2024-06-14_3784a1eed6c8864cbc112ca59c4b61a0_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_3784a1eed6c8864cbc112ca59c4b61a0_mafia
Size

12.1MB
MD5

3784a1eed6c8864cbc112ca59c4b61a0
SHA1

79c9e605b1f179e88a063ebacf323438c966cf4a
SHA256

a35928a9be7fbec3f33e34663aed00d54e79c4dd3399198725b91aec2b9f2177
SHA512

b9d9bd3d69f68d2d13abd302875e0effd5cf4d7a15a7ebf434a4038e3f5fdb295b39b4e37a85f8c5244a5a5d1e5a24ba9b3b163e8ae991b33a8348801fd99a8b
SSDEEP

196608:N185T/5683ImwDVldLL3FSf9dgEKOw/A6ECVAgpOWPL6s9AcTDLI:N185FzImRgEKOwYbCVAgIWPHLI

Score

1^/10

Malware Config

Signatures

Files

2024-06-14_3784a1eed6c8864cbc112ca59c4b61a0_mafia
.exe windows:5 windows x86 arch:x86

d1e2401f80d3dba4990cbde4a6e01201

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:cb:e4:da:34:55:fd:05:ee:d6:39:2b:f6:8d:b9:b5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

07/10/2023, 23:59

Subject

CN=Beijing Funshion Online Technologies Co.\, Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a0:39:c9:6f:5e:9b:65:98:e4:91:80:8e:7a:8c:83:23:4f:a1:6f:b6
Signer

Actual PE Digest

a0:39:c9:6f:5e:9b:65:98:e4:91:80:8e:7a:8c:83:23:4f:a1:6f:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\D盘资料\backup\VRPlayer1.0.5\bin_inst\Release\FunAcceInstall.pdb

Imports

shlwapi

SHSetValueW
SHGetValueW
PathFindFileNameW
PathAppendW
PathFileExistsW
PathRemoveExtensionW
PathRemoveFileSpecW
PathRemoveBackslashW
PathCanonicalizeW
PathIsRootW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
socket
recv
send
WSAIoctl
setsockopt
ntohs
bind
htonl
htons
getsockopt
getpeername
WSCEnumProtocols
WSCDeinstallProvider
WSCWriteProviderOrder
WSCInstallProvider
WSCGetProviderPath
WSACleanup
gethostbyname
gethostname
WSAStartup
accept
listen
closesocket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
ioctlsocket
getsockname

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextA
CryptImportKey
CryptReleaseContext
CryptEncrypt
CryptDestroyKey
IsValidSid
LookupAccountNameW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
GetSidIdentifierAuthority
GetSidSubAuthority
GetUserNameW
GetSidSubAuthorityCount

wldap32

ord143
ord30
ord26
ord60
ord200
ord22
ord211
ord32
ord46
ord41
ord27
ord50
ord301
ord33
ord79
ord35

kernel32

GetTimeZoneInformation
WriteConsoleW
RtlUnwind
HeapSetInformation
GetDateFormatW
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
HeapSize
HeapReAlloc
RaiseException
FindFirstFileExA
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetFileInformationByHandle
GetTimeFormatW
LCMapStringW
GetCPInfo
CompareStringW
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetHandleCount
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFullPathNameA
CreateFileA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
VirtualQuery
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
OpenProcess
Process32NextW
TerminateProcess
WaitForSingleObject
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcmpW
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleHandleW
GetCurrentProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentProcessId
GetModuleFileNameW
CreateFileW
WriteFile
GetTempPathW
GetFileAttributesW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
FindNextFileW
FindClose
MoveFileExW
DeleteFileW
CopyFileW
GetDriveTypeW
GetDiskFreeSpaceExW
GetTickCount
GetSystemDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
InterlockedCompareExchange
CreateMutexW
GetLastError
GetCommandLineW
CreateThread
InitializeCriticalSectionAndSpinCount
Sleep
SetUnhandledExceptionFilter
GetSystemDirectoryA
ExpandEnvironmentStringsA
LoadLibraryA
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
ExpandEnvironmentStringsW
CreateEventW
GetNativeSystemInfo
GetCurrentThreadId
GetUserDefaultUILanguage
FreeResource
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
SetFilePointer
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
InterlockedIncrement
InterlockedDecrement
ExitProcess
lstrlenA
lstrlenW
GetModuleHandleA
OutputDebugStringA
FileTimeToSystemTime
GetFileAttributesExW
FileTimeToLocalFileTime
MoveFileW
SetLastError
FlushFileBuffers
SetEnvironmentVariableA
ReleaseMutex
GetStartupInfoW
LocalFree
GetProcessHeap
SleepEx
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
VerifyVersionInfoA
VerSetConditionMask
SetEndOfFile
GetDriveTypeA
OpenMutexW

user32

ClientToScreen
PostMessageW
IntersectRect
DrawFocusRect
DrawTextW
KillTimer
SetTimer
SetRectEmpty
GetSystemMetrics
ReleaseDC
GetDC
SystemParametersInfoW
SetCaretPos
CreateCaret
GetSysColor
ShowCaret
GetFocus
HideCaret
SetWindowRgn
SetWindowLongW
RegisterClassExW
GetClassInfoExW
EnableWindow
LoadCursorW
SetCursor
MoveWindow
ShowWindow
SetWindowTextW
SetFocus
CreateWindowExW
IsWindow
PostQuitMessage
SendMessageW
FindWindowW
wsprintfW
ScreenToClient
SetActiveWindow
GetMessageW
LoadImageW
SetCapture
IsZoomed
GetKeyState
IsWindowEnabled
TranslateMessage
OffsetRect
BringWindowToTop
PeekMessageW
GetDesktopWindow
GetCursorPos
GetActiveWindow
PostThreadMessageW
ReleaseCapture
MapWindowPoints
UpdateWindow
CallWindowProcW
GetWindow
DispatchMessageW
GetParent
PtInRect
GetWindowRect
EndPaint
UpdateLayeredWindow
GetClientRect
GetWindowLongW
BeginPaint
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
DestroyWindow
InvalidateRect
DefWindowProcW

gdi32

CreateCompatibleBitmap
CombineRgn
SetRectRgn
BitBlt
GetTextColor
GetDeviceCaps
CreateRectRgn
CreateFontIndirectW
GetObjectW
SetTextColor
SetBkColor
SetBkMode
SelectClipRgn
CreateRectRgnIndirect
ExtSelectClipRgn
ExtTextOutW
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC
OffsetRgn
DeleteDC
GetClipBox

shell32

ShellExecuteW
ord165
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW

ole32

CoInitializeEx
CoUninitialize
CoCreateGuid
CoInitialize
OleInitialize
CoCreateInstance

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear

comctl32

ord17
_TrackMouseEvent

msimg32

GradientFill
AlphaBlend

riched20

ord4

winhttp

WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpen

iphlpapi

GetBestRoute
GetBestInterface
GetIpAddrTable
GetIfTable

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP

Sections

.text
Size: 898KB - Virtual size: 898KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1e2401f80d3dba4990cbde4a6e01201

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

09:cb:e4:da:34:55:fd:05:ee:d6:39:2b:f6:8d:b9:b5Certificate

Extended Key Usages

Key Usages

a0:39:c9:6f:5e:9b:65:98:e4:91:80:8e:7a:8c:83:23:4f:a1:6f:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

version

ws2_32

advapi32

wldap32

kernel32

user32

gdi32

shell32

ole32

oleaut32

comctl32

msimg32

riched20

winhttp

iphlpapi

Exports

Exports

Sections

.text Size: 898KB - Virtual size: 898KB

.rdata Size: 212KB - Virtual size: 211KB

.data Size: 15KB - Virtual size: 32KB

.rsrc Size: 10.9MB - Virtual size: 10.9MB

.reloc Size: 86KB - Virtual size: 86KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

09:cb:e4:da:34:55:fd:05:ee:d6:39:2b:f6:8d:b9:b5
Certificate

a0:39:c9:6f:5e:9b:65:98:e4:91:80:8e:7a:8c:83:23:4f:a1:6f:b6
Signer

.text
Size: 898KB - Virtual size: 898KB

.rdata
Size: 212KB - Virtual size: 211KB

.data
Size: 15KB - Virtual size: 32KB

.rsrc
Size: 10.9MB - Virtual size: 10.9MB

.reloc
Size: 86KB - Virtual size: 86KB