2024-04-27_deef871133e459168ec7fdee7cdc3f05_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-27_deef871133e459168ec7fdee7cdc3f05_mafia
Size

206KB
MD5

deef871133e459168ec7fdee7cdc3f05
SHA1

2642c10afb56bde0a7f86d826d0b0225de66a9f7
SHA256

f34ecd9132fd171abb7e83d66bc8ae7ed4a3360c054fe5aeee616418f3a65603
SHA512

0faa2f055db2aff90b23684cb970cc81a410dde6eaa8e4de2f29f9c5e6c6b649e8ff38b37d89ffce94a241bcdd08b4e7849277419634b931ea49459438bfcc02
SSDEEP

6144:TGQ/13d5LBKl6HPRIWMsC/lCd3zdh305:z13d5A6v2BCd3R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-27_deef871133e459168ec7fdee7cdc3f05_mafia

Files

2024-04-27_deef871133e459168ec7fdee7cdc3f05_mafia
.exe windows:5 windows x86 arch:x86

916c24d6bd20b8520c33631851043d46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src\bitcasaui\driverStatus\Release\driverStatus.pdb

Imports

kernel32

GetFullPathNameW
GetWindowsDirectoryW
GetProcAddress
GetModuleHandleW
FreeLibrary
LoadLibraryW
CreateMailslotW
MultiByteToWideChar
FindNextFileW
FindFirstFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
lstrcatW
lstrcpyW
GetSystemDirectoryW
CopyFileW
SetFileAttributesW
GetFileAttributesW
MoveFileExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
GetVersionExW
TlsAlloc
InterlockedDecrement
TlsSetValue
TlsGetValue
WriteConsoleW
GetCurrentThread
InterlockedExchange
Sleep
GetCurrentThreadId
CreateDirectoryW
CreatePipe
SetHandleInformation
CreateProcessW
WriteFile
ReadFile
GetExitCodeProcess
CreateFileW
GetModuleFileNameW
DeviceIoControl
WaitForSingleObject
CloseHandle
GetSystemTime
SystemTimeToFileTime
SetLastError
FormatMessageW
GlobalAlloc
GlobalFree
GetLastError
GetTempPathW
DeleteFileW
GetTempFileNameW
lstrlenW
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
HeapSize
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
HeapCreate
TlsFree
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
InterlockedIncrement
WideCharToMultiByte
InterlockedCompareExchange
GetStringTypeW
EncodePointer
DecodePointer
DeleteCriticalSection
HeapFree
GetCommandLineW
HeapSetInformation
RaiseException
HeapAlloc
RtlUnwind
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetStdHandle

user32

wsprintfW

advapi32

DeleteService
CreateServiceW
EqualSid
QueryServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
RegEnumValueW
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHFileOperationW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDiGetINFClassW
SetupGetSourceFileLocationW
SetupGetSourceInfoW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiSetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupGetIntField
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextLine
SetupCloseInfFile
SetupIterateCabinetW
SetupDiGetActualSectionToInstallW

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

916c24d6bd20b8520c33631851043d46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

version

setupapi

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 444B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 444B

.reloc
Size: 13KB - Virtual size: 13KB