2024-05-09_b32beec48d8bc64cb3e1cd5af27efce7_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-09_b32beec48d8bc64cb3e1cd5af27efce7_mafia
Size

1.7MB
MD5

b32beec48d8bc64cb3e1cd5af27efce7
SHA1

0dd3da046a8f6c57abf1c61e22b91fc01d8613e8
SHA256

e68d9e6c87f392800f0198853bc5799eedad75c396d69e8a3c99f081d019b4d6
SHA512

48aefdd396e3125ba277f6b8a8a4792a43e7914c80ed8819be2eee65509fc000619bce0efb3d9e4c963f1b7dee3971ae41871977630ede17c33d6fb132f85b45
SSDEEP

49152:B6AL8ArCX3pbGP5wim1iyUZ9mBcv7wyp/C1O+jIPQqHx:YMOpb51mZ9mBe7Zwjm

Score

1^/10

Malware Config

Signatures

Files

2024-05-09_b32beec48d8bc64cb3e1cd5af27efce7_mafia
.exe windows:5 windows x86 arch:x86

a8b2872568daead05f72c92151d44313

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:a2:bb:ee:98:b6:83:a0:fc:25:ad:e0:0c:f2:df:eb
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03/02/2015, 00:00

Not After

04/05/2017, 23:59

Subject

CN=上海剑圣网络科技有限公司,O=上海剑圣网络科技有限公司,L=上海,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:a2:bb:ee:98:b6:83:a0:fc:25:ad:e0:0c:f2:df:eb
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03/02/2015, 00:00

Not After

04/05/2017, 23:59

Subject

CN=上海剑圣网络科技有限公司,O=上海剑圣网络科技有限公司,L=上海,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:13:4e:31:93:f0:dd:4a:ca:ea:0b:ae:97:55:3f:ee:02:4f:3c:c7:f2:cf:9d:04:25:6d:bc:e4:41:1f:95:d1
Signer

Actual PE Digest

52:13:4e:31:93:f0:dd:4a:ca:ea:0b:ae:97:55:3f:ee:02:4f:3c:c7:f2:cf:9d:04:25:6d:bc:e4:41:1f:95:d1

Digest Algorithm

sha256

PE Digest Matches

true

22:73:c0:f7:38:12:2f:76:2f:d9:f5:5f:88:ae:df:31:f8:07:2a:d7
Signer

Actual PE Digest

22:73:c0:f7:38:12:2f:76:2f:d9:f5:5f:88:ae:df:31:f8:07:2a:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Platform\NewsClient\Release\NewsClient.pdb

Imports

kernel32

Process32NextW
CreateToolhelp32Snapshot
GetCurrentProcessId
GetLogicalDrives
SetLastError
GetModuleHandleA
GetVersion
FindClose
QueryPerformanceCounter
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
GetProcessHeap
SetEndOfFile
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetStringTypeW
HeapSize
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
IsProcessorFeaturePresent
GetLocaleInfoW
GetStartupInfoW
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RaiseException
RtlUnwind
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetTimeZoneInformation
GetDriveTypeA
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapReAlloc
HeapAlloc
HeapSetInformation
MoveFileA
HeapFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
DecodePointer
EncodePointer
LocalFree
GetSystemInfo
TerminateProcess
WriteConsoleW
GetVersionExW
Process32FirstW
TlsSetValue
GetStdHandle
OpenProcess
WaitForSingleObject
FreeLibrary
CreateFileMappingW
GetTempPathW
GetFileAttributesW
GetSystemDirectoryW
UnmapViewOfFile
MapViewOfFile
lstrlenA
GetLocalTime
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileSize
MulDiv
DuplicateHandle
GetFileType
CreateFileW
ReadFile
WideCharToMultiByte
WriteFile
CreateDirectoryW
GetCurrentProcess
SystemTimeToFileTime
SetFilePointer
DosDateTimeToFileTime
InterlockedDecrement
InterlockedIncrement
ExitProcess
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
GetTickCount
GetProcAddress
GetCurrentDirectoryW
GetModuleFileNameW
LoadLibraryW
GetACP
MultiByteToWideChar
GetPrivateProfileIntW
GetModuleHandleW
CreateProcessW
lstrcatW
Sleep
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateMutexW
GetCommandLineW
CreateThread
CloseHandle
GetLastError
GetCurrentThreadId
TlsFree

user32

RemovePropW
ShowWindow
SwitchToThisWindow
AttachThreadInput
GetSysColor
GetCaretPos
FillRect
DrawTextW
SetRect
CharPrevW
InvalidateRgn
CreateAcceleratorTableW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
GetUserObjectInformationW
GetWindowThreadProcessId
GetForegroundWindow
SetForegroundWindow
SetFocus
PostMessageW
IsZoomed
ScreenToClient
GetClientRect
KillTimer
IsWindowVisible
GetWindowRect
SetWindowPos
GetCursorPos
FindWindowW
PostQuitMessage
GetProcessWindowStation
GetDesktopWindow
IsWindow
GetPropW
IsIconic
SystemParametersInfoW
OffsetRect
InflateRect
UnionRect
SetCursor
LoadCursorW
GetKeyState
DestroyWindow
ReleaseDC
GetDC
GetWindowLongW
SetWindowLongW
GetCaretBlinkTime
SetCaretPos
CreateCaret
GetFocus
ClientToScreen
HideCaret
ShowCaret
GetWindowRgn
MapWindowPoints
MoveWindow
CharNextW
IntersectRect
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
UpdateLayeredWindow
InvalidateRect
CreateWindowExW
GetMessageW
TranslateMessage
SetTimer
SetPropW
SendMessageW
DispatchMessageW
SetCapture
ReleaseCapture
PtInRect
GetParent
GetMonitorInfoW
MonitorFromWindow
SetWindowRgn
MessageBoxW
DefWindowProcW
EnableWindow
LoadImageW
GetSystemMetrics
RegisterClassW
GetClassInfoExW
MessageBoxA
GetWindow
CallWindowProcW
RegisterClassExW

gdi32

CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
GetDeviceCaps
PtInRegion
CreateRectRgn
CreateRoundRectRgn
GetTextMetricsW
StretchBlt
CreateCompatibleBitmap
RestoreDC
SaveDC
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
SetStretchBltMode
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
Rectangle
RoundRect
GetObjectA
SetTextColor
SetBkColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
BitBlt
SetBkMode

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CryptGetHashParam
CryptAcquireContextW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
RegSetValueExW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
CommandLineToArgvW
ShellExecuteW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoUninitialize
CoInitialize

oleaut32

SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysFreeString
SysAllocStringLen

gdiplus

GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipCloneImage
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawString
GdipMeasureString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipFillRectangleI
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipImageGetFrameCount

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

comctl32

_TrackMouseEvent
ord17

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetGetConnectedState
InternetOpenUrlW
InternetReadFile
HttpQueryInfoW
InternetOpenA
InternetCloseHandle

shlwapi

PathFileExistsW
PathRemoveFileSpecW

ws2_32

recv
socket
WSACleanup
gethostbyname
send
setsockopt
htons
WSAGetLastError
inet_addr
WSAStartup
inet_ntoa
connect
shutdown
WSASetLastError
closesocket

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8b2872568daead05f72c92151d44313

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

78:a2:bb:ee:98:b6:83:a0:fc:25:ad:e0:0c:f2:df:ebCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

78:a2:bb:ee:98:b6:83:a0:fc:25:ad:e0:0c:f2:df:ebCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

52:13:4e:31:93:f0:dd:4a:ca:ea:0b:ae:97:55:3f:ee:02:4f:3c:c7:f2:cf:9d:04:25:6d:bc:e4:41:1f:95:d1Signer

22:73:c0:f7:38:12:2f:76:2f:d9:f5:5f:88:ae:df:31:f8:07:2a:d7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

imm32

comctl32

version

wininet

shlwapi

ws2_32

iphlpapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 306KB - Virtual size: 305KB

.data Size: 45KB - Virtual size: 62KB

.rsrc Size: 96KB - Virtual size: 96KB

.reloc Size: 73KB - Virtual size: 73KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

78:a2:bb:ee:98:b6:83:a0:fc:25:ad:e0:0c:f2:df:eb
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

78:a2:bb:ee:98:b6:83:a0:fc:25:ad:e0:0c:f2:df:eb
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

52:13:4e:31:93:f0:dd:4a:ca:ea:0b:ae:97:55:3f:ee:02:4f:3c:c7:f2:cf:9d:04:25:6d:bc:e4:41:1f:95:d1
Signer

22:73:c0:f7:38:12:2f:76:2f:d9:f5:5f:88:ae:df:31:f8:07:2a:d7
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 306KB - Virtual size: 305KB

.data
Size: 45KB - Virtual size: 62KB

.rsrc
Size: 96KB - Virtual size: 96KB

.reloc
Size: 73KB - Virtual size: 73KB