2024-05-23_8486c3877613098f3b764f579d56c92d_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-23_8486c3877613098f3b764f579d56c92d_mafia
Size

919KB
MD5

8486c3877613098f3b764f579d56c92d
SHA1

66de769496bef71b5de0ce68d5e22a11dfc2f584
SHA256

a41ebd45e9deaf6e493b90e439b4e3845ccad33572333035a9a09ebc890f6a29
SHA512

34af135cab24eaa6c80a26abf27935e1eeb18f08075e5400d6684a03233d7e3ff454fef0028091f851a8f6d7594fee8ae00ec056df55d831a0c5fb9acbe81821
SSDEEP

24576:cY6mzRruIgLI6Y8Y/+ie9+DPBWeJktfqgt+:cYBRruIgLIz8Y/+Gngt+

Score

1^/10

Malware Config

Signatures

Files

2024-05-23_8486c3877613098f3b764f579d56c92d_mafia
.exe windows:5 windows x86 arch:x86

d4b0afad10d10f740bce64c9f25c6914

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:2d:0c:a0:6f:4d:88:04:2d:cb:64:48:2b:c9:c0:64
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22-07-2011 00:00

Not After

20-08-2014 23:59

Subject

CN=NetSupport Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=NetSupport,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\nsmsrc\nsm\1201\1201f2\Ctl32\Release\PCIVideoVi.pdb

Imports

comctl32

ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_EndDrag
ord17
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Create
ImageList_AddMasked
ImageList_Add
ImageList_LoadImageA
ImageList_DrawEx
ImageList_GetImageCount
ImageList_Draw
ImageList_Destroy

kernel32

Beep
GetCurrentProcess
RaiseException
VirtualQueryEx
IsBadReadPtr
DeleteFileA
ResumeThread
GetThreadContext
SuspendThread
GetExitCodeThread
DuplicateHandle
GetCurrentThread
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetSystemInfo
SetThreadPriority
LocalAlloc
WaitForMultipleObjects
LoadLibraryExA
SetUnhandledExceptionFilter
GlobalGetAtomNameA
CompareStringW
CreateFileW
SetEndOfFile
WriteConsoleW
SetFilePointer
FlushFileBuffers
GetSystemDefaultLangID
GetConsoleCP
SetStdHandle
LoadLibraryW
InterlockedExchange
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetHandleCount
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
FatalAppExitA
GetTimeZoneInformation
HeapSize
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetStdHandle
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetTimeFormatA
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
HeapReAlloc
RtlUnwind
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDateFormatA
LocalFree
GetProfileStringA
FormatMessageA
PulseEvent
CreateThread
GetProcessHeap
HeapAlloc
HeapFree
WriteFile
GlobalReAlloc
GetFileSize
ReadFile
CreateFileA
WideCharToMultiByte
FindResourceExA
OutputDebugStringA
GetModuleFileNameA
GetTempPathA
GetLocalTime
GetModuleHandleA
GetCurrentProcessId
OpenProcess
SetLastError
ExitProcess
MultiByteToWideChar
GetVersionExA
GetProcAddress
FreeLibrary
LoadLibraryA
GetVersion
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateEventA
ResetEvent
SetEvent
WaitForSingleObject
CloseHandle
GetCurrentThreadId
FindResourceA
LoadResource
LockResource
Sleep
CompareStringA
IsDBCSLeadByte
InterlockedDecrement
InterlockedIncrement
GetTickCount
GetLastError
GlobalDeleteAtom
GlobalAddAtomA
ExpandEnvironmentStringsA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetConsoleMode
SetEnvironmentVariableA

user32

MessageBeep
RegisterClassExA
LoadIconA
GetClassInfoExA
FindWindowA
AdjustWindowRect
GetQueueStatus
TranslateAcceleratorA
LoadAcceleratorsA
CheckMenuItem
GetMenuState
InflateRect
ShowCursor
GetDesktopWindow
EnableMenuItem
IsMenu
SetMenu
TrackPopupMenuEx
GetMenuStringA
GetMenuItemCount
GetMenuItemID
DeleteMenu
GetWindowTextA
LoadStringW
wsprintfW
PostThreadMessageA
MoveWindow
IsDlgButtonChecked
SetWindowTextA
SetFocus
EndDialog
GetWindowTextLengthA
IsDialogMessageA
IsIconic
SetForegroundWindow
DialogBoxIndirectParamA
DialogBoxParamA
CreateDialogIndirectParamA
GetMessageA
EmptyClipboard
MessageBoxA
GetSystemMetrics
GetIconInfo
SetCursor
DrawIcon
WinHelpA
GetMenu
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
GetDlgItemTextA
CreateDialogParamA
DispatchMessageA
MessageBoxIndirectA
PeekMessageA
PostQuitMessage
GetLastActivePopup
IntersectRect
DestroyCursor
SetDlgItemTextA
LoadImageA
FillRect
SystemParametersInfoA
CreatePopupMenu
AppendMenuA
SetMenuItemInfoA
CopyIcon
DestroyIcon
ReleaseDC
GetDC
LoadBitmapA
GetParent
LoadMenuA
IsWindowVisible
UpdateWindow
ReleaseCapture
KillTimer
GetCursorPos
SetTimer
GetCapture
SetClipboardData
CloseClipboard
GetMenuItemInfoA
InsertMenuItemA
TranslateMessage
GetKeyState
wsprintfA
LoadStringA
GetSysColor
SendMessageA
SendDlgItemMessageA
PostMessageA
ShowWindow
DefWindowProcA
CallWindowProcA
IsWindow
DestroyWindow
GetDlgItem
CreateWindowExA
RegisterClassA
LoadCursorA
GetWindowRect
SetRectEmpty
MapWindowPoints
SetWindowPos
GetClientRect
SetRect
InvalidateRect
wvsprintfA
OpenClipboard
EnableWindow
GetWindowLongA
GetClassNameA
GetWindow
GetTopWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
EqualRect
DeferWindowPos
ValidateRect
GetSubMenu
RemovePropA
GetPropA
SetPropA
SetWindowLongA
EndPaint
BeginPaint
GetUpdateRect
DrawTextA
WindowFromPoint
ClientToScreen
IsZoomed
GetActiveWindow
OffsetRect
IsWindowEnabled
GetDlgCtrlID
PtInRect
SetCapture
DestroyMenu
IsChild

gdi32

CreateBitmap
TextOutA
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
SetBrushOrgEx
SelectPalette
GetDIBits
ExtTextOutA
StretchBlt
SetBkColor
RealizePalette
GetTextExtentPoint32A
CreateFontIndirectA
GetTextMetricsA
CreateDCA
GetDeviceCaps
GetTextExtentPointA
CreateSolidBrush
PatBlt
SetPixel
CreatePen
MoveToEx
LineTo
RectVisible
SetTextColor
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
GetStockObject
CreatePatternBrush
GetObjectA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
GetTokenInformation
OpenProcessToken
RegQueryValueExA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
RegCreateKeyExA

shell32

DragFinish
ExtractIconExA
SHGetFolderPathA
ShellExecuteA
DragQueryFileA

ole32

OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CoCreateInstance

gdiplus

GdipBitmapUnlockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipBitmapLockBits
GdipCreatePathGradientFromPath
GdipSetPathGradientCenterColor
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipGetGenericFontFamilySansSerif
GdipGetImagePixelFormat
GdipDrawCachedBitmap
GdipDeleteCachedBitmap
GdipAddPathCurveI
GdipCreateCachedBitmap
GdipAddPathArcI
GdipAddPathLineI
GdipFillRectanglesI
GdipClonePath
GdipCreatePath
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDrawLineI
GdipMeasureString
GdipDrawRectangleI
GdipFillPath
GdipDeletePath
GdipResetClip
GdipSetClipPath
GdipDrawImageRectI
GdipDrawPath
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectI
GdipCreateHICONFromBitmap
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipGetFontHeightGivenDPI
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipReleaseDC
GdipGetDC
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipImageRotateFlip
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFont
GdipCreateFontFamilyFromName
GdipAlloc
GdiplusStartup
GdipDeleteFont
GdipDeleteFontFamily
GdipFree
GdipDeleteStringFormat

winmm

timeEndPeriod
timeGetTime
PlaySoundA
timeBeginPeriod

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4b0afad10d10f740bce64c9f25c6914

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7d:2d:0c:a0:6f:4d:88:04:2d:cb:64:48:2b:c9:c0:64Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

gdiplus

winmm

version

Sections

.text Size: 580KB - Virtual size: 579KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 9KB - Virtual size: 20KB

.rsrc Size: 198KB - Virtual size: 198KB

.reloc Size: 25KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7d:2d:0c:a0:6f:4d:88:04:2d:cb:64:48:2b:c9:c0:64
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 580KB - Virtual size: 579KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 9KB - Virtual size: 20KB

.rsrc
Size: 198KB - Virtual size: 198KB

.reloc
Size: 25KB - Virtual size: 25KB