2024-08-29_d5f9ec48018aaf15e2c0cf5d12754e44_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-29_d5f9ec48018aaf15e2c0cf5d12754e44_mafia
Size

701KB
MD5

d5f9ec48018aaf15e2c0cf5d12754e44
SHA1

5346fb6160e6f432fbe334921a90754e7291e128
SHA256

0b5960ddfb290295513e5fdc66e652e4e8974fd2d64e7d6e59913107e17ea4a1
SHA512

780282ad0fd56930cd9bc678ada38a77f5a67da18d751ad82995f4efa91c7b0f346ed17b058938413e631dc607fd26ae841805c657dcebcb3445e734bd4e6685
SSDEEP

12288:uKTeQ1n20/t3R8BCGrBSAg0EnqYGuwQJjQJcNZxpVMCIqew7bkBo0J:u+rZ5R8BCGrBSAg0hFuZj5NZTVjINXP

Score

1^/10

Malware Config

Signatures

Files

2024-08-29_d5f9ec48018aaf15e2c0cf5d12754e44_mafia
.exe windows:5 windows x86 arch:x86

76077a978019c8000e106fd67e671078

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:6d:f8:a7
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2012, 01:00

Not After

08/08/2027, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:12:a6:ec:6e:37:15
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

07/10/2013, 19:58

Not After

11/10/2016, 04:39

Subject

CN=上海恺英网络科技有限公司,O=上海恺英网络科技有限公司,L=上海市,ST=上海市,C=CN,1.2.840.113549.1.9.1=#0c126e696e676279406b696e676e65742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

a2:cb:fd:e2:b5:76:f0:a1:34:36:fa:ac:6b:07:11:fa:4b:04:73:ed
Signer

Actual PE Digest

a2:cb:fd:e2:b5:76:f0:a1:34:36:fa:ac:6b:07:11:fa:4b:04:73:ed

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\bin\Release\RegHelper.pdb

Imports

kernel32

LoadResource
FindResourceW
FindResourceExW
TerminateThread
WaitForMultipleObjects
MultiByteToWideChar
Sleep
GetTickCount
InitializeCriticalSection
lstrlenW
WideCharToMultiByte
OutputDebugStringA
GetVolumeInformationW
GetComputerNameW
GetCurrentThread
LoadLibraryW
LoadLibraryExW
FreeLibrary
SetLastError
GetProcAddress
SetEnvironmentVariableW
GetEnvironmentVariableW
GetLastError
OutputDebugStringW
lstrlenA
CreateFileW
GetModuleHandleW
GetFileSize
SetFilePointer
WriteFile
FlushFileBuffers
GetModuleFileNameW
GetTempPathW
GetLocalTime
CreateDirectoryW
CopyFileW
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
ReadFile
GlobalFree
LocalFree
CreateMutexW
AllocConsole
GetCommandLineW
GetCurrentProcessId
GetCurrentProcess
IsBadReadPtr
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LockResource
VirtualAlloc
SuspendThread
SetThreadContext
GetThreadContext
FlushInstructionCache
SizeofResource
VirtualProtect
VirtualQuery
InterlockedCompareExchange
LoadLibraryA
LCMapStringA
GetStringTypeExA
SetEnvironmentVariableA
CompareStringW
CreateThread
InterlockedExchangeAdd
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
CreateFileA
SetEndOfFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
WriteConsoleW
InterlockedExchange
DeleteFileA
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetModuleHandleA
GetModuleFileNameA
CreateDirectoryA
IsBadCodePtr
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetStartupInfoW
RtlUnwind
GetTimeFormatA
GetDateFormatA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetStringTypeW
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
GetStdHandle
GetLocaleInfoW
TlsAlloc
WaitForSingleObject
ResumeThread
ExitProcess
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
HeapSetInformation

user32

EndPaint
PostMessageW
DestroyWindow
GetWindowLongW
SendNotifyMessageW
LoadStringA
MessageBoxW
BeginPaint
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
PostQuitMessage
KillTimer
DefWindowProcW
SetWindowLongW
CreateWindowExW
RegisterClassExW
SetTimer

advapi32

RegCreateKeyW
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetCurrentHwProfileW

shell32

CommandLineToArgvW

ole32

OleRun
CoInitialize
CoUninitialize
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoCreateInstance

oleaut32

GetErrorInfo
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
SysStringLen
SafeArrayPutElement
SafeArrayDestroy
SafeArrayCreateVector
VariantChangeType
VariantClear

shlwapi

PathRemoveFileSpecW
StrCmpIW
PathFileExistsW

wininet

InternetCloseHandle
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW
InternetSetCookieW
HttpOpenRequestW

urlmon

ObtainUserAgentString

zlib1

inflateInit2_
inflate
inflateEnd

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

version

GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA

winhttp

WinHttpOpen
WinHttpConnect
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpSetTimeouts

Exports

Exports

CFArrayAppendValue
CFArrayCreate
CFArrayCreateMutable
CFArrayCreateMutableCopy
CFArrayGetCount
CFArrayGetTypeID
CFArrayGetValueAtIndex
CFArrayInsertValueAtIndex
CFArrayRemoveValueAtIndex
CFArraySetValueAtIndex
CFBooleanGetTypeID
CFBooleanGetValue
CFDataCreate
CFDataCreateMutableCopy
CFDataGetBytePtr
CFDataGetLength
CFDataGetMutableBytePtr
CFDataGetTypeID
CFDateCreate
CFDateGetAbsoluteTime
CFDateGetTypeID
CFDictionaryAddValue
CFDictionaryCreate
CFDictionaryCreateMutable
CFDictionaryCreateMutableCopy
CFDictionaryGetCount
CFDictionaryGetKeysAndValues
CFDictionaryGetTypeID
CFDictionaryGetValue
CFDictionaryRemoveValue
CFDictionarySetValue
CFGetTypeID
CFNumberCreate
CFNumberGetType
CFNumberGetTypeID
CFNumberGetValue
CFPropertyListCreateData
CFPropertyListCreateFromStream
CFPropertyListCreateFromXMLData
CFPropertyListCreateXMLData
CFPropertyListWriteToStream
CFReadStreamClose
CFReadStreamCreateWithBytesNoCopy
CFReadStreamOpen
CFRelease
CFSetGetTypeID
CFStringCreateCopy
CFStringCreateMutableCopy
CFStringCreateWithCString
CFStringCreateWithCharacters
CFStringGetCString
CFStringGetLength
CFStringGetTypeID
CFTimeZoneGetTypeID
CFURLCreateDataAndPropertiesFromResource
CFURLCreateWithFileSystemPath
CFURLWriteDataAndPropertiesToResource
CFUUIDGetTypeID
CFWriteStreamClose
CFWriteStreamCopyProperty
CFWriteStreamCreateWithAllocatedBuffers
CFWriteStreamOpen
Init
__CFStringMakeConstantString
kCFAllocatorNull
kCFBooleanFalse
kCFBooleanTrue
kCFNumberNegativeInfinity
kCFNumberPositiveInfinity
p_free
plist_array_append_item
plist_array_get_item
plist_array_get_size
plist_array_insert_item
plist_array_remove_item
plist_array_set_item
plist_copy
plist_dict_free_iter
plist_dict_get_item
plist_dict_get_size
plist_dict_insert_item
plist_dict_new_iter
plist_dict_next_item
plist_dict_remove_item
plist_dict_set_item
plist_free
plist_from_bin
plist_from_xml
plist_get_bool_val
plist_get_data_val
plist_get_date_val
plist_get_node_type
plist_get_real_val
plist_get_string_val
plist_get_uint_val
plist_new_array
plist_new_bool
plist_new_data
plist_new_date
plist_new_dict
plist_new_real
plist_new_string
plist_new_uint
plist_to_bin
plist_to_xml

Sections

.text
Size: 445KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76077a978019c8000e106fd67e671078

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

19:6d:f8:a7Certificate

Key Usages

15:12:a6:ec:6e:37:15Certificate

Extended Key Usages

Key Usages

a2:cb:fd:e2:b5:76:f0:a1:34:36:fa:ac:6b:07:11:fa:4b:04:73:edSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

urlmon

zlib1

iphlpapi

version

winhttp

Exports

Exports

Sections

.text Size: 445KB - Virtual size: 445KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 10KB - Virtual size: 23KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 33KB - Virtual size: 32KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

19:6d:f8:a7
Certificate

15:12:a6:ec:6e:37:15
Certificate

a2:cb:fd:e2:b5:76:f0:a1:34:36:fa:ac:6b:07:11:fa:4b:04:73:ed
Signer

.text
Size: 445KB - Virtual size: 445KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 10KB - Virtual size: 23KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 33KB - Virtual size: 32KB