2024-06-08_fbc9689c31edcfff3b0534b39838d21e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-08_fbc9689c31edcfff3b0534b39838d21e_mafia
Size

3.8MB
MD5

fbc9689c31edcfff3b0534b39838d21e
SHA1

ad74ad5e37dc7e55bc631ec64f963c29e918ee81
SHA256

4ead7f968f4e6425608b9399b35d09351a15bafb156c8fada44acbc1756b5665
SHA512

aaecf9478b6b1f68922b02ed852186444e3b52be659b3cad6e1c5a6740b8c26dd1840328e1715388d9dc0733f45e0b2b15233002cac174d10b7009b3bcb721e4
SSDEEP

98304:rRNhbFQIivBVjCPOMCYMSBH1aT2RhbktXUAWdoKP6RFgekOtqBUgFJhH:VDRQvWOmfbuWdoKCRFpkOtUUq

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-08_fbc9689c31edcfff3b0534b39838d21e_mafia

Files

2024-06-08_fbc9689c31edcfff3b0534b39838d21e_mafia
.exe windows:5 windows x86 arch:x86

afe765f98c07adfb2195932905280031

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\SSCap\branches\ABoLuo\Release\地球SS专线加速器.pdb

Imports

libprivoxy

start_privoxy
get_privoxy_port

libcurl

curl_slist_free_all
curl_easy_init
curl_global_cleanup
curl_easy_getinfo
curl_global_init
curl_easy_cleanup
curl_version_info
curl_easy_setopt
curl_slist_append
curl_easy_perform

advapi32

RegQueryValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
SystemFunction036
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW

shlwapi

PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathRemoveFileSpecW

kernel32

ConvertDefaultLocale
GetUserDefaultUILanguage
GetPrivateProfileIntW
GlobalGetAtomNameW
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetSystemDirectoryW
GetCurrentDirectoryW
SetErrorMode
GetFileAttributesExW
InterlockedExchange
GetFileTime
GetTempFileNameW
GetTempPathW
GetWindowsDirectoryW
GetNumberFormatW
SearchPathW
GetUserDefaultLCID
VirtualProtect
FindResourceExW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
DecodePointer
EncodePointer
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
GetTimeFormatW
GetDateFormatW
GetFileType
ExitThread
VirtualAlloc
VirtualQuery
CreateDirectoryA
RtlUnwind
HeapReAlloc
HeapQueryInformation
HeapSize
ExitProcess
SetStdHandle
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
IsDBCSLeadByteEx
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GlobalFlags
FileTimeToLocalFileTime
FindFirstFileW
FindClose
FileTimeToSystemTime
GetThreadLocale
lstrcmpA
SetThreadPriority
ReleaseActCtx
CreateActCtxW
GlobalAddAtomW
GetSystemDefaultUILanguage
GlobalDeleteAtom
CompareStringW
InitializeCriticalSectionAndSpinCount
lstrcmpW
GlobalSize
OpenMutexW
CreateMutexW
SetThreadLocale
GetProfileIntW
lstrcpynW
DebugBreak
RaiseException
lstrcpyW
WinExec
lstrcatW
LocalAlloc
MulDiv
FreeResource
GetVersion
lstrcmpiW
DeactivateActCtx
lstrlenW
ActivateActCtx
GetCPInfo
GetTickCount
CreateFileW
GetFileSize
SetFilePointer
CreateFileA
LocalFree
GetSystemInfo
GlobalFree
SetLastError
GlobalUnlock
TerminateProcess
GetVersionExW
FormatMessageW
GlobalAlloc
GlobalLock
GetCurrentProcess
ResumeThread
GetCurrentThreadId
TerminateThread
InterlockedDecrement
InterlockedIncrement
LockResource
SizeofResource
LoadResource
FindResourceW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
lstrlenA
DeleteFileW
MultiByteToWideChar
GetFileAttributesW
CopyFileW
WideCharToMultiByte
FreeLibrary
GetCurrentProcessId
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ReadFile
WriteFile
CreateThread
CloseHandle
Sleep
SetEvent
WaitForSingleObject
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
CreateEventW
ResetEvent
GetLastError
GetCurrentThread
QueryPerformanceCounter
IsDebuggerPresent
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetLocaleInfoW
GlobalFindAtomW
LoadLibraryExW
GetFileSizeEx

user32

CopyIcon
CharUpperBuffW
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
GetUpdateRect
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetWindowRgn
SetMenuDefaultItem
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
CharNextW
CopyAcceleratorTableW
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
CharUpperW
RealChildWindowFromPoint
MapVirtualKeyW
GetKeyNameTextW
IntersectRect
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
IsWindowVisible
ValidateRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
EndPaint
BeginPaint
InvertRect
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
EndDialog
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
GetClassNameW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
GetMenuStringW
PeekMessageW
GetWindowTextA
SetWindowTextA
RegisterWindowMessageW
GetSystemMenu
SetFocus
UnregisterHotKey
RegisterHotKey
IsIconic
InvalidateRgn
DrawIcon
LoadIconW
IsRectEmpty
SetWindowRgn
IsZoomed
SetForegroundWindow
GetMessageW
SetRectEmpty
GetCapture
HideCaret
EqualRect
GetMessagePos
GetFocus
GetWindow
RedrawWindow
UpdateWindow
SetCapture
MessageBeep
ReleaseCapture
GetKeyState
ScreenToClient
TranslateMessage
GetAsyncKeyState
BringWindowToTop
DispatchMessageW
GetNextDlgTabItem
ClientToScreen
PostMessageW
GetParent
WindowFromPoint
GetClientRect
CreateIconIndirect
GetIconInfo
DrawFocusRect
InflateRect
OffsetRect
TrackPopupMenuEx
LoadMenuW
DrawStateW
DestroyCursor
FrameRect
GetActiveWindow
DestroyMenu
SetCursor
SetTimer
GetWindowRect
LoadImageW
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFrameControl
SetClassLongW
DestroyAcceleratorTable
SetParent
RegisterClipboardFormatW
GetNextDlgGroupItem
UnregisterClassW
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
KillTimer
LoadCursorW
PtInRect
InvalidateRect
GetWindowLongW
GetCursorPos
FillRect
GetMenuItemID
DrawTextW
TabbedTextOutW
GetSubMenu
DrawIconEx
WaitMessage
IsClipboardFormatAvailable
CopyImage
GetWindowDC
GetMenuDefaultItem
MessageBoxW
SetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
EnableWindow
SendMessageW
IsWindow
GetDC
SendMessageA
CopyRect
DestroyIcon
GetSystemMetrics
InsertMenuW
RemoveMenu
GetMenuItemCount
LoadBitmapW
GetSysColorBrush
CreatePopupMenu
GetSysColor
GetDesktopWindow
GrayStringW
GetMenuState
ReleaseDC
SystemParametersInfoW
AppendMenuW
SetRect
ModifyMenuW
GetMenuItemInfoW
DrawEdge
DrawTextExW
CreateMenu
DeleteMenu

gdi32

ExtTextOutW
Ellipse
PtVisible
GetObjectW
Escape
CreateCompatibleDC
SelectObject
DeleteObject
SetPixel
GetDeviceCaps
CreateFontIndirectW
CreateDIBSection
DeleteDC
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
CreatePen
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetObjectType
Rectangle
SetRectRgn
GetMapMode
DPtoLP
GetRgnBox
GetBkColor
GetTextColor
EnumFontFamiliesW
GetTextCharsetInfo
CreatePolygonRgn
CreateEllipticRgn
Polyline
Polygon
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
SetROP2
SetPolyFillMode
SetBkMode
CreateCompatibleBitmap
ExcludeClipRect
GetClipBox
SetMapMode
RectVisible
GetPixel
TextOutW
CreateSolidBrush
OffsetWindowOrgEx
RestoreDC
SaveDC
CopyMetaFileW
GetTextMetricsW
CreateRectRgnIndirect
CombineRgn
SelectPalette
CreateRectRgn
CreateRoundRectRgn
UnrealizeObject
CreatePatternBrush
CreateDCW
CreatePalette
RealizePalette
CreateDIBitmap
SetTextColor
SetBkColor
CreateBitmap
StretchBlt
GetStockObject
BitBlt
GetTextExtentPoint32W
PatBlt
CreateHatchBrush
GetBkMode

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

shell32

ShellExecuteExW
ShellExecuteW
SHAppBarMessage
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFileInfoW
Shell_NotifyIconW

comctl32

ImageList_GetIconSize
_TrackMouseEvent
InitCommonControlsEx

ole32

OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleGetClipboard
CoUninitialize
CoInitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CoCreateGuid
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
RevokeDragDrop
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium
OleDuplicateData
CoCreateInstance
CLSIDFromString
RegisterDragDrop
CoRegisterMessageFilter
CoRevokeClassObject
CoLockObjectExternal
CreateStreamOnHGlobal

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
OleLoadPicture
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
VariantChangeType
SafeArrayDestroy
SysStringLen
VarBstrFromDate
OleCreateFontIndirect
LoadTypeLi
SysAllocStringLen
VariantInit
VariantClear
VariantCopy
SysAllocString
SysFreeString

ws2_32

recvfrom
sendto
__WSAFDIsSet
setsockopt
getpeername
ioctlsocket
inet_ntoa
WSAStartup
inet_addr
htonl
select
WSAGetLastError
htons
ntohs
getsockname
WSACleanup
recv
socket
WSASetLastError
closesocket
gethostbyname
send
listen
accept
ntohl
connect
bind

wininet

HttpAddRequestHeadersA
InternetConnectA
InternetQueryOptionW
InternetCloseHandle
InternetOpenA
HttpQueryInfoA
HttpOpenRequestA
HttpQueryInfoW
InternetSetOptionW
HttpSendRequestW
InternetReadFile

oledlg

OleUIBusyW

gdiplus

GdiplusShutdown
GdipCreateBitmapFromScan0
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipSaveImageToFile
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetInterpolationMode
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipFree

libintl3

ord27
ord51
ord26
ord35

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 572KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afe765f98c07adfb2195932905280031

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libprivoxy

libcurl

advapi32

shlwapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

shell32

comctl32

ole32

oleaut32

ws2_32

wininet

oledlg

gdiplus

libintl3

oleacc

imm32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 572KB - Virtual size: 571KB

.data Size: 52KB - Virtual size: 151KB

.rsrc Size: 718KB - Virtual size: 718KB

.reloc Size: 386KB - Virtual size: 386KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 572KB - Virtual size: 571KB

.data
Size: 52KB - Virtual size: 151KB

.rsrc
Size: 718KB - Virtual size: 718KB

.reloc
Size: 386KB - Virtual size: 386KB