2024-02-22_90fcc997cffac932295007df23dfb34e_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-22_90fcc997cffac932295007df23dfb34e_mafia
Size

1.7MB
MD5

90fcc997cffac932295007df23dfb34e
SHA1

21edaa8b6c8f78f335bd14de404ee3d324a7f650
SHA256

1383c7e95e81d0a2502480f190f863e959b9a0fa3007215f77de2858cd0d9d8a
SHA512

9f7287c627f9939be79c18bf40e9a05ef94ff3a6c9a43b7d7e1f6c253671f956bc424f85873ff9f2730694e619eb53a4ba8492d6206e8b16450c8de5d0bcc8e2
SSDEEP

24576:LAehqpX2kW5xCmpwTzzykSFBehANAsqjnhMgeiCl7G0nehbGZpbD:MeMmkW5x/yTzz3SFBeCN8Dmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-22_90fcc997cffac932295007df23dfb34e_mafia

Files

2024-02-22_90fcc997cffac932295007df23dfb34e_mafia
.exe windows:5 windows x86 arch:x86

3653bfb58011ca9995b1116bde5090fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r331\r331_00\drivers\notifius\build\bin\Win32\Release\ComUpdatus.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiSetDeviceInstallParamsW
SetupDiDestroyDriverInfoList
SetupDiGetDriverInstallParamsW
SetupDiEnumDriverInfoW
SetupDiGetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW

kernel32

GetExitCodeProcess
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
GetVersionExW
GetNativeSystemInfo
PeekNamedPipe
SystemTimeToFileTime
GetTickCount
GetSystemTimeAsFileTime
WriteFile
FileTimeToSystemTime
ReadFile
CreateFileW
SetThreadPriority
FlushFileBuffers
FileTimeToLocalFileTime
ResumeThread
GetModuleHandleExW
GetFileAttributesW
GetStartupInfoW
SetLastError
FindClose
GetWindowsDirectoryW
WideCharToMultiByte
InitializeCriticalSection
GetCurrentDirectoryW
GetSystemDefaultLangID
GlobalMemoryStatusEx
GetUserDefaultUILanguage
DeviceIoControl
GetProcessAffinityMask
SetThreadAffinityMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
GetDriveTypeW
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
VirtualQuery
GetProcessHeap
CreateProcessW
GetCurrentProcess
IsWow64Process
GetSystemDirectoryW
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
LocalFree
WaitForSingleObject
CloseHandle
CreateThread
CreateEventW
Sleep
InitializeCriticalSectionAndSpinCount
GetCommandLineW
SetEvent
DeleteCriticalSection
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
GetLocaleInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
HeapReAlloc
GetStdHandle
ExitProcess
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileA
GetFileInformationByHandle
GetFullPathNameA
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
RtlUnwind
FindFirstFileExA
GetDriveTypeA
ExitThread
HeapSetInformation
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

EnumDisplayDevicesW
CharNextW
CharUpperW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
EnumDisplaySettingsExW

advapi32

ImpersonateSelf
IsValidSid
LookupAccountNameW
CopySid
AddAce
AddAccessAllowedAce
GetAce
EqualSid
GetAclInformation
DeleteAce
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
MakeSelfRelativeSD
GetSecurityDescriptorSacl
FreeSid
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
MakeAbsoluteSD
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
SetSecurityDescriptorGroup
RevertToSelf
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
OpenThreadToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoAddRefServerProcess
CoReleaseServerProcess
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoSetProxyBlanket
CoTaskMemFree

oleaut32

SafeArrayGetElement
VariantCopy
SafeArrayGetLBound
VariantInit
VariantClear
VariantChangeType
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
VarUI4FromStr

shlwapi

PathCombineW

Sections

.text
Size: 756KB - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 648KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3653bfb58011ca9995b1116bde5090fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

setupapi

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 756KB - Virtual size: 756KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 11KB - Virtual size: 29KB

.rsrc Size: 143KB - Virtual size: 143KB

.reloc Size: 648KB - Virtual size: 652KB

.text
Size: 756KB - Virtual size: 756KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 11KB - Virtual size: 29KB

.rsrc
Size: 143KB - Virtual size: 143KB

.reloc
Size: 648KB - Virtual size: 652KB