2024-07-11_e9fe1317448f9a1829cde2f285093f27_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-11_e9fe1317448f9a1829cde2f285093f27_mafia
Size

3.7MB
MD5

e9fe1317448f9a1829cde2f285093f27
SHA1

9a175b22dbdf01d6f43935ad29292c21efe7dd85
SHA256

19e2cb20bc18f8605f9d8c496a0869761d65eea8db5a912acbfa3b1a63ee4ac1
SHA512

05a53c0293369ad88f0d7f3a0a5c47a04aed0b4751d1e22b670a0cd5558c01bfc638655630dddaa29d56a25199cfc1ee7450274fdbb79528dd15516a5fa869e9
SSDEEP

49152:iwyqTlss4m7Jp/2SVDKIDxH8zwcjj1IHTnlYW5Gf/3oRIUJuNEKqq1wBiJhZ7MQE:iw2cJpjVDK6xH8ccjeY1b9zfYIiz

Score

1^/10

Malware Config

Signatures

Files

2024-07-11_e9fe1317448f9a1829cde2f285093f27_mafia
.exe windows:5 windows x86 arch:x86

cf335f0d9d8edfcdc955eb8b2e948cf6

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/04/2012, 00:00

Not After

24/04/2015, 23:59

Subject

CN=Baidu Online Network Technology (Beijing)Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing)Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:c8:f3:84:6c:8c:ef:bf:aa:64:d3:77:7c:3a:3a:b1:b1:ed:c5:aa
Signer

Actual PE Digest

53:c8:f3:84:6c:8c:ef:bf:aa:64:d3:77:7c:3a:3a:b1:b1:ed:c5:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\nsis2\src\build\urelease\stub_zlib\stub_zlib.pdb

Imports

kernel32

SetEndOfFile
SetFilePointer
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameW
GetProcAddress
TerminateProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
UnregisterWaitEx
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringW
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
RegisterWaitForSingleObject
GetEnvironmentVariableW
CreateEventW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetSystemDirectoryW
GetSystemTimeAsFileTime
InterlockedExchange
OpenProcess
lstrcpyW
LoadLibraryA
GetVersionExW
GetVersion
lstrcpyA
SetFileTime
lstrcmpA
lstrcmpW
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
HeapSize
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetLocaleInfoW
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FatalAppExitA
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
VirtualQuery
HeapDestroy
HeapCreate
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThread
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
DecodePointer
TlsSetValue
IsValidLocale
TlsGetValue
TlsAlloc
EncodePointer
GetStartupInfoW
HeapSetInformation
RtlUnwind
RaiseException
ExitThread
CloseHandle
MulDiv
lstrcmpiW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetExitCodeProcess
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
SetDllDirectoryW
LoadLibraryW
GetModuleHandleW
GetCurrentProcess
VirtualAlloc
VirtualFree
WideCharToMultiByte
lstrlenA
WriteFile
MultiByteToWideChar
FindClose
FindNextFileW
FindFirstFileW
EnumSystemLocalesA
DeleteFileW
WaitForSingleObject
GetFileSize
RemoveDirectoryW
ReadFile

user32

PeekMessageW
DispatchMessageW
wvsprintfW
CharPrevW
CharUpperW
wsprintfA
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
EndPaint
DrawTextW
FillRect
GetClientRect
BeginPaint
DefWindowProcW
SendMessageW
InvalidateRect
EnableWindow
CharNextA
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetDC
LoadImageW
SetWindowLongW
GetDlgItem
GetClassInfoW
DialogBoxParamW
SetWindowPos
DestroyWindow
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
CreateDialogParamW
EndDialog
GetSystemMetrics
AppendMenuW
GetWindowRect
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadBitmapW
IsWindowVisible
CallWindowProcW
GetMessagePos
ScreenToClient
IsDlgButtonChecked
GetAsyncKeyState
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
ExitWindowsEx
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
CreatePopupMenu

gdi32

SetTextColor
SetBkMode
CreateFontIndirectW
DeleteObject
CreateBrushIndirect
GetDeviceCaps
SelectObject
SetBkColor

shell32

SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation
SHBrowseForFolderW

advapi32

RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ord17

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleInformation

dnsapi

DnsFree
DnsQuery_A

ws2_32

inet_addr
htonl
inet_ntoa

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo

Sections

.text
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data
.idata
.rdata
.reloc
.text
CERTIFICATE
[0]

Sharing

General

Malware Config

Signatures

Files

cf335f0d9d8edfcdc955eb8b2e948cf6

Code Sign

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

53:c8:f3:84:6c:8c:ef:bf:aa:64:d3:77:7c:3a:3a:b1:b1:ed:c5:aaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

psapi

dnsapi

ws2_32

iphlpapi

Sections

.text Size: 295KB - Virtual size: 294KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 10KB - Virtual size: 2.9MB

.idata Size: 9KB - Virtual size: 8KB

.ndata Size: - Virtual size: 1.2MB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 22KB - Virtual size: 21KB

3b:db:19:94:b9:8b:bb:19:ab:55:a4:23:37:fa:4f:5c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

53:c8:f3:84:6c:8c:ef:bf:aa:64:d3:77:7c:3a:3a:b1:b1:ed:c5:aa
Signer

.text
Size: 295KB - Virtual size: 294KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 10KB - Virtual size: 2.9MB

.idata
Size: 9KB - Virtual size: 8KB

.ndata
Size: - Virtual size: 1.2MB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 22KB - Virtual size: 21KB