2024-06-17_5041f846bfbe924c2618b8aee4b582f2_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-17_5041f846bfbe924c2618b8aee4b582f2_mafia
Size

291KB
MD5

5041f846bfbe924c2618b8aee4b582f2
SHA1

985b7db15704e41b874308f9c21e9482cec59838
SHA256

92a1b4180ffed34a3e561275cf5e7dde3e6e8e70e12675bd08771d0127bc1f75
SHA512

6d89ec4bad2065b819412e1114862ad09a4bcd2af90ce65aa4bc717a06f305c3fb575cfaf87aab5d42901d7567f778b47a9def737917c600edde4d65cd5cb9bf
SSDEEP

6144:L20EYobNZkxwpdpsZmCO6bsqAeMn35mv8J+lFa+q:Q/JkwDiZmCOGsqe35mksl01

Score

1^/10

Malware Config

Signatures

Files

2024-06-17_5041f846bfbe924c2618b8aee4b582f2_mafia
.exe windows:5 windows x86 arch:x86

17f2fc4b81b82af0a854437f448cc994

Code Sign

21:f8:35:85:1a:ae:95:33:82:46:69:5d:73:bc:bb:12
Certificate

Issuer

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

10-12-2014 10:03

Not After

10-12-2015 10:03

Subject

CN=Li Peng,L=Handan,ST=Hebei,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:40:c0:90:95:e9:5e:31:bd:ed:a3:11:ec:82:bb:a3:bf:c2:a6:cf
Signer

Actual PE Digest

41:40:c0:90:95:e9:5e:31:bd:ed:a3:11:ec:82:bb:a3:bf:c2:a6:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\数据\MyCode\广告过滤\Release\Launcher.pdb

Imports

kernel32

GetCurrentProcess
CreateDirectoryA
DeleteFileA
ExitProcess
Sleep
CreateProcessA
GetModuleFileNameW
GetVersionExW
OutputDebugStringA
GetLastError
CreateThread
OpenMutexW
CreateMutexW
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
DecodePointer
GetProcessHeap
SetEndOfFile
CreateFileW
CreateFileA
SetStdHandle
WriteConsoleW
LoadLibraryW
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetProcAddress
lstrlenA
MultiByteToWideChar
InterlockedDecrement
CloseHandle
FindFirstFileA
EncodePointer
GetModuleFileNameA
GetACP
GetLocaleInfoW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
ReadFile
SetFilePointer
GetConsoleMode
WideCharToMultiByte
LocalFree
GetSystemTimeAsFileTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapFree
GetFileAttributesA
MoveFileA
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetStdHandle
HeapCreate
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP

user32

TrackPopupMenu
SetForegroundWindow
GetCursorPos
DefWindowProcW
CreateWindowExW
RegisterClassExW
LoadCursorW
DispatchMessageW
PostQuitMessage
GetMessageW
LoadIconW
AppendMenuW
CreatePopupMenu
PostMessageW
MessageBoxW
TranslateMessage

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW

ole32

CoCreateInstance
CoInitialize
CLSIDFromProgID

shell32

ShellExecuteExW
Shell_NotifyIconW

oleaut32

SysAllocString
VariantClear
SysFreeString

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17f2fc4b81b82af0a854437f448cc994

Code Sign

21:f8:35:85:1a:ae:95:33:82:46:69:5d:73:bc:bb:12Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40Certificate

Extended Key Usages

Key Usages

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8Certificate

Extended Key Usages

Key Usages

41:40:c0:90:95:e9:5e:31:bd:ed:a3:11:ec:82:bb:a3:bf:c2:a6:cfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 118KB - Virtual size: 117KB

.reloc Size: 10KB - Virtual size: 9KB

21:f8:35:85:1a:ae:95:33:82:46:69:5d:73:bc:bb:12
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

6b:da:df:ef:f0:66:1b:d2:64:2a:f4:6e:cb:b2:79:40
Certificate

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

41:40:c0:90:95:e9:5e:31:bd:ed:a3:11:ec:82:bb:a3:bf:c2:a6:cf
Signer

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 118KB - Virtual size: 117KB

.reloc
Size: 10KB - Virtual size: 9KB