2024-10-17_7d6492d21292d4c418b8f37ae13d5a1c_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-17_7d6492d21292d4c418b8f37ae13d5a1c_mafia
Size

929KB
MD5

7d6492d21292d4c418b8f37ae13d5a1c
SHA1

ae1475471f5ed4c4e0977ffbb079ec57e85c2bc7
SHA256

88aa115aa2988ca1e8b72aa96bb96d0e31efed74db6e584ef923175b7d40407c
SHA512

6904e8a770749e56629cdb3a1354a27b60e055faf86f406807ca41387dce21b2031a80d922d435f8e8d31cd200b382e1313de2dd4ff68d0106eb7b02b8b61829
SSDEEP

12288:n+pnNd1QwQx+5E/RhW49WnLqA9mNcTIkVgHTY7OWo3p/K1V68QqSG48aBD2drY8K:QVQ5LWyuKSFViZ53pcs8ZHaBD2drv2r

Score

1^/10

Malware Config

Signatures

Files

2024-10-17_7d6492d21292d4c418b8f37ae13d5a1c_mafia
.exe windows:5 windows x86 arch:x86

b2635644dcc498da9c290bd856fce5d2

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:b6:f5:65:ed:70:52:f8:a3:93:6b:7d:48:c8:20:56
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/02/2015, 00:00

Not After

09/02/2016, 23:59

Subject

CN=ShenZhen Enode Techology co\,.Ltd,OU=Security,O=ShenZhen Enode Techology co\,.Ltd,L=ShenZhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:ee:26:b0:f8:d5:ce:78:46:1e:ed:c1:79:fa:f1:77:52:a6:68:1b
Signer

Actual PE Digest

bb:ee:26:b0:f8:d5:ce:78:46:1e:ed:c1:79:fa:f1:77:52:a6:68:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\ci\workspace\catchyoutube_update\update\output\Release\CatchYouTubeUpdate.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAGetLastError
getaddrinfo
getnameinfo
WSAStartup
gethostname
freeaddrinfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

imm32

ImmDisableIME

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

psapi

EnumProcesses
EnumProcessModules
GetModuleInformation
GetModuleFileNameExW

datareport

ord4
ord3

kernel32

WaitForSingleObject
TerminateProcess
FlushInstructionCache
GetCurrentProcess
SetLastError
Sleep
TerminateThread
ResetEvent
SetEvent
SetThreadPriority
WaitForMultipleObjects
CreateEventW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetVersionExW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
GetTempPathW
ReleaseMutex
lstrcpyW
InitializeCriticalSection
GetFullPathNameW
SetCurrentDirectoryW
CreateMutexW
OutputDebugStringW
GetSystemTime
GetCommandLineW
FreeConsole
GetConsoleScreenBufferInfo
GetStdHandle
AllocConsole
WriteConsoleW
SetConsoleTextAttribute
GetCurrentProcessId
GetPrivateProfileIntW
SetProcessAffinityMask
lstrcmpiW
LoadLibraryExW
OpenFileMappingW
VirtualQuery
CreateProcessW
ExitProcess
OpenEventW
HeapAlloc
GetProcessHeap
HeapFree
OpenMutexW
GetExitCodeProcess
WTSGetActiveConsoleSessionId
InterlockedCompareExchange
OpenProcess
CopyFileW
EnterCriticalSection
GetVolumeInformationA
RemoveDirectoryW
GetFileAttributesExW
GlobalFree
GlobalAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrlenA
VirtualProtect
IsWow64Process
HeapCreate
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
ProcessIdToSessionId
InterlockedExchange
GetFileSizeEx
ReadProcessMemory
VirtualQueryEx
QueueUserWorkItem
InterlockedExchangeAdd
GetSystemTimeAsFileTime
InterlockedIncrement
QueryPerformanceCounter
SetFilePointerEx
SetFileValidData
GetModuleFileNameA
GetModuleHandleA
ExpandEnvironmentStringsW
CreateFileA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetTempFileNameW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
InterlockedPopEntrySList
EncodePointer
GetModuleHandleW
GetModuleFileNameW
DeviceIoControl
InterlockedDecrement
lstrlenW
DeleteCriticalSection
DecodePointer
RtlUnwind
InitializeCriticalSectionAndSpinCount
LocalFree
FormatMessageW
DeleteFileW
FreeLibrary
SetEndOfFile
GetLastError
TlsFree
DosDateTimeToFileTime
SetFileAttributesW
TlsSetValue
TlsGetValue
GetCurrentThreadId
GetConsoleCP
GetConsoleMode
ExitThread
CreateThread
GetTimeFormatW
GetDateFormatW
ResumeThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetFileType
TlsAlloc
GetTickCount
UnmapViewOfFile
GetLocalTime
CreateFileMappingW
MapViewOfFile
GetFileSize
WriteFile
SetFileTime
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
WideCharToMultiByte
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileW
SetFilePointer
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSize
FlushFileBuffers
GetACP
GetOEMCP
QueryPerformanceFrequency
LeaveCriticalSection
IsValidCodePage
SetStdHandle
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
CompareStringW
SetEnvironmentVariableA
HeapReAlloc
HeapDestroy

user32

GetCursorPos
TrackPopupMenu
DestroyMenu
SetFocus
RegisterWindowMessageW
InsertMenuW
CreatePopupMenu
GetAsyncKeyState
LoadIconW
MessageBoxW
CallWindowProcW
GetWindowLongW
LoadCursorW
GetClassInfoExW
SetWindowLongW
AllowSetForegroundWindow
DialogBoxParamW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassExW
ShowWindow
SetTimer
DestroyWindow
SetWindowTextW
LoadImageW
DefWindowProcW
KillTimer
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
SetForegroundWindow
SetActiveWindow
IsIconic
SendMessageW
IsWindow
DestroyIcon
PostMessageW
GetDesktopWindow
wsprintfW
CharNextW
UnregisterClassA
CreateWindowExW

gdi32

GetStockObject

advapi32

GetExplicitEntriesFromAclW
LookupAccountSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
GetUserNameW
GetTokenInformation
RegQueryValueExA
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
RegOpenKeyExA
RegEnumKeyExA
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetTokenInformation
RevertToSelf
StartServiceCtrlDispatcherW
CreateProcessAsUserW
DuplicateTokenEx
QueryServiceStatusEx
CryptReleaseContext
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetServiceStatus
SetServiceObjectSecurity
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
RegOpenKeyW
DeleteService
ControlService
ChangeServiceConfig2W
CreateServiceW
RegCreateKeyW
RegisterServiceCtrlHandlerExW
RegQueryInfoKeyW

shell32

Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
ord165
SHFileOperationW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoCreateInstance
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CLSIDFromProgID
CoTaskMemRealloc

oleaut32

SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
VariantClear
VarUI4FromStr
VarBstrCmp
SysAllocString
VariantInit
SysFreeString

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
SHSetValueW
SHGetValueW
PathIsDirectoryW
PathFindExtensionW
PathGetDriveNumberW
PathStripPathW
PathRemoveExtensionW
PathCombineW

iphlpapi

GetIpForwardTable
GetAdaptersAddresses
GetAdaptersInfo

rpcrt4

RpcStringFreeW
UuidToStringW

wininet

InternetErrorDlg
HttpEndRequestW
HttpQueryInfoW
InternetGetLastResponseInfoW
InternetReadFileExA
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetSetStatusCallbackW
InternetOpenW
InternetSetOptionW
InternetQueryOptionW
InternetCloseHandle
HttpSendRequestExA
InternetWriteFile

Exports

Exports

?ClearService@Com@Util@@YGJXZ
?CreateObjectByIID@Com@Util@@YGJABU_GUID@@PAPAX@Z
?GetService@Com@Util@@YGJABU_GUID@@PAPAX@Z
?RegObject@Com@Util@@YGJABU_GUID@@0PA_W1@Z
?RegService@Com@Util@@YGJABU_GUID@@0PA_W1@Z
?ResetPath@Com@Util@@YGJPA_W@Z
?XNetDownloadFile@@YAPAXPAXPAVIXNetDownloadStatusCallback@@PB_W2W4XnetMethodType@@22@Z
?XNetHttpRequest@@YAPAXPAXP6AX0H0KPB_W@Z1W4XnetMethodType@@11K@Z
?XNetInit@@YAHXZ
?XNetStop@@YAHPAX@Z
?XNetUninit@@YAHXZ
GetLogController

Sections

.text
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2635644dcc498da9c290bd856fce5d2

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

33:b6:f5:65:ed:70:52:f8:a3:93:6b:7d:48:c8:20:56Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

bb:ee:26:b0:f8:d5:ce:78:46:1e:ed:c1:79:fa:f1:77:52:a6:68:1bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

userenv

imm32

wtsapi32

psapi

datareport

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

rpcrt4

wininet

Exports

Exports

Sections

.text Size: 634KB - Virtual size: 634KB

.rdata Size: 162KB - Virtual size: 162KB

.data Size: 17KB - Virtual size: 30KB

.rsrc Size: 59KB - Virtual size: 58KB

.reloc Size: 48KB - Virtual size: 47KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

33:b6:f5:65:ed:70:52:f8:a3:93:6b:7d:48:c8:20:56
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

bb:ee:26:b0:f8:d5:ce:78:46:1e:ed:c1:79:fa:f1:77:52:a6:68:1b
Signer

.text
Size: 634KB - Virtual size: 634KB

.rdata
Size: 162KB - Virtual size: 162KB

.data
Size: 17KB - Virtual size: 30KB

.rsrc
Size: 59KB - Virtual size: 58KB

.reloc
Size: 48KB - Virtual size: 47KB