2024-07-10_dfa659f96f868115dddb124e802648c7_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-10_dfa659f96f868115dddb124e802648c7_mafia
Size

249KB
MD5

dfa659f96f868115dddb124e802648c7
SHA1

457055a9cbc4e0b7b68fa8616e4f7e6abe88e291
SHA256

069c0e74e88f4e7c95093b9f51200141b18a4d5a17481f2f6b6a12fd8a20e206
SHA512

4b12a3c406fc83f2f502c241cf371073fd69b62afbc7545231e0d71b935f8970726df39ada39c6cef0cb6e320f23f6403b6e43f1a3cc73b430315f3ae18fc6f7
SSDEEP

6144:sT5FZ+c/R27Wh11NCBDAUHa3vwpdjoqkz+CVC55cA4XQl:sPZ+Yh/NSM73vwpdcqkaqC5Oel

Score

1^/10

Malware Config

Signatures

Files

2024-07-10_dfa659f96f868115dddb124e802648c7_mafia
.exe windows:5 windows x86 arch:x86

c1cae2682cf11801c7a878dd86ac0108

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:65:81:f7:27:3f:16:fc:61:76:e1:79:80:b3:94:2d:bc:c6:e2:6f
Signer

Actual PE Digest

76:65:81:f7:27:3f:16:fc:61:76:e1:79:80:b3:94:2d:bc:c6:e2:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\clientci\workspace\spark_plugin_master\spark_plugin\build\Release\PopTips.pdb

Imports

kernel32

GetLocalTime
GetModuleFileNameA
GetCurrentThreadId
OutputDebugStringA
WriteFile
ReadFile
CreateFileW
GetLastError
SetNamedPipeHandleState
CloseHandle
WaitForSingleObject
SetEvent
SetThreadPriority
CreateEventW
CreateThread
GetCommandLineW
LocalFree
CreateMutexW
GetCurrentProcess
OutputDebugStringW
FlushInstructionCache
RaiseException
SetLastError
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
GetModuleHandleExW
GetTickCount
Thread32First
Sleep
Thread32Next
OpenThread
CreateToolhelp32Snapshot
GetCurrentProcessId
lstrcmpW
GetProcessHeap
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
GetStringTypeW
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
CreateFileA
InterlockedExchange
WideCharToMultiByte
HeapReAlloc
SetFilePointer
LoadLibraryW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
ExitProcess
HeapSize
GetProcAddress
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
InterlockedCompareExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
RtlUnwind
GetModuleFileNameW
GetStdHandle
GetFileType
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
GetSystemTimeAsFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
HeapFree
InitializeCriticalSection

user32

GetClientRect
OffsetRect
GetClassNameW
FindWindowExW
GetWindow
DestroyWindow
SetTimer
PostQuitMessage
PostMessageW
KillTimer
SetForegroundWindow
GetParent
AttachThreadInput
CallNextHookEx
PtInRect
SetPropW
GetForegroundWindow
GetWindowLongW
SystemParametersInfoW
GetDlgItem
SetWindowPos
GetCursorPos
GetLastInputInfo
SetLayeredWindowAttributes
ShowWindow
IsWindow
SetWindowsHookExW
UnhookWindowsHookEx
IsWindowVisible
SendMessageW
UpdateWindow
SetWindowTextW
GetPropW
CallWindowProcW
DefWindowProcW
wvsprintfW
LoadImageW
LoadCursorW
GetClassInfoExW
RegisterClassExW
SetWindowLongW
CreateWindowExW
GetMessageW
WindowFromPoint
TranslateMessage
GetDesktopWindow
GetSystemMetrics
GetWindowThreadProcessId
GetShellWindow
DispatchMessageW
GetWindowRect
UnregisterClassA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

CommandLineToArgvW

ole32

StgCreateDocfile
OleInitialize
OleCreate

oleaut32

SysStringByteLen
VariantInit
SysAllocStringByteLen
VariantClear
SysAllocString
SysFreeString

comctl32

_TrackMouseEvent

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1cae2682cf11801c7a878dd86ac0108

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

76:65:81:f7:27:3f:16:fc:61:76:e1:79:80:b3:94:2d:bc:c6:e2:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 185KB - Virtual size: 184KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 10KB - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 972B

.reloc Size: 14KB - Virtual size: 14KB

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

76:65:81:f7:27:3f:16:fc:61:76:e1:79:80:b3:94:2d:bc:c6:e2:6f
Signer

.text
Size: 185KB - Virtual size: 184KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 10KB - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 14KB - Virtual size: 14KB