ramnit | c059a32f921f670c8db1697cda5adf502cb95c8fec8fe3040a5ee647c784c3bd

Sharing

Copy URL

Twitter E-mail

General

Target

c059a32f921f670c8db1697cda5adf502cb95c8fec8fe3040a5ee647c784c3bd
Size

50KB
MD5

350a1d996529d453fa9defcdc726b40b
SHA1

cd4f2d27824110424dcc7992eb9d74e9155a2720
SHA256

c059a32f921f670c8db1697cda5adf502cb95c8fec8fe3040a5ee647c784c3bd
SHA512

a2b2cdfb61613426cdb9bf6b2530835c2e1afa8f9e3cf44803ad0683eeb405f737f1e8886e655688ff0a906732e91e463b3b6df111af24e36f3cdbb0d2c49ca1
SSDEEP

768:dY3s+AgMsM06FCiqOzDxANKedkqQDL0pxbZoky4vynGA+NeHG/hIq/jA7i5O:jrCiqIDxANKedk5SxOvGAKB9bdk

Score

10^/10

ramnit

Malware Config

Signatures

Ramnit family
ramnit

Files

c059a32f921f670c8db1697cda5adf502cb95c8fec8fe3040a5ee647c784c3bd
.dll windows x86

8b9a50b8c7acb0f8d57192e4d4371f90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalReAlloc
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
LockFileEx
GetLastError
MultiByteToWideChar
OpenMutexA
OpenProcess
Process32First
Process32Next
ReadFile
ReleaseMutex
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess
TryEnterCriticalSection
UnlockFileEx
UnmapViewOfFile
WaitForMultipleObjects
WideCharToMultiByte
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpyW
lstrlenA
lstrlenW
GetFileSize
GetEnvironmentVariableA
GetDriveTypeA
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
FindNextFileA
FindFirstFileA
FindClose
ExitProcess
ExpandEnvironmentStringsA
EnterCriticalSection
DeviceIoControl
DeleteFileA
DeleteCriticalSection
CreateToolhelp32Snapshot
CreateThread
CreateProcessA
CreateMutexA
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
MapViewOfFile
CloseHandle

ws2_32

recv
select
ioctlsocket
inet_addr
htons
send
socket
getsockname
getpeername
gethostbyname
connect
closesocket
bind
accept
__WSAFDIsSet
WSAStartup
WSAGetLastError
WSACleanup
listen

user32

MessageBoxA
ReleaseDC
GetDesktopWindow
LoadCursorA
DrawTextA
DrawIcon
CharUpperBuffW
wsprintfA
GetWindowRect
GetWindowDC
ExitWindowsEx
GetIconInfo

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
GetUserNameA

shell32

ShellExecuteA

gdi32

CreateCompatibleDC
DeleteDC
DeleteObject
GdiFlush
SelectObject
SetBkColor
SetStretchBltMode
SetTextColor
StretchBlt
CreateDIBSection

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b9a50b8c7acb0f8d57192e4d4371f90

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

advapi32

shell32

gdi32

ole32

Sections

.text Size: 40KB - Virtual size: 44KB

.rdata Size: 3KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 12KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 44KB

.rdata
Size: 3KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 12KB

.reloc
Size: 1KB - Virtual size: 1KB