D:\Development\C++\gdipp\Win32\Release\gdipp_demo_32.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-30_4ac5f59bf52689d7e4049c58976073c0_mafia_ramnit.exe
Resource
win7-20240221-en
General
-
Target
2024-03-30_4ac5f59bf52689d7e4049c58976073c0_mafia_ramnit
-
Size
240KB
-
MD5
4ac5f59bf52689d7e4049c58976073c0
-
SHA1
29de74bf95deedb2a8880494c0b0e1ac710cc57f
-
SHA256
d1ae2bf536d98cd937e819a098bb6eb7ba2af009dd5724563a6c03233e22885e
-
SHA512
a81bd7f818a974b8b405d0e4d7c95111461400d53e8820cc5ba4a2b80519be4514635255bf819660c931810d0e4c26e81f2fadae7a63aae91d1547e519d68d36
-
SSDEEP
6144:TY6Aw1tj3vHMeC6uZy1RfzNf69UGC5p76KXxGj6:2w1FRC5y1RfzNGU9B6KB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-03-30_4ac5f59bf52689d7e4049c58976073c0_mafia_ramnit
Files
-
2024-03-30_4ac5f59bf52689d7e4049c58976073c0_mafia_ramnit.exe windows:5 windows x86 arch:x86
bb1740e507e2cfec182a70b3a8a869d7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
LoadLibraryW
GetTickCount
LocalAlloc
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetLastError
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
SizeofResource
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
HeapReAlloc
HeapCreate
GetStdHandle
WriteFile
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LoadLibraryExW
FindResourceW
GetFileType
LoadResource
MultiByteToWideChar
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
FreeLibrary
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
CreateThread
ResumeThread
lstrlenW
GetOEMCP
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
WideCharToMultiByte
InterlockedExchange
GetStringTypeW
Sleep
InitializeCriticalSection
EncodePointer
DecodePointer
ExitThread
CloseHandle
LoadLibraryA
user32
LoadImageW
SetWindowPos
MapWindowPoints
UnregisterClassA
GetClientRect
GetParent
EndPaint
BeginPaint
FillRect
ValidateRect
GetSysColor
InvalidateRect
SetWindowTextW
wsprintfW
DialogBoxParamW
GetMenu
EnableMenuItem
PostQuitMessage
GetActiveWindow
SetMenu
LoadMenuW
GetWindowRect
GetSystemMetrics
SendMessageW
IsDialogMessageW
SetWindowLongW
CreateDialogParamW
DestroyWindow
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
CharNextW
EndDialog
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
gdi32
SetTextAlign
ExtTextOutW
SetTextColor
SetBkMode
SetBkColor
GetCurrentObject
GetTextExtentPoint32W
SelectObject
CreateFontW
DeleteObject
advapi32
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
ole32
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize
oleaut32
VarUI4FromStr
comctl32
InitCommonControlsEx
Sections
.text Size: 128KB - Virtual size: 128KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rmnet Size: 56KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE