2024-10-06_40db918d64b9245799f5590d30793aa4_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-06_40db918d64b9245799f5590d30793aa4_mafia
Size

1.8MB
MD5

40db918d64b9245799f5590d30793aa4
SHA1

e1e7d3fa32eff3ef2553d1cb945352959a409b2f
SHA256

3807bc9270ef73d63ce302f04c54a34d0367e17f417a08d02d281f9aa98807e6
SHA512

c99e34346a717bb793e1fa5e9d9c6ec0c836a4d832bc4231a72bcb5e3868a7f47a05303ed9746018c796f360607a30b2e99b5a66891cc51d980386bd56b6c04b
SSDEEP

49152:YyTOB+yDQrZ9YAgy/IHuW1yh2nm3RE/cQdPBf6xea8LgP5lA:YXB+yDQzYAgy/ID102nm3RE/c86xea8a

Score

1^/10

Malware Config

Signatures

Files

2024-10-06_40db918d64b9245799f5590d30793aa4_mafia
.exe windows:5 windows x86 arch:x86

142584247d87ec8247137a97e8d84375

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:7c:b8:df:d0:e3:5a:48:da:04:09:80:f7:43:c6:ab
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

04/03/2010, 00:00

Not After

29/03/2013, 23:59

Subject

CN=VIA Technologies Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Taiwan Head Quarter,O=VIA Technologies Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f6:df:96:ad:f9:bb:9e:a0:59:ca:ea:1a:fc:1e:8d:c4:74:77:96:83
Signer

Actual PE Digest

f6:df:96:ad:f9:bb:9e:a0:59:ca:ea:1a:fc:1e:8d:c4:74:77:96:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\0_Win7\viaaud\viaaud (20111111) 10100RC2\Release\viaaud.pdb

Imports

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiDeleteDeviceInterfaceData
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces

winmm

PlaySoundW

dsound

ord3
ord11

kernel32

GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
VirtualAlloc
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
IsProcessorFeaturePresent
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
ExitThread
HeapReAlloc
RaiseException
RtlUnwind
ExitProcess
DecodePointer
EncodePointer
HeapFree
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetTempPathW
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
SetErrorMode
FileTimeToSystemTime
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
ReleaseActCtx
CreateActCtxW
ResumeThread
SetThreadPriority
lstrcpyW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
LoadLibraryExW
InterlockedExchange
lstrlenA
lstrcmpA
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
lstrcmpiW
CopyFileW
GlobalSize
GlobalAlloc
FormatMessageW
LocalFree
GetCurrentProcessId
MulDiv
lstrlenW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ActivateActCtx
DeactivateActCtx
SetLastError
lstrcmpW
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
DeviceIoControl
CreateFileW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
TerminateThread
SetEvent
CreateEventW
CreateThread
WaitForSingleObject
CreateMutexW
GetPrivateProfileStringA
InterlockedDecrement
InterlockedIncrement
Sleep
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GetCurrentDirectoryW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetSystemInfo
GetModuleHandleW
GetVersionExW
CloseHandle
GetCurrentProcess
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GetSystemDefaultLangID
GetProcAddress
LoadLibraryW
FreeLibrary
GetFileType
SetStdHandle
GetLocaleInfoW
VirtualQuery

user32

SetClipboardData
OpenClipboard
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
DrawEdge
SetClassLongW
DestroyAcceleratorTable
SetParent
DrawIconEx
GetNextDlgGroupItem
LoadImageW
GetIconInfo
HideCaret
DrawFocusRect
InvertRect
MapVirtualKeyW
UnregisterClassW
DestroyIcon
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsRectEmpty
IsZoomed
GetAsyncKeyState
NotifyWinEvent
MessageBeep
SetWindowRgn
GetSystemMenu
OffsetRect
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
IntersectRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
LoadCursorW
GetSysColorBrush
CopyImage
DestroyMenu
GetMenuItemInfoW
InflateRect
RealChildWindowFromPoint
InvalidateRect
DrawStateW
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
PostQuitMessage
CharUpperW
GetMenuStringW
InsertMenuW
RemoveMenu
GetWindowThreadProcessId
EndPaint
BeginPaint
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
LoadMenuW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CloseClipboard
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
IsCharLowerW
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
IsWindowVisible
ValidateRect
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
EmptyClipboard
GetWindowRgn
MapDialogRect
DestroyCursor
SubtractRect
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
CreateMenu
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
CopyRect
PtInRect
GetWindow
GetDesktopWindow
GetActiveWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
LoadBitmapW
MapVirtualKeyExW
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
KillTimer
SetTimer
DrawIcon
GetClientRect
IsIconic
SendMessageW
LoadIconW
PostMessageW
FindWindowW
ReleaseDC
GetWindowDC
GetWindowRect
GetSystemMetrics
SystemParametersInfoW
EnableWindow
GetKeyNameTextW
PostThreadMessageW
CharUpperBuffW
CopyIcon
FrameRect
RegisterClipboardFormatW
AppendMenuW
GetKeyboardState

gdi32

CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
GetDeviceCaps
CreatePen
RectVisible
CreateSolidBrush
CreateHatchBrush
CopyMetaFileW
CreateDCW
GetTextExtentPoint32W
GetTextMetricsW
CreateDIBitmap
CreateRectRgnIndirect
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
PatBlt
DPtoLP
CreateRoundRectRgn
CreateDIBSection
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Ellipse
Polygon
OffsetRgn
GetRgnBox
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
SetPixelV
GetTextFaceW
PtVisible
GetPixel
DeleteDC
ExtSelectClipRgn
BitBlt
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
SetDIBColorTable
SetBkColor
SetTextColor
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
GetObjectW
DeleteObject
CombineRgn
CreateRectRgn
StretchBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
Polyline
CreateFontIndirectW
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
TextOutW

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW

shell32

DragFinish
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHAppBarMessage
DragQueryFileW
ShellExecuteW
SHBrowseForFolderW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW

ole32

OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
DoDragDrop
CreateStreamOnHGlobal
CoTaskMemAlloc
ReleaseStgMedium
PropVariantClear
CoTaskMemFree
CoInitializeEx
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitialize
OleDuplicateData
CoCreateGuid
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard

oleaut32

VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
SysStringLen
SysAllocString
VariantChangeType
SysAllocStringLen
VariantClear
VariantInit

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

142584247d87ec8247137a97e8d84375

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

39:7c:b8:df:d0:e3:5a:48:da:04:09:80:f7:43:c6:abCertificate

Extended Key Usages

Key Usages

f6:df:96:ad:f9:bb:9e:a0:59:ca:ea:1a:fc:1e:8d:c4:74:77:96:83Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

winmm

dsound

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

oleacc

imm32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 298KB - Virtual size: 297KB

.data Size: 61KB - Virtual size: 91KB

.rsrc Size: 84KB - Virtual size: 83KB

.reloc Size: 168KB - Virtual size: 167KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

39:7c:b8:df:d0:e3:5a:48:da:04:09:80:f7:43:c6:ab
Certificate

f6:df:96:ad:f9:bb:9e:a0:59:ca:ea:1a:fc:1e:8d:c4:74:77:96:83
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 298KB - Virtual size: 297KB

.data
Size: 61KB - Virtual size: 91KB

.rsrc
Size: 84KB - Virtual size: 83KB

.reloc
Size: 168KB - Virtual size: 167KB