2024-06-24_2d6b564264eed95e4a0737f78de83ab9_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-24_2d6b564264eed95e4a0737f78de83ab9_mafia
Size

1.3MB
MD5

2d6b564264eed95e4a0737f78de83ab9
SHA1

eb0e4a3fd9b54159ed8f890f1b00224912c66b23
SHA256

c967e8cbbb4ec6453ff357870feca82e3f3910ad2beec524e3cf48f24def910c
SHA512

5bab29f5bd7b138997289256a3ad59f69d4c9bd6ad204bb9b703713ef6e68e1859f479e5ce6dc94a75d084a5f7a245d7ae8dc4b93a6fb8d3584d541175705d0e
SSDEEP

24576:rnug3JB40SCaN3RcD2+B3OX8dsPxD6TTrbverMlBfdlBfelBf/lBfolBf4lBfs5x:j/ZSBCy3RUB3OX8ds5OTTPWrARjR6RN2

Score

1^/10

Malware Config

Signatures

Files

2024-06-24_2d6b564264eed95e4a0737f78de83ab9_mafia
.exe windows:5 windows x86 arch:x86

8d0f0099a29cece9ed1b0dbe501ffa6b

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e5:b0:d5:02:d0:85:6c:31:6b:a3:c4:b7:8f:94:ba:54:0f:69:18:03
Signer

Actual PE Digest

e5:b0:d5:02:d0:85:6c:31:6b:a3:c4:b7:8f:94:ba:54:0f:69:18:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\clientci\workspace\nbrowser_bdupdate_m2_branch\bdupdate\output\SparkUpdate.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAGetLastError
getaddrinfo
getnameinfo
WSAStartup
gethostname
freeaddrinfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

imm32

ImmDisableIME

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

psapi

EnumProcesses
EnumProcessModules
GetModuleInformation
GetModuleFileNameExW

kernel32

WaitForSingleObject
TerminateProcess
FlushInstructionCache
GetCurrentProcess
SetLastError
Sleep
TerminateThread
ResetEvent
SetEvent
SetThreadPriority
WaitForMultipleObjects
CreateEventW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetVersionExW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
GetTempPathW
lstrcpyW
InitializeCriticalSection
GetFullPathNameW
SetCurrentDirectoryW
CreateMutexW
OutputDebugStringW
GetSystemTime
GetCommandLineW
FreeConsole
GetConsoleScreenBufferInfo
GetStdHandle
AllocConsole
WriteConsoleW
SetConsoleTextAttribute
GetCurrentProcessId
GetPrivateProfileIntW
ReleaseMutex
SetProcessAffinityMask
lstrcmpiW
LoadLibraryExW
OpenFileMappingW
VirtualQuery
CreateProcessW
ExitProcess
OpenEventW
HeapAlloc
GetProcessHeap
HeapFree
OpenMutexW
GetExitCodeProcess
WTSGetActiveConsoleSessionId
DeviceIoControl
OpenProcess
GetVolumeInformationA
RemoveDirectoryW
EnterCriticalSection
GlobalFree
GlobalAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrlenA
VirtualProtect
IsWow64Process
HeapCreate
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
ProcessIdToSessionId
InterlockedExchange
InterlockedCompareExchange
GetFileSizeEx
ReadProcessMemory
VirtualQueryEx
QueueUserWorkItem
InterlockedExchangeAdd
GetSystemTimeAsFileTime
InterlockedIncrement
QueryPerformanceCounter
SetFilePointerEx
SetFileValidData
GetModuleFileNameA
GetModuleHandleA
ExpandEnvironmentStringsW
CreateFileA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetTempFileNameW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
InterlockedPopEntrySList
EncodePointer
GetModuleHandleW
GetModuleFileNameW
CopyFileW
InterlockedDecrement
lstrlenW
DeleteCriticalSection
DecodePointer
RtlUnwind
InitializeCriticalSectionAndSpinCount
LocalFree
FormatMessageW
DeleteFileW
FreeLibrary
SetEndOfFile
GetLastError
TlsFree
DosDateTimeToFileTime
SetFileAttributesW
TlsSetValue
TlsGetValue
GetCurrentThreadId
GetConsoleCP
GetConsoleMode
ExitThread
CreateThread
GetTimeFormatW
GetDateFormatW
ResumeThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetFileType
TlsAlloc
GetTickCount
UnmapViewOfFile
GetLocalTime
CreateFileMappingW
MapViewOfFile
GetFileSize
WriteFile
SetFileTime
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
WideCharToMultiByte
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileW
SetFilePointer
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSize
FlushFileBuffers
GetACP
GetOEMCP
QueryPerformanceFrequency
LeaveCriticalSection
IsValidCodePage
SetStdHandle
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
CompareStringW
SetEnvironmentVariableA
HeapReAlloc
GetFileAttributesExW
HeapDestroy

user32

InsertMenuW
GetCursorPos
TrackPopupMenu
DestroyMenu
SetFocus
RegisterWindowMessageW
GetAsyncKeyState
LoadIconW
MessageBoxW
CallWindowProcW
GetWindowLongW
LoadCursorW
GetClassInfoExW
SetWindowLongW
AllowSetForegroundWindow
DialogBoxParamW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
ShowWindow
SetTimer
DestroyWindow
SetWindowTextW
LoadImageW
DefWindowProcW
KillTimer
GetForegroundWindow
GetWindowThreadProcessId
CreatePopupMenu
AttachThreadInput
BringWindowToTop
SetForegroundWindow
SetActiveWindow
IsIconic
SendMessageW
IsWindow
DestroyIcon
PostMessageW
GetDesktopWindow
wsprintfW
CharNextW
UnregisterClassA
RegisterClassExW

gdi32

GetStockObject

advapi32

GetExplicitEntriesFromAclW
LookupAccountSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetUserNameW
GetTokenInformation
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
RegOpenKeyExA
RegEnumKeyExA
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CreateProcessAsUserW
DuplicateTokenEx
QueryServiceStatusEx
CryptReleaseContext
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetServiceStatus
SetServiceObjectSecurity
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
RegOpenKeyW
DeleteService
ControlService
ChangeServiceConfig2W
CreateServiceW
RegCreateKeyW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RevertToSelf
SetTokenInformation
RegQueryInfoKeyW

shell32

ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
ord165
SHFileOperationW
CommandLineToArgvW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoCreateInstance
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CLSIDFromProgID
CoTaskMemRealloc

oleaut32

SysAllocStringLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
VarUI4FromStr
VarBstrCmp
SysAllocString
VariantInit
SysFreeString

shlwapi

PathFileExistsW
PathRemoveFileSpecW
SHSetValueW
SHGetValueW
PathIsDirectoryW
PathFindExtensionW
PathGetDriveNumberW
PathStripPathW
PathRemoveExtensionW
PathAppendW
PathFindFileNameW

iphlpapi

GetIpForwardTable
GetAdaptersAddresses
GetAdaptersInfo

rpcrt4

RpcStringFreeW
UuidToStringW

wininet

InternetErrorDlg
HttpEndRequestW
HttpQueryInfoW
InternetGetLastResponseInfoW
InternetReadFileExA
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetSetStatusCallbackW
InternetOpenW
InternetSetOptionW
InternetQueryOptionW
InternetOpenA
InternetSetOptionA
InternetCloseHandle
HttpEndRequestA
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetWriteFile

Exports

Exports

?ClearService@Com@Util@@YGJXZ
?CreateObjectByIID@Com@Util@@YGJABU_GUID@@PAPAX@Z
?GetService@Com@Util@@YGJABU_GUID@@PAPAX@Z
?RegObject@Com@Util@@YGJABU_GUID@@0PA_W1@Z
?RegService@Com@Util@@YGJABU_GUID@@0PA_W1@Z
?ResetPath@Com@Util@@YGJPA_W@Z
?XNetDownloadFile@@YAPAXPAXPAVIXNetDownloadStatusCallback@@PB_W2W4XnetMethodType@@22@Z
?XNetHttpRequest@@YAPAXPAXP6AX0H0KPB_W@Z1W4XnetMethodType@@11K@Z
?XNetInit@@YAHXZ
?XNetStop@@YAHPAX@Z
?XNetUninit@@YAHXZ
GetLogController

Sections

.text
Size: 647KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d0f0099a29cece9ed1b0dbe501ffa6b

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e5:b0:d5:02:d0:85:6c:31:6b:a3:c4:b7:8f:94:ba:54:0f:69:18:03Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

userenv

imm32

wtsapi32

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

rpcrt4

wininet

Exports

Exports

Sections

.text Size: 647KB - Virtual size: 647KB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 18KB - Virtual size: 31KB

.rsrc Size: 404KB - Virtual size: 403KB

.reloc Size: 49KB - Virtual size: 48KB

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e5:b0:d5:02:d0:85:6c:31:6b:a3:c4:b7:8f:94:ba:54:0f:69:18:03
Signer

.text
Size: 647KB - Virtual size: 647KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 18KB - Virtual size: 31KB

.rsrc
Size: 404KB - Virtual size: 403KB

.reloc
Size: 49KB - Virtual size: 48KB