2024-07-03_b50db8650c18fa75670f7b4b4e0c6385_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-03_b50db8650c18fa75670f7b4b4e0c6385_mafia
Size

10.2MB
MD5

b50db8650c18fa75670f7b4b4e0c6385
SHA1

9416cfc30c042357542da667a07fd0f619f225aa
SHA256

9b511e467791536a121ebec9f28fae83d6635a63e26db4793cada871812b9105
SHA512

3359deb2e3044b38b5cb4c1ee1ae2ca4ba2ca685b70277b5cc30721286a7191e0931125d3e29823c2fb8ab8e8e122165d78cc45b78a7eae2e61c90828b840ede
SSDEEP

196608:KyEa4qmi4YP1pTqebZQbw3DOs7vsqozRNqPmzS3QlcSxCd/jU2:Kuh4SHTaVZRk+eQmbU2

Score

1^/10

Malware Config

Signatures

Files

2024-07-03_b50db8650c18fa75670f7b4b4e0c6385_mafia
.exe windows:5 windows x86 arch:x86

b4ac424806c0a0ec377be9f97969ac93

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:61:b6:12:a8:5d:2f:be:c8:45:82:38:27:79:44:fc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2014 00:00

Not After

22-12-2017 23:59

Subject

CN=福建创意嘉和软件有限公司,OU=运维中心,O=福建创意嘉和软件有限公司,L=福州,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:be:87:04:75:6e:98:9e:3d:a7:ed:49:a0:df:80:9e:b0:61:05:13
Signer

Actual PE Digest

4d:be:87:04:75:6e:98:9e:3d:a7:ed:49:a0:df:80:9e:b0:61:05:13

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
GetTimeZoneInformation
IsProcessorFeaturePresent
GetStringTypeW
GetLocaleInfoW
SetHandleCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CompareStringW
WriteConsoleW
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
CreateFileW
SetEnvironmentVariableA
CreateWaitableTimerA
HeapCreate
IsValidCodePage
IsDebuggerPresent
lstrcatA
WinExec
InterlockedCompareExchange
ResetEvent
OutputDebugStringA
SetFilePointerEx
MapViewOfFileEx
SwitchToThread
WaitForMultipleObjects
ReleaseSemaphore
CreateSemaphoreA
GetEnvironmentVariableA
GetProcessId
CreateMutexA
ReleaseMutex
OpenEventA
FindResourceExA
GetLocalTime
GetConsoleMode
GetConsoleCP
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapQueryInformation
HeapSize
GetFileType
SetStdHandle
CreateThread
ExitThread
RaiseException
RtlUnwind
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
GetDateFormatA
GetTimeFormatA
VirtualQuery
VirtualAlloc
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathA
GetProfileIntA
GetNumberFormatA
GetCurrentDirectoryA
GetACP
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
GetFileTime
GetFileSizeEx
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
SystemTimeToFileTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
InterlockedExchange
GetModuleHandleW
lstrcpyA
LocalAlloc
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime
FileTimeToSystemTime
SuspendThread
ResumeThread
SetThreadPriority
InterlockedIncrement
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
LoadLibraryW
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
ActivateActCtx
DeactivateActCtx
CreateFileA
lstrcmpiA
GetThreadLocale
lstrcmpA
SetLastError
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
SetEvent
CreateEventA
GetSystemInfo
GetCurrentProcess
SetPriorityClass
Sleep
MoveFileA
GetCurrentProcessId
WritePrivateProfileStringA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FindResourceA
GetFileAttributesA
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringA
GetModuleHandleA
GetPrivateProfileIntA
GetTempFileNameA
InitializeCriticalSection
DeleteCriticalSection
CompareStringA
SetCurrentDirectoryA
CreateProcessA
CreateDirectoryA
MoveFileExA
SetFileAttributesA
IsBadReadPtr
WideCharToMultiByte
GetTickCount
lstrlenA
CloseHandle
OpenProcess
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
MultiByteToWideChar
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
DeleteFileA
CopyFileA
GetModuleFileNameA
FindResourceW
LoadResource
LockResource
SizeofResource
SetWaitableTimer

user32

SetRect
IsRectEmpty
CopyAcceleratorTableA
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadImageA
DestroyIcon
SetCursor
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
IntersectRect
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CharNextA
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
SetWindowRgn
ScrollWindow
TrackPopupMenu
InvalidateRgn
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DestroyAcceleratorTable
WindowFromPoint
NotifyWinEvent
ScreenToClient
DeferWindowPos
GetAsyncKeyState
SetClassLongA
SendMessageA
LoadStringA
LoadMenuW
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
GetWindow
MapVirtualKeyA
GetKeyNameTextA
DestroyMenu
GetMenuItemInfoA
UnhookWindowsHookEx
CharUpperA
GetMenuState
SetCapture
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadCursorW
LoadCursorA
GetSysColorBrush
DrawFocusRect
GetNextDlgGroupItem
DrawIconEx
CopyImage
GetIconInfo
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
WaitMessage
MessageBeep
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
PostQuitMessage
OffsetRect
DrawIcon
GetSystemMetrics
IsIconic
ShowOwnedPopups
UnregisterClassA
RealChildWindowFromPoint
DeleteMenu
GetSystemMenu
SetParent
UnionRect
GetSubMenu
SetCaretPos
ChildWindowFromPointEx
RegisterClassExA
CopyRect
EqualRect
EnableWindow
GetSysColor
InvalidateRect
FillRect
DrawEdge
DrawTextA
GetKeyState
GetClientRect
GetWindowRect
IsWindowVisible
GetDesktopWindow
PostMessageA
SetTimer
KillTimer
SystemParametersInfoA
SetWindowPos
OpenClipboard
IsWindow
GetParent
RedrawWindow
SetForegroundWindow
ReleaseDC
GetDC
GetWindowLongA
InflateRect
LoadIconW
DrawStateA
DrawFrameControl
ToAsciiEx
GetKeyboardLayout
SetMenu
IsZoomed
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableA
SetCursorPos
LockWindowUpdate
GetWindowRgn
DestroyCursor
SubtractRect
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
CharUpperBuffA
CopyIcon
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
HideCaret
InvertRect
GetMenuDefaultItem
PostThreadMessageA
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
MapWindowPoints

gdi32

GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
GetBkColor
GetTextColor
CreateCompatibleBitmap
GetRgnBox
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
SetRectRgn
SetTextAlign
GetMapMode
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
OffsetRgn
RoundRect
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
LineTo
MoveToEx
IntersectClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
PatBlt
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateDCA
CopyMetaFileA
SelectObject
GetTextExtentPoint32A
GetObjectA
GetStockObject
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CombineRgn
ExcludeClipRect
CreateRectRgnIndirect

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegOpenKeyExA

shell32

ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA
SHGetFileInfoA
DragFinish
DragQueryFileA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHAppBarMessage
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

comctl32

ImageList_GetIconSize
InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW

ole32

OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CoUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoInitialize
CoCreateInstance
CoInitializeEx
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoFreeUnusedLibraries

oleaut32

VariantChangeType
SysAllocStringLen
OleCreateFontIndirect
SystemTimeToVariantTime
SysStringLen
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysFreeString
VarBstrFromDate
VarDateFromStr
VariantInit
VariantClear
VariantTimeToSystemTime
SysAllocString

oledlg

ord8

urlmon

URLDownloadToFileA

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipDrawImageI
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipFillPath
GdipCreatePathGradientFromPath
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipCreateHBITMAPFromBitmap
GdipSetPathGradientPresetBlend
GdipDeletePath
GdipCreatePath
GdipCloneBrush
GdipCreateFont
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipSetInterpolationMode
GdipSetClipRectI
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP

ws2_32

WSAStartup
WSACleanup
gethostbyname
WSASetLastError

dbghelp

MakeSureDirectoryPathExists

sensapi

IsNetworkAlive

wininet

InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetWriteFile
InternetCloseHandle
HttpEndRequestA
InternetReadFile
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetOpenA
HttpQueryInfoA

winmm

PlaySoundA

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

uxtheme

DrawThemeParentBackground

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 487KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4ac424806c0a0ec377be9f97969ac93

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

06:61:b6:12:a8:5d:2f:be:c8:45:82:38:27:79:44:fcCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4d:be:87:04:75:6e:98:9e:3d:a7:ed:49:a0:df:80:9e:b0:61:05:13Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

gdiplus

ws2_32

dbghelp

sensapi

wininet

winmm

oleacc

imm32

uxtheme

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 487KB - Virtual size: 487KB

.data Size: 49KB - Virtual size: 87KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 231KB - Virtual size: 230KB

.reloc Size: 266KB - Virtual size: 266KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

06:61:b6:12:a8:5d:2f:be:c8:45:82:38:27:79:44:fc
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4d:be:87:04:75:6e:98:9e:3d:a7:ed:49:a0:df:80:9e:b0:61:05:13
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 487KB - Virtual size: 487KB

.data
Size: 49KB - Virtual size: 87KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 231KB - Virtual size: 230KB

.reloc
Size: 266KB - Virtual size: 266KB