2024-05-29_726f3af60d3c2d76b3add2f09020a0b8_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-29_726f3af60d3c2d76b3add2f09020a0b8_mafia
Size

1.6MB
MD5

726f3af60d3c2d76b3add2f09020a0b8
SHA1

dffe5539d20b2e1a53abc20debd4f82ebac12417
SHA256

54ec72d948c53ba23b46432a55a5261bce880b763e9e2da87401a5d4f74e04df
SHA512

ee43839a44f165f8234e5218b4a341230e77868b9544e449c56fd990d7282a06afb437929075327bb716e6d8ac91f31138f58c2328b57e31a1861af4151d25c5
SSDEEP

24576:+mGm0Iz2bJsNVHVLjfNTUje3qH/fO+tTufn1KoaHcoF:pGmEbJIbNTUje3qOUTxokcoF

Score

1^/10

Malware Config

Signatures

Files

2024-05-29_726f3af60d3c2d76b3add2f09020a0b8_mafia
.exe windows:5 windows x86 arch:x86

c0fddd89b4d3b592bb2ba7df66c3cd8f

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:94:d6:92:3d:e8:b6:16:82:f0:09:16:c6:04:f7:71
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/08/2013, 00:00

Not After

18/08/2016, 23:59

Subject

CN=北京当乐信息技术有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=产品技术部,O=北京当乐信息技术有限公司,L=BeiJing,ST=BeiJing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a4:cd:cd:7c:e8:bb:b4:6f:7f:7e:1a:3b:53:28:23:23:2c:d6:4d:37
Signer

Actual PE Digest

a4:cd:cd:7c:e8:bb:b4:6f:7f:7e:1a:3b:53:28:23:23:2c:d6:4d:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Project\Mobile_PC_Client\Output\当乐IPA安装器.pdb

Imports

winmm

timeGetTime

comctl32

_TrackMouseEvent
ord17

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

SetDllDirectoryW
SetEnvironmentVariableW
GetTimeZoneInformation
lstrlenW
FindClose
FindNextFileW
OutputDebugStringA
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
DeleteFileW
GetVersionExA
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapValidate
GetFileAttributesA
FormatMessageW
FormatMessageA
UnlockFileEx
LockFile
UnlockFile
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
CreateMutexW
GetTempPathA
SetEnvironmentVariableA
CompareStringW
GetFullPathNameA
GetProcessHeap
SetEndOfFile
WriteConsoleW
CreateFileA
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetStringTypeW
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsProcessorFeaturePresent
HeapDestroy
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
HeapSize
GetLocaleInfoW
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
GetSystemTimeAsFileTime
FindFirstFileW
GetEnvironmentVariableW
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
WriteFile
SetFileTime
CreateDirectoryW
DosDateTimeToFileTime
SystemTimeToFileTime
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
GetLocalTime
MulDiv
InterlockedDecrement
InterlockedIncrement
ExitProcess
GetLastError
OutputDebugStringW
GetACP
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetTickCount
GetModuleHandleW
FindResourceW
LoadResource
FreeResource
SizeofResource
LockResource
GetCurrentProcessId
GetCurrentDirectoryW
GetTempPathW
Sleep
CreateThread
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
MultiByteToWideChar
GetModuleFileNameW
WideCharToMultiByte
GetProcAddress
LoadLibraryW
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
RaiseException
HeapReAlloc
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
HeapFree
DecodePointer
EncodePointer
InterlockedCompareExchange

user32

GetWindowLongW
RegisterClassExW
LoadCursorW
GetParent
GetWindowRect
DestroyWindow
PostQuitMessage
SetWindowLongW
CharNextW
IntersectRect
SetCursor
PtInRect
GetKeyState
GetDC
GetClientRect
GetWindowRgn
SetWindowPos
ShowWindow
CreateWindowExW
MessageBoxW
InvalidateRect
MoveWindow
wsprintfW
EnableWindow
SystemParametersInfoW
CallWindowProcW
GetPropW
SetPropW
AdjustWindowRectEx
GetMenu
RegisterClassW
KillTimer
IsWindow
SetCapture
ReleaseCapture
ReleaseDC
SetFocus
GetFocus
MapWindowPoints
CreateCaret
SendMessageW
PostMessageW
wvsprintfW
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetWindow
ScreenToClient
GetCursorPos
DispatchMessageW
InflateRect
DefWindowProcW
OffsetRect
GetMessageW
SetTimer
GetSysColor
ClientToScreen
SetCaretPos
ShowCaret
HideCaret
GetClassInfoExW
CreateAcceleratorTableW
InvalidateRgn
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
SetRect
CharPrevW
DrawTextW
FillRect
IsZoomed
SetWindowRgn
MonitorFromWindow
GetMonitorInfoW
IsIconic
TranslateMessage

gdi32

GetPixel
SetPixel
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
SetBkMode
SetTextColor
RoundRect
CreatePenIndirect
MoveToEx
LineTo
CreateSolidBrush
SetBkColor
ExtTextOutW
SetStretchBltMode
StretchBlt
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
CreateRoundRectRgn
GetObjectA
CreateCompatibleBitmap
SaveDC
BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
CreatePen
GetStockObject
CreateFontIndirectW
GetTextMetricsW
GetObjectW
SetDIBColorTable
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
PtInRegion
CreateCompatibleDC
CreateRectRgn
GetDeviceCaps

comdlg32

GetOpenFileNameW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
DragQueryFileW

ole32

CoCreateInstance
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

gdiplus

GdipGetImagePixelFormat
GdiplusShutdown
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdiplusStartup
GdipCreateFromHDC
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipFree
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipDrawImageI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight

shlwapi

StrCmpIW
ord12

d3d9

Direct3DCreate9

winhttp

WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpOpen
WinHttpWriteData
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpReadData
WinHttpConnect

ws2_32

send
closesocket
recv
htonl
ntohl

Sections

.text
Size: 895KB - Virtual size: 895KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 515KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0fddd89b4d3b592bb2ba7df66c3cd8f

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0d:94:d6:92:3d:e8:b6:16:82:f0:09:16:c6:04:f7:71Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a4:cd:cd:7c:e8:bb:b4:6f:7f:7e:1a:3b:53:28:23:23:2c:d6:4d:37Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

d3d9

winhttp

ws2_32

Sections

.text Size: 895KB - Virtual size: 895KB

.rdata Size: 152KB - Virtual size: 152KB

.data Size: 18KB - Virtual size: 97KB

Shared Size: 512B - Virtual size: 4B

.rsrc Size: 515KB - Virtual size: 514KB

.reloc Size: 53KB - Virtual size: 53KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0d:94:d6:92:3d:e8:b6:16:82:f0:09:16:c6:04:f7:71
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a4:cd:cd:7c:e8:bb:b4:6f:7f:7e:1a:3b:53:28:23:23:2c:d6:4d:37
Signer

.text
Size: 895KB - Virtual size: 895KB

.rdata
Size: 152KB - Virtual size: 152KB

.data
Size: 18KB - Virtual size: 97KB

Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 515KB - Virtual size: 514KB

.reloc
Size: 53KB - Virtual size: 53KB