2024-11-13_734f891ab9d3387e9028e559865e6f6f_mafia_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-13_734f891ab9d3387e9028e559865e6f6f_mafia_revil
Size

2.7MB
MD5

734f891ab9d3387e9028e559865e6f6f
SHA1

d5b5ab2203fbe2895bad9043b522bf4071d8edfb
SHA256

272690d5fc3dc3efe848082a8dd072c4ce3f45f65e28e5241d7653d5b047f21d
SHA512

35aee8dadb489e1349b3f581c22a3d4192c0853fb7cd096d7cf6d0f2e437d097d734e6ef358dade9a9bb0b362cdf630b545bef2726db4902006a25b28b8f5351
SSDEEP

49152:e7tbpyG8BVE1lIlgFshDAhKxmU/bfbI+N5vcoPp/Av9fgu36I/mUSNFnFWye5Hjh:e7LwE1lIlTDcK08I85v7ruHmUiFC

Score

1^/10

Malware Config

Signatures

Files

2024-11-13_734f891ab9d3387e9028e559865e6f6f_mafia_revil
.exe windows:5 windows x86 arch:x86

d0e0ea0d759beaf789db6a3af9913b81

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:1f:f3:57:67:c8:62:61:b9:f2:9e:94:1d:97:6b:09
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29-12-2021 00:00

Not After

02-01-2025 23:59

Subject

CN=广州多益网络股份有限公司,O=广州多益网络股份有限公司,L=广州市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a3:f6:3c:e4:1e:66:60:22:63:34:95:7b:bd:81:f9:2f:41:7d:f0:1d:b6:65:00:d5:7e:70:12:b8:24:7a:c8:52
Signer

Actual PE Digest

a3:f6:3c:e4:1e:66:60:22:63:34:95:7b:bd:81:f9:2f:41:7d:f0:1d:b6:65:00:d5:7e:70:12:b8:24:7a:c8:52

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\zhanmeng_pc\zmpc_win_miniinstall\svn_dir\Release\GameInstall.pdb

Imports

kernel32

MoveFileExW
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
WriteConsoleW
GetStdHandle
OutputDebugStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
TerminateThread
GetExitCodeThread
SetFilePointerEx
FlushFileBuffers
SetEndOfFile
FreeLibrary
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
QueryPerformanceFrequency
CreateEventW
SetConsoleMode
ReadConsoleInputA
GetCurrentProcessId
WaitForSingleObject
DeleteFileW
GetSystemTime
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
GetFullPathNameA
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
GetVersionExA
FindResourceW
PeekNamedPipe
FormatMessageA
GetSystemDirectoryA
WritePrivateProfileStringW
SleepEx
GetDiskFreeSpaceExW
CompareStringW
CreateFileA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
HeapCreate
SetHandleCount
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
GetDateFormatW
GetTimeFormatW
GetTimeZoneInformation
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
CreateThread
ExitThread
LocalFree
DecodePointer
EncodePointer
InterlockedExchange
WaitForMultipleObjects
TerminateProcess
OpenProcess
CreateProcessW
GetDriveTypeW
SizeofResource
LockResource
LoadResource
GetPrivateProfileStringW
CloseHandle
ReleaseMutex
QueryPerformanceCounter
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
VerifyVersionInfoW
VerSetConditionMask
GetLocalTime
MulDiv
InterlockedIncrement
InterlockedDecrement
DuplicateHandle
GetFileType
WideCharToMultiByte
WriteFile
SystemTimeToFileTime
SetFilePointer
DosDateTimeToFileTime
ReadFile
GetFileSize
CreateFileW
GetACP
GetProcAddress
GetCurrentDirectoryW
LoadLibraryW
ExitProcess
FreeResource
GetModuleHandleW
FindNextFileW
GetCurrentThreadId
GetModuleFileNameW
FindClose
FindFirstFileW
GetCurrentProcess
GetVersionExW
GetSystemInfo
CreateDirectoryW
MultiByteToWideChar
GetTickCount
SetEnvironmentVariableA
Sleep
LoadLibraryA
GetLogicalDriveStringsW
GetLastError
CreateMutexW
ExpandEnvironmentStringsA

user32

GetWindowRect
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
ShowWindow
SetTimer
IsWindow
IsZoomed
KillTimer
SetWindowPos
GetSystemMenu
PostQuitMessage
GetWindowLongW
DefWindowProcW
wsprintfW
RegisterClassW
CreateWindowExW
UnregisterClassW
SetWindowLongW
DestroyWindow
IsIconic
GetMonitorInfoW
MonitorFromWindow
GetMessageW
TranslateAcceleratorW
TranslateMessage
EnableMenuItem
DispatchMessageW
PostMessageW
ScreenToClient
GetClientRect
SetWindowRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
InvertRect
InvalidateRgn
CreateAcceleratorTableW
SetScrollRange
CreateCaret
MessageBoxW
GetWindow
EnableWindow
SetFocus
ClientToScreen
GetSysColor
RegisterWindowMessageW
LoadImageW
GetSystemMetrics
SendMessageW
HideCaret
ShowCaret
LoadCursorW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
GetKeyState
ReleaseDC
GetDC
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
UpdateLayeredWindow
InvalidateRect
MapWindowPoints
GetCursorPos
GetFocus
SetCapture
ReleaseCapture
SetCaretPos
MoveWindow
CharPrevW
SetRect
FillRect
DrawTextW
CharNextW
IntersectRect
SetCursor
InflateRect
OffsetRect
GetParent
PtInRect

gdi32

TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
RoundRect
LineTo
MoveToEx
CreatePenIndirect
CreateSolidBrush
ExtTextOutW
SetStretchBltMode
SetBkMode
SetBkColor
SetTextColor
StretchBlt
CreateDIBSection
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
GetObjectA
GetTextMetricsW
SetWindowOrgEx
Rectangle
BitBlt
RestoreDC
SaveDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
DeleteObject
CreateRoundRectRgn
GetDeviceCaps

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
DeregisterEventSource
ReportEventA
RegisterEventSourceA

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation

ole32

CoInitialize
OleInitialize
OleUninitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
OleLockRunning
CLSIDFromString
RevokeDragDrop
RegisterDragDrop

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString
SysAllocStringLen

gdiplus

GdipFree
GdipAlloc
GdipCloneBrush
GdipDrawString
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSetSmoothingMode
GdipCreatePath
GdipDeletePath
GdipAddPathArcI
GdipAddPathLineI
GdipCreateTexture
GdipSetPixelOffsetMode
GdipFillPath
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipDeleteBrush

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsW

msimg32

AlphaBlend

winmm

timeBeginPeriod
timeEndPeriod

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

psapi

GetModuleFileNameExW

snmpapi

SnmpUtilOidNCmp
SnmpUtilVarBindFree
SnmpUtilOidCpy

iphlpapi

GetAdaptersAddresses

ws2_32

WSAStartup
gethostname
WSACleanup
gethostbyname
inet_ntoa
inet_addr
socket
WSACreateEvent
WSAEventSelect
htons
sendto
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recvfrom
ntohs
ntohl
setsockopt
closesocket
WSAGetLastError
select
ioctlsocket
listen
accept
getservbyport
WSASetLastError
__WSAFDIsSet
recv
send
WSAIoctl
getsockname
bind
getsockopt
getpeername
connect
htonl
getservbyname
gethostbyaddr
shutdown

wldap32

ord200
ord35
ord26
ord50
ord60
ord79
ord301
ord32
ord33
ord27
ord41
ord30
ord22
ord143
ord211
ord46

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0e0ea0d759beaf789db6a3af9913b81

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:1f:f3:57:67:c8:62:61:b9:f2:9e:94:1d:97:6b:09Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

a3:f6:3c:e4:1e:66:60:22:63:34:95:7b:bd:81:f9:2f:41:7d:f0:1d:b6:65:00:d5:7e:70:12:b8:24:7a:c8:52Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

msimg32

winmm

comctl32

psapi

snmpapi

iphlpapi

ws2_32

wldap32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 451KB - Virtual size: 451KB

.data Size: 67KB - Virtual size: 96KB

.rsrc Size: 425KB - Virtual size: 425KB

.reloc Size: 123KB - Virtual size: 123KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:1f:f3:57:67:c8:62:61:b9:f2:9e:94:1d:97:6b:09
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

a3:f6:3c:e4:1e:66:60:22:63:34:95:7b:bd:81:f9:2f:41:7d:f0:1d:b6:65:00:d5:7e:70:12:b8:24:7a:c8:52
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 451KB - Virtual size: 451KB

.data
Size: 67KB - Virtual size: 96KB

.rsrc
Size: 425KB - Virtual size: 425KB

.reloc
Size: 123KB - Virtual size: 123KB