2024-06-14_7aeecf03770e523a4ea192c6b172138d_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_7aeecf03770e523a4ea192c6b172138d_mafia
Size

3.1MB
MD5

7aeecf03770e523a4ea192c6b172138d
SHA1

ce0ed669db160b16d26d91065a87a7536ce104b9
SHA256

0b8194303848c31e79ce0864c1259727a1401c04ab020a620891c3725df66f0c
SHA512

e1462359de50fbe938ba12a61ba0b542059e3391568c5bcf8632c8e107ce2b745877c8ca32d972030aa0355099b04341255d619610ca74b42de5be4df20b336c
SSDEEP

49152:p/Ga6gj2kOtThlDXb22KYT7OJpj7M/7viNpL7dsjrg0SxUc0UKAnP8IQwBIEZZjz:Ua6gj2HlH2Vpj7g+7LJ6IxUc05g

Score

1^/10

Malware Config

Signatures

Files

2024-06-14_7aeecf03770e523a4ea192c6b172138d_mafia
.exe windows:5 windows x86 arch:x86

40a086fa3e3b3631c8cd611ac535d718

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:94:d6:92:3d:e8:b6:16:82:f0:09:16:c6:04:f7:71
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/08/2013, 00:00

Not After

18/08/2016, 23:59

Subject

CN=北京当乐信息技术有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=产品技术部,O=北京当乐信息技术有限公司,L=BeiJing,ST=BeiJing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:8d:06:02:23:26:64:2b:c3:f6:1f:8f:7e:d6:5a:37:97:35:6a:1f
Signer

Actual PE Digest

f1:8d:06:02:23:26:64:2b:c3:f6:1f:8f:7e:d6:5a:37:97:35:6a:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Project\Mobile_PC_Client\Output\AndInstaller.pdb

Imports

wininet

InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetConnectW
InternetReadFile
InternetOpenW

comctl32

_TrackMouseEvent
ord17

kernel32

FlushInstructionCache
GetCurrentThreadId
OutputDebugStringW
lstrcatW
DeleteFileW
Sleep
RaiseException
GlobalHandle
GlobalFree
GlobalAlloc
InitializeCriticalSectionAndSpinCount
GlobalUnlock
GlobalLock
MulDiv
LoadLibraryA
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
Process32NextW
WaitNamedPipeW
CreateFileW
WriteFile
GetPrivateProfileIntW
WritePrivateProfileStringW
GetWindowsDirectoryW
GetCurrentThread
GetCurrentProcess
CreateEventW
ResumeThread
SetEvent
ResetEvent
GetACP
GetTickCount
FreeResource
ReadFile
GetFileSize
ExitProcess
SetFilePointer
GetFileType
DuplicateHandle
CreateDirectoryW
SetFileTime
GetLocalTime
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
WaitForMultipleObjects
GetCurrentProcessId
VirtualAlloc
InterlockedPopEntrySList
EncodePointer
DecodePointer
ExitThread
GetFileAttributesW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
GetOEMCP
IsValidCodePage
HeapCreate
GetStdHandle
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetCurrentDirectoryW
CreateThread
LoadLibraryW
FreeLibrary
lstrcmpW
lstrcmpiW
ReleaseSemaphore
InterlockedDecrement
InterlockedIncrement
GetVersionExW
GetSystemInfo
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapAlloc
InitializeCriticalSection
FindNextFileW
GetLastError
FindFirstFileW
lstrcpyW
SetLastError
lstrlenW
FindClose
CloseHandle
WaitForSingleObject
CreateMutexW
GetProcAddress
GetModuleHandleW
SystemTimeToFileTime
GetSystemTime
GetModuleFileNameW
lstrlenA
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
FlushFileBuffers
CreateFileA
SetEndOfFile
DosDateTimeToFileTime
HeapDestroy

user32

SetCursor
InflateRect
OffsetRect
DispatchMessageW
TranslateMessage
GetMessageW
EnableWindow
PostThreadMessageW
SetWindowRgn
SendDlgItemMessageW
MapDialogRect
SetWindowContextHelpId
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EndPaint
IsChild
GetFocus
SetFocus
GetDlgItem
GetClassNameW
wvsprintfW
CharNextW
RedrawWindow
GetClassInfoExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
MoveWindow
SetCapture
ReleaseCapture
GetKeyState
KillTimer
IsRectEmpty
GetUpdateRect
GetCursorPos
FillRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
DefWindowProcW
LoadCursorW
RegisterClassExW
DialogBoxIndirectParamW
SetWindowPlacement
GetWindowPlacement
SystemParametersInfoW
LoadImageW
GetPropW
SetPropW
AdjustWindowRectEx
GetMenu
RegisterClassW
IsZoomed
IntersectRect
DrawTextW
UnregisterClassA
SetRect
CreateCaret
HideCaret
SetCaretPos
GetSysColor
ShowCaret
SetWindowLongW
GetActiveWindow
ClientToScreen
PtInRect
SetRectEmpty
UnionRect
CopyRect
MessageBoxW
IsWindow
SetTimer
PostQuitMessage
GetSystemMetrics
ShowWindow
IsIconic
FindWindowW
SetForegroundWindow
SendMessageW
PostMessageW
EndDialog
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
SetWindowPos
GetClientRect
ScreenToClient
BeginPaint
CharPrevW

gdi32

CreateFontIndirectW
GetTextMetricsW
CreateRectRgn
CreatePen
SetWindowOrgEx
Rectangle
RestoreDC
SaveDC
GetObjectA
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CombineRgn
CreateRoundRectRgn
CreateDIBSection
SetStretchBltMode
ExtTextOutW
SetBkColor
LineTo
MoveToEx
CreatePenIndirect
RoundRect
SetTextColor
SetBkMode
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
SetPixel
GetPixel
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
StretchBlt
GetDeviceCaps
GetObjectW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegQueryValueExW

shell32

ShellExecuteW
SHGetDesktopFolder
DragQueryFileW
ord680
SHChangeNotify

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
OleUninitialize
CoTaskMemAlloc
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal

oleaut32

OleCreateFontIndirect
VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysAllocStringLen
VariantInit

shlwapi

StrStrW
PathRemoveFileSpecW
PathAppendW
StrStrIW
SHSetValueW
wnsprintfW
SHDeleteKeyW

gdiplus

GdipCreateStringFormat
GdipCreateFontFromLogfontA
GdiplusStartup
GdipDeleteBrush
GdiplusShutdown
GdipAlloc
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateLineBrushI
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipDrawString
GdipFree
GdipCreateFontFromDC
GdipCloneBrush

iphlpapi

GetAdaptersInfo

ws2_32

WSACleanup
inet_ntoa
gethostbyname
WSAStartup
gethostname

winhttp

WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpWriteData
WinHttpSendRequest
WinHttpCloseHandle

d3d9

Direct3DCreate9

winmm

timeGetTime

Sections

.text
Size: 494KB - Virtual size: 494KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40a086fa3e3b3631c8cd611ac535d718

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0d:94:d6:92:3d:e8:b6:16:82:f0:09:16:c6:04:f7:71Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f1:8d:06:02:23:26:64:2b:c3:f6:1f:8f:7e:d6:5a:37:97:35:6a:1fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

iphlpapi

ws2_32

winhttp

d3d9

winmm

Sections

.text Size: 494KB - Virtual size: 494KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 15KB - Virtual size: 29KB

Shared Size: 512B - Virtual size: 4B

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 45KB - Virtual size: 45KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0d:94:d6:92:3d:e8:b6:16:82:f0:09:16:c6:04:f7:71
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f1:8d:06:02:23:26:64:2b:c3:f6:1f:8f:7e:d6:5a:37:97:35:6a:1f
Signer

.text
Size: 494KB - Virtual size: 494KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 15KB - Virtual size: 29KB

Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 45KB - Virtual size: 45KB