2024-05-26_2078dfcffa9417518425b331f27ba780_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-26_2078dfcffa9417518425b331f27ba780_mafia
Size

1.0MB
MD5

2078dfcffa9417518425b331f27ba780
SHA1

7aa73a6f2619f69c52cf9da79232c521fa5c0bb2
SHA256

8c54f726a71341ee4295b0e44be4a08387894db0c3ceac6dc39f2c4507702d89
SHA512

9ba19eca7176b096c34454cf16811533d5a2fbfe5fbaa9297cef5e954a3e3e6e5cd5bc0b567a271ab0b19e985701b0cb5377da336c3b03bf65c15392bf94523d
SSDEEP

24576:uHZrtgGhp1fEifDl7Ku0Gavkg3NydlbbTX4IBAUZLYPH:u5rtgGT5zB7Ku0GaXO94IBAUZLYPH

Score

1^/10

Malware Config

Signatures

Files

2024-05-26_2078dfcffa9417518425b331f27ba780_mafia
.exe windows:5 windows x86 arch:x86

830e3ed3dd6f9f97a04918d6d15436e5

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:62:a1:bd:ad:0b:e3:3d:e9:9f:0b:cd:4f:1a:33:cd
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

24/02/2014, 00:00

Not After

24/04/2016, 23:59

Subject

CN=任子行网络技术股份有限公司,OU=公安事业部,O=任子行网络技术股份有限公司,L=深圳,ST=广东,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:b8:e1:38:2f:30:9c:c1:1c:a2:01:47:04:c6:69:25:c1:b8:a3:a7
Signer

Actual PE Digest

32:b8:e1:38:2f:30:9c:c1:1c:a2:01:47:04:c6:69:25:c1:b8:a3:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\AutoBuild\src\NET110\839_1202\target\release\symbols\server\LogQuery.pdb

Imports

kernel32

CreateFileA
SetFilePointer
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
GetLastError
WaitForSingleObject
ReleaseMutex
OpenMutexA
CreateMutexA
GetProcAddress
FreeLibrary
LoadLibraryA
GetTempPathA
TerminateProcess
GetCurrentProcess
GetCommandLineA
CreateThread
GetCurrentProcessId
HeapFree
HeapAlloc
GetProcessHeap
SetUnhandledExceptionFilter
SetErrorMode
GetPrivateProfileStringA
LocalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetACP
CompareStringW
CreateFileW
GetDriveTypeW
WriteConsoleW
SetStdHandle
GetStringTypeW
SetEnvironmentVariableA
LCMapStringW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
HeapCreate
GetModuleFileNameW
CreateDirectoryA
GetWindowsDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetModuleFileNameA
GetDriveTypeA
GetFileAttributesA
GetTickCount
FindClose
Sleep
GetStdHandle
LoadLibraryW
GetTimeZoneInformation
HeapSize
IsValidCodePage
GetOEMCP
GetCurrentDirectoryW
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
EncodePointer
DecodePointer
RaiseException
GetModuleHandleW
ExitProcess
HeapReAlloc
GetTimeFormatA
GetDateFormatA
HeapSetInformation
GetStartupInfoW
InterlockedDecrement
InterlockedIncrement
GetCPInfo
UnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError

user32

GetMessageA
PostThreadMessageA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 842KB - Virtual size: 842KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

830e3ed3dd6f9f97a04918d6d15436e5

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

43:62:a1:bd:ad:0b:e3:3d:e9:9f:0b:cd:4f:1a:33:cdCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

32:b8:e1:38:2f:30:9c:c1:1c:a2:01:47:04:c6:69:25:c1:b8:a3:a7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 842KB - Virtual size: 842KB

.data Size: 5KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 15KB - Virtual size: 15KB

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

43:62:a1:bd:ad:0b:e3:3d:e9:9f:0b:cd:4f:1a:33:cd
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

32:b8:e1:38:2f:30:9c:c1:1c:a2:01:47:04:c6:69:25:c1:b8:a3:a7
Signer

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 842KB - Virtual size: 842KB

.data
Size: 5KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 15KB - Virtual size: 15KB