2024-07-03_03984c436dc25025b58dd3aefe77f32e_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-03_03984c436dc25025b58dd3aefe77f32e_mafia
Size

992KB
MD5

03984c436dc25025b58dd3aefe77f32e
SHA1

61d8d47e2d4af29a19d7fedc1465400cdb6793d8
SHA256

cb6e6ec5f88cfbcef353a6c18d3350e1da4c25bd748cedd0a5a527dbb60f1f15
SHA512

6d6574e4e4c1192370b511e0e8ccb1699a381af6782476582e5963c1d2fe4274edd274efda9b6d3410165926a69ccf843117cbc1cb142e11ef5764c02d8fe3a9
SSDEEP

24576:s3trG8xdnOXJdqKurzzAGwy3cmNSABeF+S:s3jeXJdqKM/AG13nSABe8S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-03_03984c436dc25025b58dd3aefe77f32e_mafia

Files

2024-07-03_03984c436dc25025b58dd3aefe77f32e_mafia
.exe windows:5 windows x86 arch:x86

ec38be4010fddf0920d08bfde8cd0b5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r300\r301_07\drivers\notifius\ComUpdatus\exe\Win32\Release\ComUpdatus.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW

setupapi

SetupDiEnumDeviceInfo
SetupDiBuildDriverInfoList
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetDeviceInstallParamsW
SetupDiDestroyDriverInfoList
SetupDiGetDriverInstallParamsW
SetupDiEnumDriverInfoW
SetupDiGetDeviceInstallParamsW

kernel32

GetCurrentProcess
CreateProcessW
GetExitCodeProcess
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
GetVersionExW
CreateMutexW
PeekNamedPipe
UnmapViewOfFile
SystemTimeToFileTime
GetTickCount
GetSystemTimeAsFileTime
WriteFile
InitializeCriticalSection
FileTimeToSystemTime
ReadFile
CreateFileW
SetThreadPriority
FlushFileBuffers
OpenMutexW
GetSystemInfo
WaitForMultipleObjects
OpenFileMappingW
ReleaseMutex
FileTimeToLocalFileTime
IsWow64Process
ResumeThread
GetSystemDirectoryW
GetFileAttributesW
GetStartupInfoW
GetStdHandle
SetLastError
FindClose
GetWindowsDirectoryW
WideCharToMultiByte
GetCurrentDirectoryW
GetSystemDefaultLangID
GlobalMemoryStatusEx
GetUserDefaultUILanguage
DeviceIoControl
QueryPerformanceCounter
GetProcessAffinityMask
QueryPerformanceFrequency
SetThreadAffinityMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
DebugBreak
GetConsoleCP
GetCurrentProcessId
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetDriveTypeA
TlsFree
TlsSetValue
GetModuleHandleExW
GetCurrentThread
LocalFree
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
CloseHandle
CreateThread
CreateEventW
Sleep
InitializeCriticalSectionAndSpinCount
GetCommandLineW
SetEvent
DeleteCriticalSection
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
GetConsoleMode
SetFilePointer
GetFullPathNameA
GetFileInformationByHandle
CreateFileA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetProcessHeap
VirtualQuery
WriteConsoleW
GetDriveTypeW
SetEndOfFile
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA
FindFirstFileExA
GetCPInfo
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapSize
HeapReAlloc
ExitProcess
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
GetFileType
SetStdHandle
HeapSetInformation
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
LCMapStringW
TerminateProcess
RtlUnwind

user32

CharNextW
EnumDisplayDevicesW
GetSystemMetrics
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CharUpperW
EnumDisplaySettingsExW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
IsValidSid
LookupAccountNameW
CopySid
AddAce
AddAccessAllowedAce
GetAce
EqualSid
GetAclInformation
DeleteAce
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
MakeSelfRelativeSD
GetSecurityDescriptorSacl
FreeSid
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
MakeAbsoluteSD
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
SetSecurityDescriptorGroup
RevertToSelf
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
OpenThreadToken
ImpersonateSelf
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

ole32

StringFromGUID2
CoCreateInstance
CoRegisterClassObject
CoUninitialize
CoCreateGuid
CoSetProxyBlanket
CoInitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoTaskMemFree

oleaut32

VariantCopy
SafeArrayGetElement
VariantInit
VariantClear
VariantChangeType
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
VarUI4FromStr
SafeArrayGetLBound

Sections

.text
Size: 643KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec38be4010fddf0920d08bfde8cd0b5e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

setupapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 643KB - Virtual size: 642KB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 11KB - Virtual size: 24KB

.rsrc Size: 143KB - Virtual size: 143KB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 643KB - Virtual size: 642KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 11KB - Virtual size: 24KB

.rsrc
Size: 143KB - Virtual size: 143KB

.reloc
Size: 61KB - Virtual size: 60KB