2024-05-10_2f37a323e098511f82abd99113890cfc_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-10_2f37a323e098511f82abd99113890cfc_mafia
Size

1.7MB
MD5

2f37a323e098511f82abd99113890cfc
SHA1

6517a36cce29de6c0941487754971140d96fd6ad
SHA256

cc961b09984ef477f674c1a742cf813e271f8fc8db24bc0a88380d1ea07d1ff7
SHA512

fc26e8ccb4377835b48919ec5441099c15f9f3baacbc15758138ca26b48a34a3e16327990554f211e86381c0e1efd04152aae5b41b6e21eb6c9ca48f6935bf22
SSDEEP

49152:9JSDXakCbIYCQab4U21TaES9BeUuXQKKYpWwl1+NY:96YTat2cBeRKYpfg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-10_2f37a323e098511f82abd99113890cfc_mafia

Files

2024-05-10_2f37a323e098511f82abd99113890cfc_mafia
.exe windows:5 windows x86 arch:x86

d01acf735ea895d7ef3b2508c7f02172

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r325\r325_00\drivers\notifius\build\bin\Win32\Release\ComUpdatus.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiSetDeviceInstallParamsW
SetupDiDestroyDriverInfoList
SetupDiGetDriverInstallParamsW
SetupDiEnumDriverInfoW
SetupDiGetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW

kernel32

LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
GetVersionExW
GetNativeSystemInfo
PeekNamedPipe
SystemTimeToFileTime
GetTickCount
GetSystemTimeAsFileTime
WriteFile
FileTimeToSystemTime
ReadFile
CreateFileW
SetThreadPriority
FlushFileBuffers
FileTimeToLocalFileTime
ResumeThread
GetModuleHandleExW
GetSystemDirectoryW
GetFileAttributesW
GetStartupInfoW
SetLastError
FindClose
GetWindowsDirectoryW
WideCharToMultiByte
InitializeCriticalSection
GetCurrentDirectoryW
GetSystemDefaultLangID
GlobalMemoryStatusEx
GetUserDefaultUILanguage
DeviceIoControl
GetProcessAffinityMask
SetThreadAffinityMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
GetDriveTypeW
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
VirtualQuery
GetProcessHeap
GetExitCodeProcess
CreateProcessW
GetCurrentProcess
IsWow64Process
GetCurrentThread
LocalFree
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
CloseHandle
CreateThread
CreateEventW
Sleep
InitializeCriticalSectionAndSpinCount
GetCommandLineW
SetEvent
DeleteCriticalSection
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
FreeEnvironmentStringsW
GetLocaleInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
HeapReAlloc
GetStdHandle
ExitProcess
HeapCreate
IsProcessorFeaturePresent
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileA
GetFileInformationByHandle
GetFullPathNameA
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
RtlUnwind
FindFirstFileExA
GetDriveTypeA
ExitThread
HeapSetInformation
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
GetFileType
SetHandleCount
InterlockedCompareExchange
GetEnvironmentStringsW

user32

EnumDisplayDevicesW
CharNextW
CharUpperW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
EnumDisplaySettingsExW

advapi32

RegDeleteValueW
IsValidSid
LookupAccountNameW
CopySid
AddAce
AddAccessAllowedAce
GetAce
EqualSid
GetAclInformation
DeleteAce
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
MakeSelfRelativeSD
GetSecurityDescriptorSacl
FreeSid
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
MakeAbsoluteSD
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
SetSecurityDescriptorGroup
RevertToSelf
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
OpenThreadToken
ImpersonateSelf
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoAddRefServerProcess
CoReleaseServerProcess
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoSetProxyBlanket
CoTaskMemFree

oleaut32

SafeArrayGetElement
VariantCopy
SafeArrayGetLBound
VariantInit
VariantClear
VariantChangeType
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
VarUI4FromStr

Sections

.text
Size: 755KB - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 648KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d01acf735ea895d7ef3b2508c7f02172

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

setupapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 755KB - Virtual size: 755KB

.rdata Size: 133KB - Virtual size: 132KB

.data Size: 11KB - Virtual size: 29KB

.rsrc Size: 143KB - Virtual size: 143KB

.reloc Size: 648KB - Virtual size: 652KB

.text
Size: 755KB - Virtual size: 755KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 11KB - Virtual size: 29KB

.rsrc
Size: 143KB - Virtual size: 143KB

.reloc
Size: 648KB - Virtual size: 652KB