2024-06-05_d7c9863248da6da7272611e70bd729a7_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-05_d7c9863248da6da7272611e70bd729a7_mafia
Size

1.4MB
MD5

d7c9863248da6da7272611e70bd729a7
SHA1

e73d9aab337d8451ff8963e7d91f44b1f9378b77
SHA256

d93430fdf42062394ea9fb07d3970aa045889d5e5d50fe2d4c85460b2094b22d
SHA512

a3d9d84d2fabcf07d0fd4a2d68ec2451f099c19ca2a78a127541d39bf5a4b78f26bfd7912cf2ada8346767ea942693292ee4b7a7c11cb4e70ed334ac8cf78043
SSDEEP

24576:6aYjhVY2p3uR2XAnv/8Z5WxaOixSkzCEh34rqP+BUUTrzeN3R3:rYNVY2p3ycZ5q5ivh37wTmN3R3

Score

1^/10

Malware Config

Signatures

Files

2024-06-05_d7c9863248da6da7272611e70bd729a7_mafia
.exe windows:5 windows x86 arch:x86

a3f3d4e9a7d5afa383128ad6c053bc72

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:2d:23:53:0a:f6:0e:ed:15:b2:ff:cf:4d:af:4c:c8
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

13/03/2020, 00:00

Not After

12/05/2021, 23:59

Subject

CN=重庆软航科技有限公司,OU=Support,O=重庆软航科技有限公司,ST=重庆市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\ntkowebext\nativeMessaging\NtkoWebBrowser\Release\NtkoWebBrowser.pdb

Imports

wininet

InternetSetCookieW
InternetSetOptionW

kernel32

ReadConsoleInputA
SetConsoleMode
IsBadWritePtr
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTime
InterlockedIncrement
InterlockedCompareExchange
lstrcpyW
IsDebuggerPresent
GetLocalTime
lstrcmpA
InitializeCriticalSection
GetCurrentThreadId
CreateThread
lstrlenA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsWow64Process
lstrcpyA
FindResourceExA
GetVersionExA
LoadLibraryExW
LoadLibraryExA
GetModuleFileNameA
GetFullPathNameA
GetSystemDefaultLangID
GetCurrentProcess
FreeLibrary
GetFullPathNameW
FormatMessageW
LoadLibraryA
OutputDebugStringA
GetModuleFileNameW
SetLastError
LoadLibraryW
GetFileAttributesW
GetVersion
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLastError
CompareStringW
MulDiv
lstrlenW
InterlockedDecrement
GetTimeZoneInformation
SetEnvironmentVariableA
CreateFileW
WideCharToMultiByte
EncodePointer
DecodePointer
InterlockedExchange
MultiByteToWideChar
Sleep
HeapFree
HeapAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
ExitProcess
HeapCreate
ReadFile
WriteFile
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetConsoleCtrlHandler
WriteConsoleW
SetEndOfFile
LocalFree
GetProcessHeap
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
CompareStringA
GetThreadLocale
CreateFileA

user32

DrawTextA
DrawTextW
GetDesktopWindow
GetUserObjectInformationW
GetProcessWindowStation
SetForegroundWindow
IsIconic
AttachThreadInput
GetForegroundWindow
CopyRect
GetMonitorInfoW
EnumDisplayMonitors
SetRectEmpty
GetSystemMetrics
AppendMenuW
GetSystemMenu
EndDialog
GetDlgCtrlID
SetDlgItemTextW
SetWindowPos
SendDlgItemMessageW
GetWindowLongW
GetDlgItem
PostQuitMessage
EndPaint
BeginPaint
GetClientRect
UpdateWindow
ShowWindow
SetWindowTextW
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
GetClassInfoExW
TranslateAcceleratorW
LoadAcceleratorsW
DestroyWindow
SetTimer
wsprintfW
TranslateMessage
DispatchMessageW
GetMessageW
LoadImageW
MessageBoxW
SetRect
ReleaseDC
GetDC
DefWindowProcW
CallWindowProcW
PostMessageW
RemovePropW
SetWindowLongW
MessageBoxA
SetActiveWindow
SetFocus
InvalidateRect
KillTimer
DialogBoxParamW
IsWindow
MoveWindow
IsChild
GetWindowRect
GetParent
SendMessageW
SetPropW
GetPropW
GetWindowThreadProcessId
EnumChildWindows
GetClassNameW

gdi32

TranslateCharsetInfo
GetDeviceCaps
DeleteObject
GetObjectW
SetTextColor
SetBkMode
GetStockObject
CreateFontIndirectW
SelectObject
CreateSolidBrush

advapi32

RegCloseKey
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA

ole32

OleCreate
OleInitialize
OleUninitialize
OleSetContainedObject
OleLockRunning

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantChangeType
VariantClear

shlwapi

StrToIntW
StrToIntExA
StrToIntA

Sections

.text
Size: 961KB - Virtual size: 961KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3f3d4e9a7d5afa383128ad6c053bc72

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

35:2d:23:53:0a:f6:0e:ed:15:b2:ff:cf:4d:af:4c:c8Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 961KB - Virtual size: 961KB

.rdata Size: 370KB - Virtual size: 370KB

.data Size: 20KB - Virtual size: 43KB

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 64KB - Virtual size: 64KB

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

35:2d:23:53:0a:f6:0e:ed:15:b2:ff:cf:4d:af:4c:c8
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

.text
Size: 961KB - Virtual size: 961KB

.rdata
Size: 370KB - Virtual size: 370KB

.data
Size: 20KB - Virtual size: 43KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 64KB - Virtual size: 64KB