size: 75KB

.rsrc
Size: 897KB - Virtual size: 897KB

.reloc
Size: 110KB - Virtual size: 110KB