2024-01-18_5a58caa48894a369a468661c84362a38_magniber_ramnit

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-18_5a58caa48894a369a468661c84362a38_magniber_ramnit
Size

12.7MB
MD5

5a58caa48894a369a468661c84362a38
SHA1

70232cc0cd5d662ad62ee88772727f0d411c1a61
SHA256

4ee6d1414fdb12d716462130b495d7b7f0bd1c3cfee9af0f21926f85e0e3e13b
SHA512

c0bf397f86a5a0914c905939f19baa3e12a5aa110cac2a22ef71f2e88d20143ba7710216698e85ae2dd2c54de76f568ed9e606fbef68747c4a6868b72f2efdc4
SSDEEP

196608:chwl78TboXUPc5qp2GY14R7jIEAdPs0uVbIPoCr:chMG9Pceg4RJ0SbIPoCr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-18_5a58caa48894a369a468661c84362a38_magniber_ramnit

Files

2024-01-18_5a58caa48894a369a468661c84362a38_magniber_ramnit
.exe windows:6 windows x86 arch:x86

0213f36b7076339582009c1f3e5210f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

ImageNtHeader

steam_api

SteamAPI_RunCallbacks
SteamController
SteamMatchmaking
SteamAPI_Init
SteamAPI_Shutdown
SteamHTTP
SteamUGC
SteamRemoteStorage
SteamUserStats
SteamAPI_WriteMiniDump
SteamApps
SteamUser
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamHTMLSurface
SteamAPI_IsSteamRunning
SteamFriends
SteamInventory
SteamUtils
SteamAPI_SetMiniDumpComment

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
RaiseException
GetLastError
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
GetCurrentThreadId
SetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
QueryPerformanceCounter
GlobalAlloc
GlobalLock
GlobalUnlock
OutputDebugStringA
OutputDebugStringW
VirtualAlloc
VirtualFree
HeapSetInformation
MultiByteToWideChar
GetCPInfoExW
GetLocaleInfoA
GetUserDefaultLCID
DosDateTimeToFileTime
CreateFileA
CreateFileW
ReadFile
SetFilePointer
WriteFile
DeleteFileW
GetCurrentProcess
GetCurrentProcessId
GetLocalTime
IsWow64Process
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentDirectoryW
GetModuleFileNameW
CreateThread
DebugBreak
FormatMessageW
GetModuleFileNameA
LoadLibraryExA
FormatMessageA
GetTempPathW
ReleaseSemaphore
CreateSemaphoreW
SetUnhandledExceptionFilter
ExitProcess
TerminateProcess
SwitchToThread
QueryPerformanceFrequency
FileTimeToLocalFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetTimeFormatW
GetFileSizeEx
GetFileTime
SetFileTime
GetFileSize
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetTempFileNameW
RemoveDirectoryW
CopyFileExW
MoveFileExW
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
SetFileAttributesW
GetCommandLineW
MapViewOfFile
GetTickCount
CompareFileTime
HeapAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
FlushFileBuffers
SetEndOfFile
GetFileAttributesExW
SetConsoleCtrlHandler
CreateProcessW
CreateProcessA
SetFilePointerEx
GetFileType
GetProcessHeap
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
VirtualQuery
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
LoadLibraryA
IsDBCSLeadByteEx
IsValidCodePage
GetVersionExA
DuplicateHandle
GetFullPathNameW
GetFullPathNameA
GetCurrentDirectoryA
GetStdHandle
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetLastError
WideCharToMultiByte
DecodePointer
EncodePointer
IsValidLocale
EnumSystemLocalesW
GetACP
GetCurrentThread
GetDateFormatW
HeapFree
HeapSize
HeapQueryInformation
SetStdHandle
GetExitCodeProcess
CreatePipe
WriteConsoleW
FindFirstFileExA
FindFirstFileExW
FindNextFileA
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
HeapReAlloc
GetFileAttributesW

user32

IsCharAlphaW
DestroyIcon
PtInRect
WindowFromPoint
MapWindowPoints
ShowCursor
ReleaseDC
GetDC
MapVirtualKeyExW
mouse_event
IsCharAlphaNumericW
EnableWindow
GetDlgItem
EndDialog
KillTimer
SetTimer
MessageBoxW
GetForegroundWindow
IsWindow
GetCapture
CreateIconIndirect
InvalidateRect
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
SendMessageW
GetMonitorInfoW
GetDoubleClickTime
MapVirtualKeyW
GetClientRect
SetCursorPos
GetCursorPos
ClipCursor
ClientToScreen
SetRect
GetKeyboardLayoutNameA
GetKeyboardLayout
GetMessageW
TranslateMessage
DispatchMessageW
RegisterHotKey
UnregisterHotKey
DefWindowProcW
PostQuitMessage
RegisterClassW
CreateWindowExW
DestroyWindow
ShowWindow
FlashWindowEx
SetWindowPos
SetFocus
UpdateWindow
SetForegroundWindow
SetWindowTextW
AdjustWindowRect
ScreenToClient
GetWindowLongW
SetWindowLongW
LoadIconW
EnumDisplaySettingsW
SystemParametersInfoW
MonitorFromRect
MonitorFromWindow
GetRawInputData
RegisterRawInputDevices
PostMessageW
LoadImageW
FillRect
SetCursor
IsIconic
GetSystemMetrics
BeginPaint
EndPaint

gdi32

CreateBitmap
CreateSolidBrush
BitBlt
CreateCompatibleDC
GetDIBits
DeleteObject
SelectObject
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectW
TextOutW
CreateDIBSection
GetPixel
DeleteDC
GetCurrentObject

shell32

ShellExecuteW

mss32

_AIL_load_sample_buffer@16
_AIL_sample_buffer_available@4
_AIL_set_sample_buffer_count@8
_AIL_minimum_sample_buffer_size@12
_AIL_set_sample_address@12
_AIL_set_sample_processor@12
_AIL_mem_free_lock@4
_AIL_mem_alloc_lock_info@12
_RIB_find_file_provider@12
_AIL_set_listener_3D_orientation@28
_AIL_set_listener_3D_position@16
_AIL_set_3D_distance_factor@8
_AIL_set_3D_rolloff_factor@8
_AIL_set_file_callbacks@16
_AIL_set_redist_directory@4
_AIL_close_digital_driver@4
_AIL_open_digital_driver@16
_AIL_last_error@0
_AIL_shutdown@0
_AIL_startup@0
_AIL_output_filter_driver_property@20
_AIL_set_sample_3D_position@16
_AIL_set_sample_3D_distances@16
_AIL_WAV_info@8
_AIL_sample_ms_position@12
_AIL_sample_position@4
_AIL_sample_status@4
_AIL_set_sample_loop_count@8
_AIL_set_sample_low_pass_cut_off@12
_AIL_set_sample_playback_rate_factor@8
_AIL_set_sample_playback_rate@8
_AIL_end_sample@4
_AIL_start_sample@4
_AIL_set_sample_info@8
_AIL_release_sample_handle@4
_AIL_allocate_sample_handle@4
_AIL_stream_position@4
_AIL_set_stream_position@8
_AIL_stream_status@4
_AIL_set_stream_loop_count@8
_AIL_pause_stream@8
_AIL_start_stream@4
_AIL_stream_sample_handle@4
_AIL_close_stream@4
_AIL_open_stream@12
_AIL_set_sample_volume_levels@12

xvidcore

xvid_decore
xvid_global

icuuc56

ucasemap_open_56
ucasemap_close_56
ucasemap_utf8ToLower_56
ucasemap_utf8ToUpper_56
?toUTF8@UnicodeString@icu_56@@QBEXAAVByteSink@2@@Z
?toUTF32@UnicodeString@icu_56@@QBEHPAHHAAW4UErrorCode@@@Z
?length@UnicodeString@icu_56@@QBEHXZ
?isEmpty@UnicodeString@icu_56@@QBECXZ
?getCapacity@UnicodeString@icu_56@@QBEHXZ
?isBogus@UnicodeString@icu_56@@QBECXZ
?setTo@UnicodeString@icu_56@@QAEAAV12@ABV12@@Z
?setToBogus@UnicodeString@icu_56@@QAEXXZ
?remove@UnicodeString@icu_56@@QAEAAV12@XZ
?getBuffer@UnicodeString@icu_56@@QAEPA_WH@Z
?releaseBuffer@UnicodeString@icu_56@@QAEXH@Z
?getBuffer@UnicodeString@icu_56@@QBEPB_WXZ
?getTerminatedBuffer@UnicodeString@icu_56@@QAEPB_WXZ
??0UnicodeString@icu_56@@QAE@XZ
??0UnicodeString@icu_56@@QAE@PBDHPAUUConverter@@AAW4UErrorCode@@@Z
??1UnicodeString@icu_56@@UAE@XZ
?getEnglish@Locale@icu_56@@SAABV12@XZ
?setDefault@Locale@icu_56@@SAXABV12@AAW4UErrorCode@@@Z
?getName@Locale@icu_56@@QBEPBDXZ
u_init_56
u_strFromWCS_56
ucnv_close_56
ucnv_reset_56
ucnv_getMaxCharSize_56
ucnv_fromUChars_56
ucnv_getNextUChar_56
?Flush@ByteSink@icu_56@@UAEXXZ
?GetAppendBuffer@ByteSink@icu_56@@UAEPADHHPADHPAH@Z
??8UnicodeString@icu_56@@QBECABV01@@Z
u_isprint_56
u_errorName_56
u_strlen_56
?startsWith@UnicodeString@icu_56@@QBECABV12@@Z
u_strFromUTF32WithSub_56
u_strFromUTF8WithSub_56
?indexOf@UnicodeString@icu_56@@QBEHABV12@H@Z
?indexOf@UnicodeString@icu_56@@QBEHABV12@HH@Z
?indexOf@UnicodeString@icu_56@@QBEHABV12@HHHH@Z
?indexOf@UnicodeString@icu_56@@QBEHPB_WHH@Z
?indexOf@UnicodeString@icu_56@@QBEHPB_WHHH@Z
?indexOf@UnicodeString@icu_56@@QBEH_W@Z
?indexOf@UnicodeString@icu_56@@QBEHH@Z
?indexOf@UnicodeString@icu_56@@QBEH_WH@Z
?lastIndexOf@UnicodeString@icu_56@@QBEHABV12@@Z
?charAt@UnicodeString@icu_56@@QBE_WH@Z
?tempSubString@UnicodeString@icu_56@@QBE?AV12@HH@Z
?tempSubStringBetween@UnicodeString@icu_56@@QBE?AV12@HH@Z
??4UnicodeString@icu_56@@QAEAAV01@ABV01@@Z
?fastCopyFrom@UnicodeString@icu_56@@QAEAAV12@ABV12@@Z
?setTo@UnicodeString@icu_56@@QAEAAV12@PB_WH@Z
?append@UnicodeString@icu_56@@QAEAAV12@ABV12@@Z
?append@UnicodeString@icu_56@@QAEAAV12@PB_WH@Z
?append@UnicodeString@icu_56@@QAEAAV12@_W@Z
?append@UnicodeString@icu_56@@QAEAAV12@H@Z
?insert@UnicodeString@icu_56@@QAEAAV12@HPB_WH@Z
?insert@UnicodeString@icu_56@@QAEAAV12@H_W@Z
?insert@UnicodeString@icu_56@@QAEAAV12@HH@Z
?findAndReplace@UnicodeString@icu_56@@QAEAAV12@ABV12@0@Z
?truncate@UnicodeString@icu_56@@QAECH@Z
?trim@UnicodeString@icu_56@@QAEAAV12@XZ
?reverse@UnicodeString@icu_56@@QAEAAV12@XZ
?toUpper@UnicodeString@icu_56@@QAEAAV12@XZ
?toLower@UnicodeString@icu_56@@QAEAAV12@XZ
??0UnicodeString@icu_56@@QAE@HHH@Z
??0UnicodeString@icu_56@@QAE@PB_W@Z
?setToEnd@CharacterIterator@icu_56@@QAEHXZ
?endIndex@CharacterIterator@icu_56@@QBEHXZ
?getIndex@CharacterIterator@icu_56@@QBEHXZ
??0StringCharacterIterator@icu_56@@QAE@ABVUnicodeString@1@@Z
??1StringCharacterIterator@icu_56@@UAE@XZ
?remove@UnicodeString@icu_56@@QAEAAV12@HH@Z
?endsWith@UnicodeString@icu_56@@QBECABV12@@Z
u_strToUTF32WithSub_56
u_strToWCS_56
??1ByteSink@icu_56@@UAE@XZ
?indexOf@UnicodeString@icu_56@@QBEHABV12@@Z
u_strToUTF8WithSub_56
??0ByteSink@icu_56@@QAE@XZ
??3UMemory@icu_56@@SAXPAX@Z
utf8_nextCharSafeBody_56
?createLineInstance@BreakIterator@icu_56@@SAPAV12@ABVLocale@2@AAW4UErrorCode@@@Z
?createWordInstance@BreakIterator@icu_56@@SAPAV12@ABVLocale@2@AAW4UErrorCode@@@Z
?getDefault@Locale@icu_56@@SAABV12@XZ
??1Locale@icu_56@@UAE@XZ
??0Locale@icu_56@@QAE@ABV01@@Z
?compare@UnicodeString@icu_56@@QBECABV12@@Z
ucnv_open_56

icuin56

?createInstance@Collator@icu_56@@SAPAV12@ABVLocale@2@AAW4UErrorCode@@@Z

d3d11

D3D11CreateDeviceAndSwapChain

dxgi

CreateDXGIFactory

d3dcompiler_47

D3DCompile

vcomp140

_vcomp_for_static_simple_init
_vcomp_for_static_end
_vcomp_fork

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

PropVariantClear
CreateStreamOnHGlobal
CoCreateInstance

Sections

.text
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 380KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gem
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 382KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 629KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 138KB - Virtual size: 140KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0213f36b7076339582009c1f3e5210f0

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

steam_api

kernel32

user32

gdi32

shell32

mss32

xvidcore

icuuc56

icuin56

d3d11

dxgi

d3dcompiler_47

vcomp140

advapi32

ole32

Sections

.text Size: 9.0MB - Virtual size: 9.0MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 380KB - Virtual size: 724KB

.gem Size: 2KB - Virtual size: 4KB

.tls Size: 21KB - Virtual size: 24KB

.gfids Size: 2KB - Virtual size: 4KB

.rsrc Size: 382KB - Virtual size: 384KB

.reloc Size: 629KB - Virtual size: 632KB

.bind Size: 138KB - Virtual size: 140KB

.text Size: 102KB - Virtual size: 104KB

.text
Size: 9.0MB - Virtual size: 9.0MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 380KB - Virtual size: 724KB

.gem
Size: 2KB - Virtual size: 4KB

.tls
Size: 21KB - Virtual size: 24KB

.gfids
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 382KB - Virtual size: 384KB

.reloc
Size: 629KB - Virtual size: 632KB

.bind
Size: 138KB - Virtual size: 140KB

.text
Size: 102KB - Virtual size: 104KB