2024-09-15_f3aa5802334003b1d064aa0098a00889_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-15_f3aa5802334003b1d064aa0098a00889_mafia
Size

595KB
MD5

f3aa5802334003b1d064aa0098a00889
SHA1

642012dbb4ca110891da6e30058938c9c0d0b967
SHA256

3d34822f88a90d2da09cbaa37f9a6841b316da0bee8c51e4e9070a29ff9264cf
SHA512

0be416c1390324aa786489fac922a318c6e25d59a8e740f2b628fb87f13b890510508fbb798a73d9764b4f5e4452c96b9e6914ace8e5f13e2aaf2682cc6c44b6
SSDEEP

12288:nq8lTtomx/So2fp1yVg38j5LNIJZnH6AanbPGnknJ8YwdTS8ooxZhxKGLR+F:nq8SoBV3LNIJAAObPGn2J8BS8dwGcF

Score

1^/10

Malware Config

Signatures

Files

2024-09-15_f3aa5802334003b1d064aa0098a00889_mafia
.exe windows:5 windows x86 arch:x86

86f6797b502ee67b68493694f255c769

Code Sign

3a:6b:9b:1f:59:b7:db:d5:0b:ef:d1:25:9b:b8:26:4e
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

20-03-2015 05:26

Not After

20-03-2016 06:26

Subject

CN=北京知行锐景科技有限公司,O=北京知行锐景科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-11-2014 00:58

Not After

08-11-2029 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01-03-2011 01:00

Not After

01-03-2016 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17-09-2006 19:46

Not After

17-09-2036 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

bc:74:9e:49:7d:e8:5a:5d:26:1c:e6:0d:b7:10:57:c8:30:8e:e2:4d
Signer

Actual PE Digest

bc:74:9e:49:7d:e8:5a:5d:26:1c:e6:0d:b7:10:57:c8:30:8e:e2:4d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameA
CreateThread
DeleteFileW
CreateDirectoryA
Sleep
WaitForSingleObject
GetNativeSystemInfo
LoadLibraryExW
SetEvent
CreateEventW
GetSystemInfo
GetCommandLineW
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetHandleCount
WinExec
GetCurrentDirectoryW
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
HeapCreate
LCMapStringW
GetCPInfo
GetStartupInfoW
HeapSetInformation
ExitProcess
RtlUnwind
DecodePointer
EncodePointer
InitializeCriticalSection
InterlockedExchange
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetLocaleInfoW
SetFileTime
GetFileAttributesW
CreateDirectoryW
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
CreateFileW
SetFilePointer
GetVersionExW
FreeResource
LoadLibraryW
GetProcAddress
FreeLibrary
GlobalFree
GetTickCount
CreateFileA
WriteFile
CloseHandle
GetModuleHandleW
GlobalAlloc
lstrcmpiW
GlobalLock
GlobalUnlock
SetLastError
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
lstrlenW
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
IsValidCodePage

user32

OffsetRect
SetForegroundWindow
UpdateLayeredWindow
GetDoubleClickTime
ClipCursor
GetSystemMetrics
EqualRect
CallWindowProcW
SetWindowLongW
GetWindowLongW
SendMessageW
DefWindowProcW
CharNextW
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
wsprintfW
InflateRect
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
LoadImageW
IsZoomed
SetWindowRgn
GetWindowRect
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
GetSysColor
SetCursor
KillTimer
SetTimer
MessageBoxW
mouse_event
IsChild
GetParent
GetDlgItem
GetClassNameW
ReleaseCapture
FillRect
DestroyWindow
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
GetWindow
GetFocus
SetFocus
IsWindow
GetClassInfoExW
LoadCursorW
UnregisterClassA
RegisterClassExW
CreateWindowExW
CreateAcceleratorTableW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
PtInRect
SetRectEmpty
IsRectEmpty
GetCursorPos
PostMessageW
EnableWindow
CopyRect
IntersectRect
ShowWindow
IsWindowVisible
SetCursorPos
FindWindowW
PeekMessageW

gdi32

CreateFontW
SelectClipRgn
GetViewportOrgEx
ExtSelectClipRgn
PatBlt
CreateRectRgnIndirect
CreateRectRgn
SetStretchBltMode
CreateDCW
GetClipRgn
CreateDIBSection
GetObjectA
GetDIBits
StretchBlt
CombineRgn
SetBkColor
SetTextColor
ExtTextOutW
DeleteObject
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
SetViewportOrgEx
GetStockObject

advapi32

RegDeleteKeyW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteA
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFolderPathW

ole32

StringFromGUID2
OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoUninitialize
RegisterDragDrop
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
DispCallFunc
SysAllocString
SysStringLen

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecA
StrCpyW
SHSetValueW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

urlmon

URLDownloadToFileA
URLDownloadToFileW

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipDisposeImage
GdipFree
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipDeleteBrush

winmm

timeKillEvent
timeEndPeriod
timeSetEvent
timeBeginPeriod

wininet

HttpQueryInfoA
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA

psapi

GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 353KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86f6797b502ee67b68493694f255c769

Code Sign

3a:6b:9b:1f:59:b7:db:d5:0b:ef:d1:25:9b:b8:26:4eCertificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

01Certificate

Key Usages

bc:74:9e:49:7d:e8:5a:5d:26:1c:e6:0d:b7:10:57:c8:30:8e:e2:4dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

urlmon

gdiplus

winmm

wininet

psapi

iphlpapi

Sections

.text Size: 353KB - Virtual size: 353KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 13KB - Virtual size: 29KB

.rsrc Size: 130KB - Virtual size: 130KB

.reloc Size: 29KB - Virtual size: 29KB

3a:6b:9b:1f:59:b7:db:d5:0b:ef:d1:25:9b:b8:26:4e
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

3d
Certificate

01
Certificate

bc:74:9e:49:7d:e8:5a:5d:26:1c:e6:0d:b7:10:57:c8:30:8e:e2:4d
Signer

.text
Size: 353KB - Virtual size: 353KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 13KB - Virtual size: 29KB

.rsrc
Size: 130KB - Virtual size: 130KB

.reloc
Size: 29KB - Virtual size: 29KB