2024-11-21_94864b889ea288e09e0a6a9a5f7fdc96_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-21_94864b889ea288e09e0a6a9a5f7fdc96_mafia
Size

3.7MB
MD5

94864b889ea288e09e0a6a9a5f7fdc96
SHA1

6d3cbb56aab170ce1ca15fa4ca91d2cbd1f7aa52
SHA256

a9474e390a66fd673203c0e74cbf58aa44c22238fbcac23f54e3caa9279726c1
SHA512

c46c908ed6521fff3e96a1437fe8ce2d36225982413f3ef290d176d1882f9715e56c5724a5e75bda47fbfb10da24e8c1302b6943a0100c8a1a0047803ac39c0f
SSDEEP

98304:vrp4HiWBJlMfFSZIe7DsywHNpMEX8GYT0Mba2R/iL:vrp4HiWBPwa7gywHk2YTbaoe

Score

1^/10

Malware Config

Signatures

Files

2024-11-21_94864b889ea288e09e0a6a9a5f7fdc96_mafia
.exe windows:5 windows x86 arch:x86

1a29fbaebd6580828223d0267dc8657c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

44:5b:56:58:ee:9e:e3:6e:0d:e7:2a:56:b9:41:52:15
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

20/12/2016, 06:05

Not After

20/12/2017, 06:05

Subject

CN=Chongqing Yizhenze Technology Co.\, Ltd.,O=Chongqing Yizhenze Technology Co.\, Ltd.,L=Chongqing,ST=Chongqing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:dc:7b:32:9c:c1:68:c2:da:93:6b:b2:15:94:f2:b7
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

20/12/2016, 06:11

Not After

20/12/2017, 06:11

Subject

CN=Chongqing Yizhenze Technology Co.\, Ltd.,O=Chongqing Yizhenze Technology Co.\, Ltd.,L=Chongqing,ST=Chongqing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1b:fd:02:7a:d5:ec:8c:f9:f2:72:d4:05:42:16:d5:3d:2d:ff:dc:46:7d:4b:c0:da:ab:f0:ff:e5:53:a4:3c:56
Signer

Actual PE Digest

1b:fd:02:7a:d5:ec:8c:f9:f2:72:d4:05:42:16:d5:3d:2d:ff:dc:46:7d:4b:c0:da:ab:f0:ff:e5:53:a4:3c:56

Digest Algorithm

sha256

PE Digest Matches

false

93:44:48:92:1e:d2:1e:3f:44:19:7f:0a:81:a3:98:df:ef:07:56:13
Signer

Actual PE Digest

93:44:48:92:1e:d2:1e:3f:44:19:7f:0a:81:a3:98:df:ef:07:56:13

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
GetCurrentDirectoryW
GetFileType
GetTempFileNameA
GetCommandLineW
GetModuleFileNameW
SetCurrentDirectoryW
HeapDestroy
FlushInstructionCache
HeapCreate
LockResource
LoadResource
SizeofResource
FindResourceW
FreeResource
GetFullPathNameW
GetModuleHandleA
MulDiv
LoadLibraryW
GetTickCount
GetVersionExA
VirtualProtect
LoadLibraryA
SetLastError
IsBadReadPtr
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
WinExec
GetDiskFreeSpaceExA
MoveFileA
WritePrivateProfileStringA
CopyFileA
SetCurrentDirectoryA
OutputDebugStringW
ExitProcess
GetTempPathA
GetCurrentProcessId
CreateToolhelp32Snapshot
FindNextFileW
FindNextFileA
Process32NextW
Process32FirstW
FindClose
RemoveDirectoryA
GetProcAddress
FindFirstFileA
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
CreateDirectoryW
CompareStringW
SetEndOfFile
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedExchange
GetTimeZoneInformation
FlushFileBuffers
SetHandleCount
GetConsoleMode
GetConsoleCP
GetStringTypeW
InitializeCriticalSectionAndSpinCount
HeapSize
LCMapStringW
RaiseException
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetStartupInfoW
HeapSetInformation
ResumeThread
GetFileAttributesA
HeapReAlloc
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CreateThread
GetCurrentThreadId
ExitThread
GetCurrentProcess
SystemTimeToFileTime
SetEnvironmentVariableA
TerminateProcess
OpenProcess
FindFirstFileW
DeleteFileA
SetFileAttributesW
GetModuleFileNameA
CreateFileMappingW
GetModuleHandleW
MapViewOfFile
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
GetTempPathW
Sleep
CreateProcessW
lstrcmpW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
CreateFileA
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
VirtualAlloc
VirtualFree
CloseHandle
GetLastError
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetFileSize
DosDateTimeToFileTime
lstrlenA

user32

GetActiveWindow
IsWindowVisible
GetParent
GetFocus
ShowWindow
PostMessageW
GetWindow
GetMonitorInfoW
MapWindowPoints
MessageBoxW
wsprintfW
MonitorFromWindow
GetWindowLongW
GetClientRect
GetWindowRect
DestroyWindow
MessageBoxA
LoadCursorW
DispatchMessageW
TranslateMessage
PeekMessageW
GetMessageW
PtInRect
IsRectEmpty
IsWindow
DefWindowProcW
SetFocus
InvertRect
FillRect
DrawIconEx
SetWindowPos
SendMessageW
CopyRect
SetRect
UpdateLayeredWindow
EqualRect
InflateRect
IntersectRect
UnionRect
SetCursor
SetTimer
KillTimer
DestroyIcon
UpdateWindow
SetWindowLongW
InvalidateRect
ScreenToClient
GetDC
ReleaseDC
SetCapture
SetWindowTextW
IsIconic
GetCursorPos
ReleaseCapture
GetCapture
HideCaret
CreateCaret
GetCaretBlinkTime
SetCaretPos
IsZoomed
AnimateWindow
TrackMouseEvent
DestroyCursor
AppendMenuW
CreatePopupMenu
DestroyMenu
SetForegroundWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemInfoW
MapVirtualKeyA
CharLowerBuffW
DrawTextW
SystemParametersInfoA
GetSystemMetrics
EnableMenuItem
GetKeyState
GetSysColor
ClientToScreen
CreateIconFromResource
LoadImageW
LoadBitmapW
GetIconInfo
CharNextW
OffsetRect
RegisterClassExW
CreateWindowExW
CallWindowProcW
GetDlgItem
UnregisterClassW
SetLayeredWindowAttributes
BeginPaint
EndPaint
PostQuitMessage
GetClassNameW

gdi32

Rectangle
CreateSolidBrush
GetStockObject
GetObjectW
CreateFontIndirectW
GetClipBox
CreateRoundRectRgn
CreateBitmap
CreateCompatibleDC
SelectObject
DeleteDC
GetDeviceCaps
SetGraphicsMode
EnumFontsW
DeleteObject
BitBlt
StretchBlt
SetViewportOrgEx
CreateCompatibleBitmap
SetBkMode
CreateDIBSection
CombineRgn
PtInRegion
RectInRegion
GetRgnBox
OffsetRgn
SetRectRgn
CreateEllipticRgnIndirect
SetTextColor
GetTextColor
ExtSelectClipRgn
SaveDC
CreateRectRgnIndirect
RestoreDC
ExcludeClipRect
IntersectClipRect
CreateRectRgn
GetTextExtentPoint32W
RoundRect
Ellipse
SetWorldTransform
GetWorldTransform
Polyline
Arc
Pie
CreatePen
CreatePatternBrush
GetClipRgn
GetViewportOrgEx
GetCurrentObject

advapi32

RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteA
SHBrowseForFolderW
CommandLineToArgvW
ShellExecuteW

ole32

CreateBindCtx
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
CoInitialize
CoUninitialize
CoCreateInstance
OleUninitialize

oleaut32

SysFreeString
VariantClear
GetErrorInfo
VariantInit
SysAllocString

shlwapi

ord176
StrToIntExW
PathFileExistsA

netapi32

Netbios

wininet

HttpQueryInfoA
InternetConnectA
InternetCrackUrlA
InternetReadFile
InternetSetOptionA
HttpQueryInfoW
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetReadFileExA
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache

ws2_32

send
gethostbyname
closesocket
socket
recv
setsockopt
htons
WSAStartup
connect

psapi

GetProcessImageFileNameA

imagehlp

MakeSureDirectoryPathExists

imm32

ImmReleaseContext
ImmGetContext

gdiplus

GdipGetImageEncodersSize
GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncoders
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipDrawImageRectI
GdiplusShutdown
GdipCloneImage

msimg32

GradientFill
AlphaBlend

Sections

.text
Size: 829KB - Virtual size: 828KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a29fbaebd6580828223d0267dc8657c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

44:5b:56:58:ee:9e:e3:6e:0d:e7:2a:56:b9:41:52:15Certificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

2c:dc:7b:32:9c:c1:68:c2:da:93:6b:b2:15:94:f2:b7Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

1b:fd:02:7a:d5:ec:8c:f9:f2:72:d4:05:42:16:d5:3d:2d:ff:dc:46:7d:4b:c0:da:ab:f0:ff:e5:53:a4:3c:56Signer

93:44:48:92:1e:d2:1e:3f:44:19:7f:0a:81:a3:98:df:ef:07:56:13Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

netapi32

wininet

ws2_32

psapi

imagehlp

imm32

gdiplus

msimg32

Sections

.text Size: 829KB - Virtual size: 828KB

.rdata Size: 250KB - Virtual size: 249KB

.data Size: 36KB - Virtual size: 147KB

.rsrc Size: 318KB - Virtual size: 318KB

.reloc Size: 78KB - Virtual size: 77KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

44:5b:56:58:ee:9e:e3:6e:0d:e7:2a:56:b9:41:52:15
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

19:c2:85:30:e9:3b:36
Certificate

2c:dc:7b:32:9c:c1:68:c2:da:93:6b:b2:15:94:f2:b7
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

19:c2:85:30:e9:3b:36
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

1b:fd:02:7a:d5:ec:8c:f9:f2:72:d4:05:42:16:d5:3d:2d:ff:dc:46:7d:4b:c0:da:ab:f0:ff:e5:53:a4:3c:56
Signer

93:44:48:92:1e:d2:1e:3f:44:19:7f:0a:81:a3:98:df:ef:07:56:13
Signer

.text
Size: 829KB - Virtual size: 828KB

.rdata
Size: 250KB - Virtual size: 249KB

.data
Size: 36KB - Virtual size: 147KB

.rsrc
Size: 318KB - Virtual size: 318KB

.reloc
Size: 78KB - Virtual size: 77KB