2024-06-20_eb177a5d0bc44943154d06413f8ead83_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-20_eb177a5d0bc44943154d06413f8ead83_mafia
Size

2.5MB
MD5

eb177a5d0bc44943154d06413f8ead83
SHA1

7a7dc564653d5c8cfeccdff7ddfcc6f15787ade7
SHA256

55b2444b08737f3e836e4a0adc433f321696d213959d085b2bbe9b86d4b8e6d1
SHA512

b0318c4081270bfc4a48fa825cb4813bbda1f94f96f9e97afa06a63273c50b4fe695daf9c2eaa7224f00f67c17acef5b67f4c1169f8ef389110293a83f3ac420
SSDEEP

49152:GqmN/2zLSi9naMUzjHc/w5DKpPItceujmRRoXTrUUbK1NP3lxfvTbdvS7NPDyjtR:Lz79naMUHcUD+QceujmRRojzgNP3ltvR

Score

1^/10

Malware Config

Signatures

Files

2024-06-20_eb177a5d0bc44943154d06413f8ead83_mafia
.exe windows:5 windows x86 arch:x86

4bc732a8823f8ebf824b4b89a8b912e5

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:9b:51:94:bb:ec:b3:f5:a3:45:9b:c2:b4:b3:a5:7d
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/10/2022, 00:00

Not After

23/10/2025, 23:59

Subject

CN=深圳市富途网络科技有限公司,O=深圳市富途网络科技有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

15:41:61:95:b6:4a:db:9d:8d:c7:80:2f:da:8d:c9:7f:41:09:fa:b2
Signer

Actual PE Digest

15:41:61:95:b6:4a:db:9d:8d:c7:80:2f:da:8d:c9:7f:41:09:fa:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\code\code_3\ftnn\FTNN\setupandupdate\LiveUpdateProj\PDB\LiveUpdate.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
SetStdHandle
IsProcessorFeaturePresent
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
HeapSize
HeapQueryInformation
VirtualQuery
GetSystemInfo
ExitProcess
HeapReAlloc
RaiseException
RtlUnwind
CreateThread
ExitThread
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
SetErrorMode
GlobalFlags
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedIncrement
ResumeThread
GetFullPathNameW
GetCurrentProcess
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
InterlockedExchange
GetStdHandle
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
ActivateActCtx
DeactivateActCtx
lstrcmpW
SetLastError
GlobalSize
FormatMessageW
LocalFree
MulDiv
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
SetThreadPriority
TerminateThread
VirtualAlloc
CreateFileA
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
GetProcessHeap
SetEvent
HeapFree
HeapAlloc
SetEndOfFile
GetFileSize
GetVolumeInformationW
GetLogicalDrives
GetDriveTypeW
lstrlenA
TerminateProcess
GetVersionExW
LoadLibraryW
OpenProcess
WaitForSingleObject
FreeLibrary
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFileTime
SystemTimeToFileTime
lstrcpynW
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
CloseHandle
GetTempPathW
CreateFileW
WideCharToMultiByte
WriteFile
SetFilePointer
lstrcpyW
GetPrivateProfileIntW
RemoveDirectoryW
SetFileAttributesW
FindClose
FindNextFileW
CopyFileW
FindFirstFileW
DeleteFileW
GetPrivateProfileStringW
OutputDebugStringW
FreeResource
GetCurrentThreadId
Sleep
MoveFileExW
MultiByteToWideChar
GetTickCount
GetModuleFileNameW
GetUserDefaultLangID
GetCommandLineW
WritePrivateProfileStringW
CreateDirectoryW
GetFileAttributesW
GetModuleHandleW
GetProcAddress
GetLastError
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
lstrcmpiW
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
SetUnhandledExceptionFilter
lstrcmpA
GetFileType
GetStringTypeW

user32

EnumDisplayMonitors
SetRectEmpty
DeleteMenu
UnregisterClassW
RealChildWindowFromPoint
GetSysColorBrush
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
WaitMessage
CharUpperW
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
IntersectRect
InflateRect
GetWindowThreadProcessId
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
SetLayeredWindowAttributes
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
SetWindowLongW
GetWindow
LoadMenuW
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
wsprintfW
FillRect
DrawTextW
ShowScrollBar
SetScrollInfo
GetScrollInfo
IsWindowVisible
ScreenToClient
DrawIcon
GetSystemMetrics
IsIconic
AppendMenuW
GetSystemMenu
LoadIconW
DestroyIcon
GetMenuDefaultItem
CreatePopupMenu
FindWindowExW
SendMessageW
EnableWindow
IsRectEmpty
MapVirtualKeyW
SetCapture
GetAsyncKeyState
MessageBoxW
SetWindowsHookExW
UnhookWindowsHookEx
SetDlgItemTextW
SetWindowPos
GetDesktopWindow
FindWindowW
GetDC
RedrawWindow
PostQuitMessage
SetTimer
KillTimer
SetWindowRgn
IsWindow
PostMessageW
SetClassLongW
ReleaseCapture
InvertRect
DrawFocusRect
GetWindowRgn
MapDialogRect
SubtractRect
GetDoubleClickTime
CharUpperBuffW
CopyIcon
RegisterClipboardFormatW
GetUpdateRect
PtInRect
TrackMouseEvent
LoadCursorW
DestroyCursor
GetClientRect
ReleaseDC
GetWindowDC
GetWindowRect
GetParent
CopyRect
InvalidateRect
FrameRect
HideCaret
IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
PostThreadMessageW
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExW
IsCharLowerW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetKeyNameTextW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
DrawEdge
DrawStateW
WindowFromPoint
DestroyAcceleratorTable
SetParent
IsZoomed
DrawIconEx
GetNextDlgGroupItem
LoadImageW
CopyImage
GetIconInfo
OffsetRect
MessageBeep
NotifyWinEvent
EnableScrollBar
MapWindowPoints

gdi32

LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
CreateRectRgnIndirect
SetRectRgn
PatBlt
DPtoLP
GetTextExtentPoint32W
IntersectClipRect
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
GetRgnBox
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
GetClipBox
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
CreateDCW
CopyMetaFileW
EnumFontsW
CombineRgn
CreateRectRgn
DeleteObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextMetricsW
GetDeviceCaps
GetStockObject

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegQueryValueW
RegEnumKeyW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
SHAppBarMessage
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
SHCreateDirectoryExW

comctl32

_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
UrlUnescapeW
PathFindExtensionW
PathRemoveBackslashW

ole32

StgCreateDocfile
StgOpenStorage
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitialize
CreateILockBytesOnHGlobal
StgIsStorageILockBytes
CoInitializeEx
CreateStreamOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
DoDragDrop
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard

oleaut32

SysAllocString
VariantInit
SysStringLen
VarBstrFromDate
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipCreatePen1
GdipDeletePen
GdipDrawRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipFree
GdipAlloc
GdipGetPenBrushFill
GdipDeleteBrush
GdipCloneBrush
GdipGetPenFillType
GdipFillRectangleI
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipCreateFont
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDrawString
GdipMeasureString
GdipDeleteFontFamily
GdipDeleteFont
GdipDeleteStringFormat
GdipGetGenericFontFamilySansSerif
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipBitmapGetPixel
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectRect
GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI

wsock32

WSAStartup
WSACleanup
WSASetLastError

netapi32

Netbios

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

wininet

InternetQueryOptionW
InternetOpenW
InternetReadFileExA
InternetGetLastResponseInfoW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpQueryInfoW
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
InternetSetOptionW
HttpSendRequestW
InternetConnectW

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bc732a8823f8ebf824b4b89a8b912e5

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:9b:51:94:bb:ec:b3:f5:a3:45:9b:c2:b4:b3:a5:7dCertificate

Extended Key Usages

Key Usages

15:41:61:95:b6:4a:db:9d:8d:c7:80:2f:da:8d:c9:7f:41:09:fa:b2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

wsock32

netapi32

oleacc

wininet

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 317KB - Virtual size: 317KB

.data Size: 28KB - Virtual size: 65KB

.rsrc Size: 598KB - Virtual size: 598KB

.reloc Size: 185KB - Virtual size: 185KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:9b:51:94:bb:ec:b3:f5:a3:45:9b:c2:b4:b3:a5:7d
Certificate

15:41:61:95:b6:4a:db:9d:8d:c7:80:2f:da:8d:c9:7f:41:09:fa:b2
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 317KB - Virtual size: 317KB

.data
Size: 28KB - Virtual size: 65KB

.rsrc
Size: 598KB - Virtual size: 598KB

.reloc
Size: 185KB - Virtual size: 185KB