2024-05-12_14c57e670df919704ae69689a5c8c913_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-12_14c57e670df919704ae69689a5c8c913_mafia
Size

708KB
MD5

14c57e670df919704ae69689a5c8c913
SHA1

5646c8749d1fda2e6ecb21dbca1bde4bbb109c78
SHA256

e5dc9a1cb2aee94f7263dec30f2c36a193fd8e5864c52ca720b5bb76fbf636cc
SHA512

9b2e84f951ec680716047860417d782392a0d21d547d9b55f2ba1df87046ee51aef40db5e691d983640eb2d49821336c5d69b30776df991164217ca58eac95bc
SSDEEP

6144:P3ISmmVupqUtTLMNEiYBkpS7aToMgokVoN4jFz5IMVZt8uQ1UUUUUUUUUUUUUUUZ:P3ISm0UW2SS7avgoMoN4jFz5s8Mi

Score

1^/10

Malware Config

Signatures

Files

2024-05-12_14c57e670df919704ae69689a5c8c913_mafia
.exe windows:5 windows x86 arch:x86

f3d12bb4d6b3fe8ce9f5a9868d6cd0d2

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

83:45:50:c4:a2:f0:b7:64:11:c9:56:fd:eb:da:50:8d:81:cf:27:ae
Signer

Actual PE Digest

83:45:50:c4:a2:f0:b7:64:11:c9:56:fd:eb:da:50:8d:81:cf:27:ae

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\buildRel3.0.6\Funshion\Rel\bin\Release\FunshionWeb.pdb

Imports

urlmon

CoInternetSetFeatureEnabled
UrlMkGetSessionOption
UrlMkSetSessionOption

kernel32

GetCurrentThreadId
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
GetCurrentProcess
GlobalLock
GlobalAlloc
InitializeCriticalSectionAndSpinCount
SizeofResource
LeaveCriticalSection
MulDiv
lstrcmpW
MultiByteToWideChar
lstrlenW
GlobalUnlock
FlushInstructionCache
RaiseException
SetLastError
GetProcAddress
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
lstrlenA
WideCharToMultiByte
OutputDebugStringW
MoveFileExW
InitializeCriticalSection
DeleteFileW
TerminateThread
OutputDebugStringA
Sleep
LoadLibraryW
TerminateProcess
CreateDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetThreadContext
SetThreadContext
VirtualQuery
VirtualFree
VirtualAlloc
InterlockedCompareExchange
SuspendThread
ResumeThread
LoadLibraryExA
InterlockedPopEntrySList
GetProcessHeap
InterlockedPushEntrySList
FlushFileBuffers
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
HeapSize
HeapCreate
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
LCMapStringW
RtlUnwind
GetCPInfo
GetDateFormatA
GetTimeFormatA
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
HeapFree
LocalFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
GetLocalTime
SetUnhandledExceptionFilter
ExitProcess
GetTickCount
GetLastError
InterlockedDecrement
CreateFileW
ReadFile
WriteFile
WaitForSingleObject
InterlockedIncrement
CreateThread
CloseHandle
GetModuleFileNameW
GetPrivateProfileIntW
GetCurrentThread
GetModuleHandleW
VirtualProtect

user32

GetDC
BeginPaint
GetClientRect
RegisterClassExW
IsIconic
SetActiveWindow
GetWindowRect
UpdateLayeredWindow
GetWindowLongW
ReleaseDC
SetWindowLongW
CreateWindowExW
EqualRect
DefWindowProcW
PostMessageW
wsprintfW
IsWindow
LoadCursorW
SetCursor
EndPaint
PostQuitMessage
DestroyWindow
RegisterClassW
ShowWindow
GetParent
GetFocus
IsChild
DispatchMessageW
PostThreadMessageW
TranslateMessage
GetMessageW
MoveWindow
GetWindow
CallWindowProcW
SetWindowTextW
SendMessageW
ReleaseCapture
SetWindowPos
GetSysColor
GetDesktopWindow
RedrawWindow
GetDlgItem
GetClassNameW
GetWindowTextW
InvalidateRect
GetClassInfoExW
SetFocus
CreateAcceleratorTableW
InvalidateRgn
KillTimer
SetCapture
UnregisterClassA
FillRect
RegisterWindowMessageW
ClientToScreen
GetWindowTextLengthW
DestroyAcceleratorTable
SetTimer
ScreenToClient
CharNextW

gdi32

SetBkColor
BitBlt
ExtTextOutW
GetObjectW
GetStockObject
DeleteDC
CreateDIBSection
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush

advapi32

RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW

ole32

OleSetContainedObject
OleCreate
OleDraw
OleInitialize
StgCreateDocfile
CoCreateInstance
OleLockRunning
CoTaskMemRealloc
CLSIDFromProgID
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
OleUninitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString

oleaut32

GetErrorInfo
LoadRegTypeLi
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
VariantClear
SysStringLen
SysFreeString
SysAllocString

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

winhttp

WinHttpQueryDataAvailable
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpen
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpReadData
WinHttpReceiveResponse

ws2_32

WSACleanup
connect
htons
socket
gethostbyname
inet_addr
WSAStartup
closesocket
getsockname

wininet

InternetGetCookieExW

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3d12bb4d6b3fe8ce9f5a9868d6cd0d2

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

83:45:50:c4:a2:f0:b7:64:11:c9:56:fd:eb:da:50:8d:81:cf:27:aeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

winhttp

ws2_32

wininet

Sections

.text Size: 242KB - Virtual size: 241KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 363KB - Virtual size: 362KB

.reloc Size: 26KB - Virtual size: 25KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

83:45:50:c4:a2:f0:b7:64:11:c9:56:fd:eb:da:50:8d:81:cf:27:ae
Signer

.text
Size: 242KB - Virtual size: 241KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 363KB - Virtual size: 362KB

.reloc
Size: 26KB - Virtual size: 25KB