ramnit | 4708bac148c1354efa086007eb4c5652851ad63f4490cb659b999957984925e9_unpacked

Sharing

Copy URL Twitter E-mail

General

Target

4708bac148c1354efa086007eb4c5652851ad63f4490cb659b999957984925e9_unpacked
Size

114KB
MD5

a86c97e899a93ba176de1c93c82cd14d
SHA1

95f308fe16d334033a499140d631eef064509530
SHA256

c3e044c9e8703abb90038959736c84c07e8f00b7a49d44271c8494101ebbe786
SHA512

3b9620eaffdaf5b627d3b14ebf4881f158f2957e01560c5d265333d495a3846a2d6fd2a61e2fa92298e9486df2f89f03d29a743a33e2bc113094e33f11dfd170
SSDEEP

1536:nzsLcHvHaHv2rzlt1TdGVt5sgGFeqW6tY5pZFqoFb1:nzqPUhjxGbAG6cqoFb

Score

10^/10

8`¾8wõ9��?4�z4w�p4��35rϯ5��5��t1;�<�;�@;�>>a��?��9<��ramnit

Malware Config

Extracted

Family

ramnit

Botnet

8`¾8wõ9��?4�z4w�P4��35rϯ5��5��t1;�<�;�@;�>>a��?��9<��)7s�R7��4[ο4�Ό4��05�5U�$2*�&0�0�{0f�P0@ʹ0

�>��;?7�"? � ?s�g?[�N?�Ŷ?�œ?��?��?��?8�1<,�<� <�u<h�:817377459

Attributes

campaign_timestamp
8.12134499e+08
compile_timestamp
1.505999145e+09
dga_seed
8.09578546e+08
listen_port
8.15804558e+08
num_dga_domains
8.07677983e+08

xor.base64

rc4.plain

rsa_pubkey.base64

Signatures

Ramnit family
ramnit

Files

4708bac148c1354efa086007eb4c5652851ad63f4490cb659b999957984925e9_unpacked
.dll windows x86

dc04e2401d8297a5c7b4ba4a53647489

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
GlobalFree
GlobalReAlloc
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OpenMutexA
OpenProcess
PeekNamedPipe
Process32First
Process32Next
ReadFile
ReleaseMutex
RemoveDirectoryA
GetProcAddress
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetNamedPipeHandleState
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TerminateThread
TryEnterCriticalSection
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteFile
WriteFileEx
lstrcmpA
lstrcmpiA
lstrcpyW
lstrcpynA
lstrlenA
lstrlenW
GetPrivateProfileStringA
GetOverlappedResult
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileSize
GetEnvironmentVariableA
GetCurrentProcessId
GetCurrentProcess
FindNextFileA
GetComputerNameA
FindFirstFileA
FindClose
ExpandEnvironmentStringsA
ExitProcess
EnterCriticalSection
DisconnectNamedPipe
DeleteFileA
DeleteCriticalSection
CreateToolhelp32Snapshot
CreateThread
CreateProcessA
CreateNamedPipeA
CreateMutexA
CreateFileW
CreateFileMappingA
CreateFileA
CreateDirectoryA
CopyFileA
ConnectNamedPipe
ResetEvent
CloseHandle
GlobalAlloc

ws2_32

ioctlsocket
inet_addr
listen
getsockname
recv
select
send
getpeername
gethostbyname
connect
closesocket
bind
accept
__WSAFDIsSet
WSAStartup
WSASetLastError
WSAGetLastError
WSACleanup
socket
htons

user32

GetDesktopWindow
ExitWindowsEx
GetIconInfo
DrawIcon
wsprintfA
GetWindowDC
GetWindowRect
LoadCursorA
ReleaseDC
DrawTextA

advapi32

AdjustTokenPrivileges
CloseServiceHandle
ControlService
DeleteService
EnumDependentServicesA
GetUserNameA
LookupPrivilegeValueA
OpenProcessToken
OpenServiceA
QueryServiceStatusEx
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
ChangeServiceConfigA

shell32

ShellExecuteExA
ShellExecuteA

gdi32

CreateCompatibleDC
DeleteDC
DeleteObject
GdiFlush
SelectObject
SetBkColor
SetStretchBltMode
SetTextColor
StretchBlt
CreateDIBSection

ole32

CreateStreamOnHGlobal

Exports

Exports

Report
Start
Stop
_CryptoCheckSignMessage@24

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

dc04e2401d8297a5c7b4ba4a53647489

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

advapi32

shell32

gdi32

ole32

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 6KB - Virtual size: 20KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 6KB - Virtual size: 20KB

.reloc
Size: 2KB - Virtual size: 2KB