2024-06-01_726f7b6ef488661ededd54569929531c_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-01_726f7b6ef488661ededd54569929531c_mafia
Size

816KB
MD5

726f7b6ef488661ededd54569929531c
SHA1

eab16fa70922eb946d66fa5e1be52b82d0263df9
SHA256

5592ef9a293f3661807a2dd083eb560d3e499a5b4a8deb52b7729bafd346bddb
SHA512

a971609ded295fb96cfb5480097e9c7afc6a304931e0ecbee5e8d7449e98083186733a648a4aec2490b2c0589db183d864593eff08cf29f420dcaec095a291b8
SSDEEP

12288:6WvHHPslfhr0L5xL1cERLkyGQA8Hix+wY51c96rTA99ur9sFHuq3:60HEPr6fLVRLtG/+wqc96PKuJsFHu2

Score

1^/10

Malware Config

Signatures

Files

2024-06-01_726f7b6ef488661ededd54569929531c_mafia
.exe windows:5 windows x86 arch:x86

28c5b032d5470b64b6339e189d7c6679

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

19:6d:f8:a7
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2012, 01:00

Not After

08/08/2027, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:23:d4:fa:82:7f:76
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/11/2013, 10:28

Not After

02/03/2017, 14:27

Subject

CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c0f746563684078756e796f752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:45:02:eb:63:15:0c:a5:b1:95:23:f1:53:56:91:2f:e5
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:62:ca:40:b0:fd:9a:1a:1f:c5:5e:d8:f0:44:f0:b3:d5:f7:33:2c
Signer

Actual PE Digest

78:62:ca:40:b0:fd:9a:1a:1f:c5:5e:d8:f0:44:f0:b3:d5:f7:33:2c

Digest Algorithm

sha1

PE Digest Matches

true

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\GamesUpdate2.0\output\XunYouGU.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
lstrcpyW
GetProcAddress
WritePrivateProfileStringW
GetPrivateProfileStringW
GetModuleFileNameW
InitializeCriticalSection
lstrcmpW
SetFilePointerEx
SetLastError
GetFileSizeEx
FileTimeToSystemTime
GetFileTime
GetSystemDirectoryA
DeleteCriticalSection
Sleep
SuspendThread
ResumeThread
FindNextFileW
FindFirstFileW
SetThreadPriority
OutputDebugStringA
CopyFileW
DeleteFileW
lstrcmpiA
LoadLibraryW
lstrcatW
lstrcpynW
FreeLibrary
GetCurrentThreadId
ReleaseMutex
CreateMutexW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameA
GetTickCount
RemoveDirectoryW
GetDiskFreeSpaceExW
CreateProcessW
TerminateProcess
FlushInstructionCache
GetCurrentProcess
GlobalFree
GlobalUnlock
GlobalReAlloc
GlobalLock
GlobalAlloc
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
lstrcmpiW
SetEvent
TlsGetValue
SetEndOfFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
ExitProcess
MoveFileW
ExitThread
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
InterlockedCompareExchange
GetStringTypeW
TlsFree
GetCurrentThread
GetStdHandle
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
HeapReAlloc
SetHandleCount
GetFileType
FatalAppExitA
GetConsoleCP
GetConsoleMode
SetFilePointer
GetTimeZoneInformation
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetFileAttributesW
TlsSetValue
CreateDirectoryW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
CreateFileA
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
CreateThread
GetOverlappedResult
WriteFile
GetFileSize
lstrlenA
OutputDebugStringW
DebugBreak
TlsAlloc
InterlockedIncrement
ReadFile
SetNamedPipeHandleState
WaitNamedPipeW
CreateFileW
DisconnectNamedPipe
ConnectNamedPipe
lstrlenW
RaiseException
CreateNamedPipeW
GetLastError
InterlockedDecrement
FlushFileBuffers
CloseHandle
DeviceIoControl
lstrcmpA

user32

DestroyMenu
CreatePopupMenu
SetScrollInfo
AppendMenuW
MonitorFromPoint
RedrawWindow
AttachThreadInput
SystemParametersInfoW
IsIconic
MoveWindow
GetScrollInfo
EndDialog
DialogBoxIndirectParamW
CreateDialogIndirectParamW
TrackPopupMenu
PostQuitMessage
PostMessageA
GetDlgItem
GetSystemMetrics
SetRect
GetCursorPos
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetForegroundWindow
SetWindowTextW
SetPropW
GetParent
GetActiveWindow
IsDialogMessageW
ReleaseDC
GetDC
UpdateLayeredWindow
ShowWindow
IsWindowVisible
SetWindowPos
GetWindowThreadProcessId
GetForegroundWindow
DestroyWindow
GetWindowLongW
GetClientRect
GetWindowRect
KillTimer
SetWindowLongW
IsWindow
SetTimer
PeekMessageW
MessageBoxW
DefWindowProcW
CreateWindowExW
LoadIconW
LoadCursorW
RegisterClassExW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
EnumChildWindows
EnumWindows
GetPropW
wsprintfW
PostMessageW
SendMessageW
CharNextW
LoadStringW
LoadImageW
UnregisterClassA

gdi32

CreateCompatibleDC
DeleteDC
SelectObject
CreateCompatibleBitmap
DeleteObject

advapi32

RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
CryptImportKey
CryptSetKeyParam
CryptDestroyKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptEncrypt
CryptAcquireContextW
CryptReleaseContext
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey

shell32

SHFileOperationW
ShellExecuteW
Shell_NotifyIconW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoTaskMemAlloc

oleaut32

SafeArrayGetUBound
SystemTimeToVariantTime
SysAllocString
VariantClear
VarUI4FromStr
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SysFreeString
SysAllocStringLen
SysStringLen
VarBstrCat
VariantInit

ws2_32

gethostbyname
socket
htons
sendto

shlwapi

PathRemoveFileSpecW
StrStrIW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecA

comctl32

InitCommonControlsEx

wininet

InternetOpenUrlA
InternetOpenA
InternetSetOptionA
HttpSendRequestA
InternetReadFile
InternetConnectA
HttpOpenRequestA
InternetSetOptionW
HttpSendRequestW
HttpQueryInfoA
InternetCrackUrlA
InternetOpenW
InternetConnectW
InternetCloseHandle
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpOpenRequestW

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 680KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28c5b032d5470b64b6339e189d7c6679

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

03:23:d4:fa:82:7f:76Certificate

Extended Key Usages

Key Usages

19:6d:f8:a7Certificate

Key Usages

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40Certificate

Extended Key Usages

Key Usages

03:23:d4:fa:82:7f:76Certificate

Extended Key Usages

Key Usages

11:21:45:02:eb:63:15:0c:a5:b1:95:23:f1:53:56:91:2f:e5Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

78:62:ca:40:b0:fd:9a:1a:1f:c5:5e:d8:f0:44:f0:b3:d5:f7:33:2cSigner

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

comctl32

wininet

psapi

version

Sections

.text Size: 680KB - Virtual size: 679KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 11KB - Virtual size: 21KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 19KB - Virtual size: 19KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

03:23:d4:fa:82:7f:76
Certificate

19:6d:f8:a7
Certificate

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

03:23:d4:fa:82:7f:76
Certificate

11:21:45:02:eb:63:15:0c:a5:b1:95:23:f1:53:56:91:2f:e5
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

78:62:ca:40:b0:fd:9a:1a:1f:c5:5e:d8:f0:44:f0:b3:d5:f7:33:2c
Signer

.text
Size: 680KB - Virtual size: 679KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 11KB - Virtual size: 21KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 19KB - Virtual size: 19KB