2024-06-10_becfc6f2f997fc851f216b5a5ff8d042_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-10_becfc6f2f997fc851f216b5a5ff8d042_mafia
Size

5.5MB
MD5

becfc6f2f997fc851f216b5a5ff8d042
SHA1

17c399e66a3d6d93b6683062ac0648b6a53cab1f
SHA256

33234b41d34c4ec3d3b117159766a093b765c435e17aeef0b99e7fda08316155
SHA512

261c6a4f6f4352c9b0c48b2e99176e0925504090fa275ff1133379c65b6faaa3a1e6bc78c438768f6bd5d6f9253b99b38570d4658becb79be0f1fad40af80203
SSDEEP

98304:q1FqdCs4B8DsX33Y8YyEyAorcXXGmfXahnbt1cPB6PmeSVU55:q1w7xoXHY8L3cXXGCXM4EPmeS6X

Score

1^/10

Malware Config

Signatures

Files

2024-06-10_becfc6f2f997fc851f216b5a5ff8d042_mafia
.exe windows:5 windows x86 arch:x86

3f04ff18be300d76136db28ad96fee84

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a8:9a:7e:ec:b6:b3:11:2a:01:7b:63:6f:30:41:72:a2:b4:06:a3:f8
Signer

Actual PE Digest

a8:9a:7e:ec:b6:b3:11:2a:01:7b:63:6f:30:41:72:a2:b4:06:a3:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\build3.0.3\Funshion\Rel\symbols\FunshionService.pdb

Imports

dbghelp

MiniDumpWriteDump

advapi32

RegEnumKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW

shell32

ord165
SHFileOperationW
SHGetSpecialFolderPathW
ord51
SHGetFolderPathW
ShellExecuteW

user32

GetMessageW
DefWindowProcW
UpdateWindow
CreateWindowExW
ShowWindow
PeekMessageW
LoadIconW
RegisterClassExW
TranslateMessage
LoadCursorW
PostMessageW
DestroyWindow
DispatchMessageW
FindWindowW

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathIsRelativeW
PathFindFileNameW
PathRemoveFileSpecA
PathAppendW
PathRemoveBackslashW
PathCombineW

ws2_32

WSAAddressToStringA
listen
getsockopt
WSASetLastError
bind
htonl
setsockopt
WSAGetLastError
WSASend
WSASocketW
WSARecv
getpeername
send
__WSAFDIsSet
shutdown
getsockname
select
connect
WSASendTo
getservbyname
freeaddrinfo
getaddrinfo
getnameinfo
sendto
recvfrom
WSARecvFrom
socket
htons
gethostname
ntohl
ntohs
ioctlsocket
inet_ntoa
inet_addr
closesocket
gethostbyname
WSAStartup
accept
recv
WSACleanup

iphlpapi

GetBestInterface
SendARP
GetIpAddrTable
GetBestRoute
GetAdaptersInfo

kernel32

DeleteFileA
GetFileAttributesA
lstrlenA
GetFileSize
UnlockFile
LockFile
LockFileEx
CreatePipe
OpenProcess
DuplicateHandle
GetConsoleWindow
GetExitCodeProcess
GetComputerNameW
LoadLibraryA
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateDirectoryW
SetFileAttributesW
SetFileTime
GetExitCodeThread
SetThreadPriority
GetLogicalDriveStringsW
GetSystemDirectoryW
GetTempPathW
GetLongPathNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileMappingW
ReleaseMutex
CreateMutexW
TryEnterCriticalSection
FormatMessageA
LocalFree
CreateWaitableTimerA
SystemTimeToFileTime
ResumeThread
GetSystemInfo
GetFullPathNameA
SetEnvironmentVariableA
CompareStringW
GetTempPathA
AreFileApisANSI
GetVersionExA
GetStartupInfoW
GetTickCount
GetProcessHeap
GetCurrentThreadId
HeapAlloc
CreateEventA
CloseHandle
HeapFree
WaitForSingleObject
SetEvent
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetSystemTimes
GetProcessTimes
CreateProcessW
SetUnhandledExceptionFilter
GetModuleFileNameW
CreateFileW
GetCurrentProcessId
LeaveCriticalSection
InterlockedExchange
GetLastError
EnterCriticalSection
InterlockedExchangeAdd
PostQueuedCompletionStatus
TlsAlloc
TlsFree
QueueUserWorkItem
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
CreateEventW
InterlockedCompareExchange
GetModuleFileNameA
ExpandEnvironmentStringsW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetVersionExW
lstrcmpiW
TlsGetValue
SetWaitableTimer
GetQueuedCompletionStatus
TlsSetValue
TerminateThread
InitializeCriticalSectionAndSpinCount
SetLastError
QueueUserAPC
WaitForMultipleObjects
CreateIoCompletionPort
DeleteCriticalSection
SleepEx
GetDiskFreeSpaceExW
CopyFileW
ResetEvent
GlobalMemoryStatusEx
WritePrivateProfileStringW
DeviceIoControl
GetSystemTime
OutputDebugStringW
lstrcpyW
OpenEventA
GlobalMemoryStatus
FindFirstFileW
SetEndOfFile
SetFilePointerEx
WriteFile
GetFileAttributesW
ReadFile
FlushFileBuffers
GetProcAddress
MoveFileW
FindClose
RemoveDirectoryW
GetModuleHandleA
FindNextFileW
GetFileAttributesExW
DeleteFileW
MultiByteToWideChar
InitializeCriticalSection
GetStringTypeW
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
VirtualQuery
GetLocalTime
GetTimeZoneInformation
ExitThread
CreateThread
WriteConsoleW
GetFileType
GetStdHandle
RaiseException
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
GetCPInfo
LCMapStringW
GetModuleHandleW
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
HeapSize
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetFilePointer
LoadLibraryW
GetFullPathNameW
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
HeapReAlloc
FreeLibrary
SetStdHandle
CreateFileA

oleaut32

SysFreeString
SysAllocString
SafeArrayAccessData
VariantInit
SafeArrayUnaccessData
VariantClear

mswsock

GetAcceptExSockaddrs
AcceptEx

sensapi

IsNetworkAlive

ole32

CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitialize

psapi

GetProcessMemoryInfo

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
destroy_config_center
disable_output_log_to_file
dump
dump_initialize
dump_log
enable_output_log_to_file
getGatewayIP
get_and_update_mac
get_mac_info
get_nic_description
get_records_duration_by_ms
get_time_cost_mac
get_time_cost_mac_main
if_dump
init_config_center
lvalue
lvalue_of
output_overhead_duration
record_begin_time
record_log_interface
remove_log
set_log_message_priority
svalue
svalue_of
ulvalue_of
upload_debug_info
upload_log

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 823KB - Virtual size: 823KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f04ff18be300d76136db28ad96fee84

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:deCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

a8:9a:7e:ec:b6:b3:11:2a:01:7b:63:6f:30:41:72:a2:b4:06:a3:f8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

advapi32

shell32

user32

shlwapi

ws2_32

iphlpapi

kernel32

oleaut32

mswsock

sensapi

ole32

psapi

Exports

Exports

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 823KB - Virtual size: 823KB

.data Size: 101KB - Virtual size: 1.1MB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 364KB - Virtual size: 363KB

.reloc Size: 213KB - Virtual size: 213KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

a8:9a:7e:ec:b6:b3:11:2a:01:7b:63:6f:30:41:72:a2:b4:06:a3:f8
Signer

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 823KB - Virtual size: 823KB

.data
Size: 101KB - Virtual size: 1.1MB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 364KB - Virtual size: 363KB

.reloc
Size: 213KB - Virtual size: 213KB