2024-05-28_dd8d9dc0969120c10dbc0110bd660096_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-28_dd8d9dc0969120c10dbc0110bd660096_mafia
Size

1.8MB
MD5

dd8d9dc0969120c10dbc0110bd660096
SHA1

6c4f596c03010af4442b628e3d2dfda2401acf90
SHA256

f3fcb557d6e593341457834702e1b31b209dd40aac83ea4fc7d0c09930949a5a
SHA512

88fa95a7f866e4b0d382eec138b122428ba9af59d044d5ada765e52cd61378a6b4c2e48b125c106350fa29b46c404822860243c7d2334faa37e028eba94aa766
SSDEEP

24576:Nf2rJU4NFomQFMBECXhG527/2geMjvFYQ1o6Wy6mh0f1+gHLTVhPPru69:Nf2rJU4N1BRGs/sid56mh0f1+gHP6e

Score

1^/10

Malware Config

Signatures

Files

2024-05-28_dd8d9dc0969120c10dbc0110bd660096_mafia
.exe windows:5 windows x86 arch:x86

0ba3af1e893df4b34ee00b61b072cec1

Code Sign

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:ce:22:93:bb:80:6f
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

04/06/2013, 20:23

Not After

07/09/2016, 17:18

Subject

CN=北京天神互动科技有限公司,O=北京天神互动科技有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c207a68616e676368756e70696e67407469616e7368656e6875646f6e672e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b8:06:7c:c6:cb:83:15:32:a3:ef:e9:f0:30:29:e6:68:61:49:1f:e3
Signer

Actual PE Digest

b8:06:7c:c6:cb:83:15:32:a3:ef:e9:f0:30:29:e6:68:61:49:1f:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\WD\Desktop\Periphery\WebGame\ReleasePlug\Release\QMSetup_q!tw13!qudao1.pdb

Imports

kernel32

GetSystemDirectoryA
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
SetFileAttributesA
FindClose
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateFileA
lstrlenW
CreateProcessW
CloseHandle
SetFilePointer
ReadFile
SetEndOfFile
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
CompareStringW
LoadLibraryW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
SetLastError
TlsFree
DeleteFileW
GetLastError
GetModuleFileNameW
WriteFile
SizeofResource
LoadResource
CreateFileW
FindResourceW
TlsSetValue
TlsGetValue
TlsAlloc
GetEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
Sleep
EncodePointer
DecodePointer
HeapFree
MoveFileA
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapAlloc
RtlUnwind
LCMapStringW
GetCPInfo
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsW
GetProcessHeap

user32

DialogBoxParamW
wsprintfW
EndDialog
PostQuitMessage
EndPaint
BeginPaint
LoadStringW
DestroyWindow
DefWindowProcW
UpdateWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
MessageBoxW

advapi32

RegCreateKeyW
GetUserNameW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

shlwapi

PathAppendA

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 155KB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ba3af1e893df4b34ee00b61b072cec1

Code Sign

19:9d:f8:8eCertificate

Key Usages

1b:ce:22:93:bb:80:6fCertificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

b8:06:7c:c6:cb:83:15:32:a3:ef:e9:f0:30:29:e6:68:61:49:1f:e3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

Sections

.text Size: 110KB - Virtual size: 110KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 155KB - Virtual size: 4.2MB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 23KB - Virtual size: 22KB

19:9d:f8:8e
Certificate

1b:ce:22:93:bb:80:6f
Certificate

3d
Certificate

b8:06:7c:c6:cb:83:15:32:a3:ef:e9:f0:30:29:e6:68:61:49:1f:e3
Signer

.text
Size: 110KB - Virtual size: 110KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 155KB - Virtual size: 4.2MB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 23KB - Virtual size: 22KB