2024-06-12_7f3e586f7c66f5201e5b61dbf428c1ed_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-12_7f3e586f7c66f5201e5b61dbf428c1ed_mafia
Size

1.3MB
MD5

7f3e586f7c66f5201e5b61dbf428c1ed
SHA1

c6f8c311989fb50455a9e9eb2ab29248426fa79c
SHA256

45e28fdbd9d28b098406bea6fa1feed378c84c14539829f5d65535db44513e5d
SHA512

a862de61d1a410062037c0a87e6af1d15757aac99d7f5081aab686393153c6cb3d7a4557f1129767f179262fa7650709169f51bf8292ed2d861e37a47bb6ae9f
SSDEEP

12288:zLuqS41QhNQb5l9wgLI9X93L2B0BkXsXP1FBOTsPmGDLDwmF5j:zLZ1QhEygLI9XV2B0B9XBOTonDLDwmD

Score

1^/10

Malware Config

Signatures

Files

2024-06-12_7f3e586f7c66f5201e5b61dbf428c1ed_mafia
.exe windows:5 windows x86 arch:x86

d781656963d7e7c8a4b70d394b01cbd5

Code Sign

5e:73:24:f5:dc:90:ed:81:d1:47:86:28:b8:f4:98:5b
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

16-09-2015 04:58

Not After

16-11-2016 04:58

Subject

CN=吉林市点金网络科技有限公司,O=吉林市点金网络科技有限公司,L=吉林市,ST=吉林省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:5f:80:10:5a:67:96:b2:ed:6c:09:8c:13:60:3d:f3:65:15:bf:db
Signer

Actual PE Digest

7a:5f:80:10:5a:67:96:b2:ed:6c:09:8c:13:60:3d:f3:65:15:bf:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\工程\代理蚂蚁浏览器3.0\Release\ProxyAnt.pdb

Imports

kernel32

HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
CreateMutexW
GetSystemDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetVersionExW
SetCurrentDirectoryW
GetTickCount
GetModuleHandleW
IsBadReadPtr
OutputDebugStringA
FreeLibrary
lstrcmpiW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
SetLastError
MulDiv
lstrcmpW
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateFileA
GetCurrentProcessId
QueryPerformanceCounter
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetStringTypeW
HeapCreate
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFileType
GetStdHandle
SetHandleCount
GetConsoleMode
GetConsoleCP
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
MoveFileA
ExitProcess
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
LocalFree
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapDestroy
DeleteCriticalSection
GetProcAddress
UnmapViewOfFile
MapViewOfFile
GetFileSize
CreateFileMappingW
LoadLibraryW
SetFileTime
WriteFile
GetFileAttributesW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
SetFilePointer
CreateFileW
GetVersion
lstrcpyW
GetEnvironmentStringsW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
HeapFree
GetProcessHeap
HeapAlloc
GetLastError
GetEnvironmentVariableW
OpenProcess
CreateThread
RaiseException
GetModuleFileNameW
MultiByteToWideChar
FlushInstructionCache
WriteProcessMemory
GetCurrentProcess
ReadProcessMemory
VirtualProtect
ReadFile
FindResourceExW
LockResource
WideCharToMultiByte
FindNextFileW
lstrlenW
CreateDirectoryW
FreeResource
LoadResource
SizeofResource
FindResourceW
CloseHandle
WaitForSingleObject
TerminateProcess
Sleep
CreateProcessW
DeleteFileW
DeleteFileA
FindFirstFileW
FindClose

user32

GetCursorPos
MoveWindow
DispatchMessageW
LoadIconW
CreatePopupMenu
AppendMenuW
CheckMenuItem
SetForegroundWindow
TrackPopupMenuEx
DestroyMenu
BeginPaint
SetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
SetWindowRgn
GetClassLongW
IsZoomed
SetLayeredWindowAttributes
GetWindowDC
UpdateLayeredWindow
TrackMouseEvent
GetActiveWindow
GetWindowRect
GetParent
UnregisterClassA
EndPaint
IsChild
SendMessageW
GetSystemMetrics
GetDC
DrawTextW
UnhookWindowsHookEx
IsWindow
GetWindowTextW
wsprintfW
PostMessageW
GetMessageW
GetKeyState
TranslateMessage
SetParent
GetWindow
UnregisterHotKey
RegisterHotKey
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
FindWindowW
SetWindowPos
MessageBoxW
SetCursor
LoadCursorW
ClientToScreen
ScreenToClient
PtInRect
GetClientRect
GetDesktopWindow
SetCapture
FillRect
FrameRect
DrawIconEx
IntersectRect
SetTimer
InvalidateRect
GetFocus
IsWindowVisible
GetCapture
ReleaseCapture
KillTimer
SystemParametersInfoW
DestroyWindow
SetWindowsHookExW
CallNextHookEx
CharNextW
RegisterClassExW
GetClassInfoExW
DefWindowProcW
DestroyAcceleratorTable
CallWindowProcW
InvalidateRgn
CreateAcceleratorTableW
CreateWindowExW
RedrawWindow
GetSysColor
GetClassNameW
GetDlgItem
ReleaseDC
GetWindowLongW
ShowWindow
SetWindowLongW
PostQuitMessage
RegisterClipboardFormatW
SetFocus

gdi32

GetTextExtentPoint32W
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
SetTextColor
DeleteDC
CreateFontIndirectW
GetDeviceCaps
SetViewportOrgEx
SelectObject
DeleteObject
CreateSolidBrush
CreateDIBSection
SetBkColor
ExtTextOutW
SetPixel
CreatePen
MoveToEx
LineTo
CreateRectRgn
SelectClipRgn
GetCurrentObject
GetObjectW
GetBitmapBits
SetBitmapBits
GetObjectType
CreateRoundRectRgn
CreatePolygonRgn
FillRgn
FrameRgn
SetBkMode
BitBlt

advapi32

LookupPrivilegeValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
OpenProcessToken
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
AdjustTokenPrivileges

shell32

ShellExecuteW
Shell_NotifyIconW

ole32

OleInitialize
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathRemoveFileSpecW
StrToIntW
StrCmpNIW

ws2_32

WSAResetEvent
WSASend
WSAEnumNetworkEvents
WSAConnect
WSAEventSelect
WSASetEvent
WSARecv
WSASocketW
GetAddrInfoW
FreeAddrInfoW
WSASetLastError
WSACloseEvent
WSAGetLastError
WSAGetOverlappedResult
WSAStartup
closesocket
WSACreateEvent
WSACleanup

gdiplus

GdipCloneImage
GdipLoadImageFromStream
GdipDisposeImage
GdipSetImageAttributesWrapMode
GdipDrawImageRectRectI
GdipSetImageAttributesRemapTable
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipFillRectangleI
GdipAlloc
GdipFree
GdipDeleteBrush
GdipDeleteGraphics
GdipCreateFromHDC
GdipImageSelectActiveFrame
GdiplusShutdown
GdiplusStartup
GdipCreateSolidFill
GdipCloneBitmapArea
GdipCreateBitmapFromResource
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0

msimg32

GradientFill

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

tpclient

TpLogin
TpCloseService
TpChangeIpByAddr
TpQueryProxy
TpGetInfo
TpGetInternetAddress
TpCreateService
TpSetApiHost
TpIsAlive

wininet

InternetOpenW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

comctl32

_TrackMouseEvent

Sections

.text
Size: 462KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 723KB - Virtual size: 722KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d781656963d7e7c8a4b70d394b01cbd5

Code Sign

5e:73:24:f5:dc:90:ed:81:d1:47:86:28:b8:f4:98:5bCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

7a:5f:80:10:5a:67:96:b2:ed:6c:09:8c:13:60:3d:f3:65:15:bf:dbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

gdiplus

msimg32

imm32

tpclient

wininet

psapi

comctl32

Sections

.text Size: 462KB - Virtual size: 462KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 723KB - Virtual size: 722KB

.reloc Size: 33KB - Virtual size: 33KB

5e:73:24:f5:dc:90:ed:81:d1:47:86:28:b8:f4:98:5b
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

7a:5f:80:10:5a:67:96:b2:ed:6c:09:8c:13:60:3d:f3:65:15:bf:db
Signer

.text
Size: 462KB - Virtual size: 462KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 723KB - Virtual size: 722KB

.reloc
Size: 33KB - Virtual size: 33KB