2024-06-28_5cf01bf6781b1556fc711a60837db804_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-28_5cf01bf6781b1556fc711a60837db804_mafia
Size

1.0MB
MD5

5cf01bf6781b1556fc711a60837db804
SHA1

7f0fb5a8854d55803eb7cd46cb14b5d9adc38ecd
SHA256

d56ff8a59d4b08e4a4b1884c0970f7c576fbd2e2490eaecdb4ff1a1d93daf563
SHA512

7cd6b0a3eaef36e5c9e85d4b29ed3404f72d71b65744be55cc2d49be8d16c667b4855278316bf90f27fe2dbb5e1b95d772414f6ef6c25d24e9f98c6d175b59bf
SSDEEP

24576:BclLF5IFnEDJ7o5k+bEGx8/A3bIm6gQJgk87m0j:EBDdo5kbG+/wbIm6gQJgk87m0j

Score

1^/10

Malware Config

Signatures

Files

2024-06-28_5cf01bf6781b1556fc711a60837db804_mafia
.exe windows:5 windows x86 arch:x86

1928b8487cdca536e1f2016183b989f6

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24-04-2012 00:00

Not After

24-04-2015 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:f8:87:7a:d1:66:d1:1a:c1:61:4a:a2:87:11:74:7b:6f:87:a7:c7
Signer

Actual PE Digest

ea:f8:87:7a:d1:66:d1:1a:c1:61:4a:a2:87:11:74:7b:6f:87:a7:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Q:\app\gensoft\browser-ipcs\client\build\Release\SparkRepair.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathAddBackslashW
PathRemoveBackslashW
PathAppendW
StrToIntA
PathStripPathW
PathFindExtensionW
PathGetDriveNumberW
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW

ws2_32

WSAGetLastError
connect
WSAIoctl
getpeername
send
__WSAFDIsSet
select
sendto
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
htons
ntohs
getsockname
setsockopt
recv
bind
WSASetLastError
closesocket
getsockopt
htonl
gethostbyname
WSAStartup
WSACleanup
socket

iphlpapi

IcmpSendEcho
IcmpCloseHandle
GetAdaptersAddresses
GetIpForwardTable
IcmpCreateFile

wininet

InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetCloseHandle
HttpQueryInfoW

kernel32

ExpandEnvironmentStringsW
WaitForSingleObject
InterlockedExchange
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
Sleep
GetFileAttributesW
CreateDirectoryW
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExW
GetNativeSystemInfo
GetTickCount
LoadLibraryW
FreeLibrary
GetSystemDirectoryW
CopyFileW
CreateFileW
ReadFile
DeleteFileW
GlobalFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateEventW
ResetEvent
lstrlenA
SetEvent
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FlushInstructionCache
RaiseException
GetCurrentThreadId
SetLastError
GetCommandLineW
GetCurrentProcessId
ReleaseMutex
SetFilePointer
WriteFile
OutputDebugStringA
FormatMessageA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
IsDebuggerPresent
CreateThread
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
FileTimeToSystemTime
CloseHandle
HeapSetInformation
GetStdHandle
LocalFree
TlsGetValue
TlsFree
TlsAlloc
InterlockedIncrement
GetDiskFreeSpaceExW
SetUnhandledExceptionFilter
WaitForMultipleObjects
CreateFileA
DeviceIoControl
SetEndOfFile
GetLocalTime
GetTempPathW
GetVolumeInformationW
OpenFileMappingW
GetDriveTypeW
SleepEx
GetVersionExA
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueueTimer
CreateTimerQueue
PeekNamedPipe
LoadLibraryA
GetFileType
ExpandEnvironmentStringsA
FlushFileBuffers
GetLocaleInfoW
HeapCreate
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
ExitProcess
GetConsoleMode
GetConsoleCP
UnhandledExceptionFilter
RtlUnwind
GetStartupInfoW
ExitThread
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSize
HeapReAlloc
HeapDestroy
DecodePointer
EncodePointer
WTSGetActiveConsoleSessionId
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
GetModuleHandleW
InterlockedCompareExchange
MultiByteToWideChar
FreeResource
LoadResource
FindResourceW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
LockResource
GetProcAddress
lstrlenW
GetModuleFileNameW
WideCharToMultiByte
GetCurrentProcess
WriteConsoleW
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryW
GetUserDefaultLCID
GetLocaleInfoA
InterlockedDecrement
FindResourceExW
GetLastError
TlsSetValue
CreateMutexW
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA

user32

UnregisterClassA
PostQuitMessage
EnableWindow
IsWindowVisible
GetCursor
MessageBoxW
SetActiveWindow
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallWindowProcW
UpdateLayeredWindow
LoadIconW
RegisterClassExW
GetClassInfoExW
DefWindowProcW
FindWindowW
ShowWindow
SetForegroundWindow
SendMessageW
LoadCursorW
SetCursor
GetMonitorInfoW
MonitorFromWindow
GetParent
GetWindow
KillTimer
SetTimer
ReleaseDC
GetDC
MapWindowPoints
GetClientRect
GetWindowRect
SetWindowLongW
GetWindowLongW
CreateWindowExW
PostMessageW
SetWindowPos

gdi32

CreateDIBSection
DeleteObject
CreateCompatibleDC
DeleteDC
SelectObject

advapi32

GetUserNameW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
OpenSCManagerW
RegDeleteValueW
RegSetValueExW
RegCloseKey
ConvertSidToStringSidW
AdjustTokenPrivileges
RegOpenKeyExW
RevertToSelf
RegOpenCurrentUser
ImpersonateLoggedOnUser
LookupPrivilegeValueW
LookupAccountNameW
RegQueryValueExW
RegCreateKeyExW
CloseServiceHandle
OpenProcessToken
StartServiceW
QueryServiceStatusEx
RegEnumKeyExW
OpenServiceW

shell32

SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
SHFileOperationW

ole32

CoCreateInstance
CoCreateGuid
IIDFromString
CoUninitialize
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
VariantClear

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

wlanapi

WlanOpenHandle
WlanQueryInterface
WlanConnect
WlanSetInterface
WlanScan
WlanFreeMemory
WlanCloseHandle
WlanGetProfileList
WlanGetNetworkBssList

setupapi

SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiChangeState

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpConnect

gdiplus

GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDrawImageRectRect
GdipDrawString
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipDeleteFontFamily
GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateFont
GdipDeleteFont
GdipCreateImageAttributes

winmm

timeGetTime

wldap32

ord46
ord301
ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord211
ord143
ord50
ord22
ord35
ord32
ord200

Sections

.text
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1928b8487cdca536e1f2016183b989f6

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ea:f8:87:7a:d1:66:d1:1a:c1:61:4a:a2:87:11:74:7b:6f:87:a7:c7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

ws2_32

iphlpapi

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wtsapi32

rpcrt4

wlanapi

setupapi

winhttp

gdiplus

winmm

wldap32

Sections

.text Size: 643KB - Virtual size: 643KB

.rdata Size: 119KB - Virtual size: 118KB

.data Size: 18KB - Virtual size: 30KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 201KB - Virtual size: 201KB

.reloc Size: 53KB - Virtual size: 53KB

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ea:f8:87:7a:d1:66:d1:1a:c1:61:4a:a2:87:11:74:7b:6f:87:a7:c7
Signer

.text
Size: 643KB - Virtual size: 643KB

.rdata
Size: 119KB - Virtual size: 118KB

.data
Size: 18KB - Virtual size: 30KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 201KB - Virtual size: 201KB

.reloc
Size: 53KB - Virtual size: 53KB