2024-04-16_437d4408ce1d5ecaaf4ff691dd32dc3d_mafia_ramnit

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_437d4408ce1d5ecaaf4ff691dd32dc3d_mafia_ramnit
Size

1.8MB
MD5

437d4408ce1d5ecaaf4ff691dd32dc3d
SHA1

8af994cc22b8c44c3c400cde69b5ff5e216edfcb
SHA256

aed83657d4df50e43bf9a8a4800447598457ee3ff0ca2aa427e25580d4f8997b
SHA512

536293cf3d76b6578d7e97a42bbe33bb2b1c62e05844cc6383faf60c9ff40482e07017491aa1440d7beb1788eacbb0a9e096c3d0cd3ef1d346d5e8f86a053397
SSDEEP

49152:iypadAFecyug5UvkaPtiUKyIF14YYq0+hTCnRdLhIlV47zNjKnA:iyoA8cpg5UvNfKF14YYq1hTCnRa47zNO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-16_437d4408ce1d5ecaaf4ff691dd32dc3d_mafia_ramnit

Files

2024-04-16_437d4408ce1d5ecaaf4ff691dd32dc3d_mafia_ramnit
.exe windows:5 windows x86 arch:x86

222d62f8a9e3752d453cec3405017d7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
IsValidLocale
GetConsoleMode
CreateFileW
EnumSystemLocalesA
GetConsoleCP
GetTimeZoneInformation
CompareStringW
LCMapStringW
GetStringTypeW
IsValidCodePage
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetStdHandle
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
CreateThread
ExitThread
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
ExitProcess
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
DecodePointer
EncodePointer
HeapFree
GetSystemTimeAsFileTime
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathA
Sleep
GetProfileIntA
InitializeCriticalSectionAndSpinCount
GetNumberFormatA
GetWindowsDirectoryA
GetTickCount
GetTempPathA
GetTempFileNameA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesExA
SetErrorMode
GetOEMCP
GetCPInfo
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
lstrcmpiA
FileTimeToSystemTime
GetACP
GetThreadLocale
lstrcpyA
DeleteFileA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetCurrentDirectoryA
GlobalGetAtomNameA
GlobalFindAtomA
GetVersionExA
LoadLibraryW
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalAddAtomA
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
GetCurrentProcessId
GlobalUnlock
GetPrivateProfileIntA
lstrlenA
GetModuleHandleA
FindResourceA
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
ActivateActCtx
GetLastError
DeactivateActCtx
SetLastError
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleW
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
GetPrivateProfileStringA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
SetEnvironmentVariableA
GetLocalTime

user32

GetAsyncKeyState
NotifyWinEvent
RedrawWindow
SetWindowRgn
LoadMenuW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IntersectRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
OffsetRect
CharNextA
GetSysColorBrush
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
WaitMessage
ReleaseCapture
LoadCursorA
LoadCursorW
WindowFromPoint
SetCapture
LoadIconA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowTextLengthA
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItemTextA
CreateMenu
IsZoomed
CheckDlgButton
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
CopyRect
GetClassNameA
InvalidateRect
UpdateWindow
DrawStateA
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowsHookExA
UnhookWindowsHookEx
GetCursorPos
CallNextHookEx
GetFocus
PtInRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
TranslateMDISysAccel
DrawMenuBar
RemoveMenu
GetWindowThreadProcessId
SetClipboardData
LoadIconW
GetSystemMenu
AppendMenuA
SendMessageA
GetLastActivePopup
MessageBoxA
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
GetWindow
SetWindowContextHelpId
CharUpperA
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
GetWindowRgn
DestroyCursor
SubtractRect
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageA
EnableWindow
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
GetWindowRect
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
DefMDIChildProcA
DefFrameProcA
GetKeyNameTextA
PostThreadMessageA
CharUpperBuffA
CopyIcon
FrameRect
LoadImageW
EmptyClipboard
CloseClipboard
IsMenu
OpenClipboard
CopyImage
GetIconInfo
HideCaret
InvertRect
RegisterClipboardFormatA
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongA
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadImageA
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
UnregisterClassA
DestroyIcon
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu

gdi32

SelectClipRgn
CreateRectRgn
GetObjectA
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectA
GetTextExtentPoint32A
CreateDIBitmap
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
DeleteObject
CombineRgn
GetMapMode
PatBlt
DPtoLP
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceA
SetPixelV
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
SetRectRgn
GetDeviceCaps
CopyMetaFileA

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCloseKey
RegEnumValueA

shell32

DragQueryFileA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHAppBarMessage
ShellExecuteA
SHGetDesktopFolder
DragFinish
SHGetFileInfoA

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

ole32

OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CoCreateInstance
CoUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
CoRevokeClassObject
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CreateILockBytesOnHGlobal
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysStringLen
VarBstrFromDate
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
SysAllocStringLen

oledlg

ord8

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

222d62f8a9e3752d453cec3405017d7e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 282KB - Virtual size: 281KB

.data Size: 26KB - Virtual size: 55KB

.rsrc Size: 81KB - Virtual size: 80KB

.reloc Size: 171KB - Virtual size: 170KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 282KB - Virtual size: 281KB

.data
Size: 26KB - Virtual size: 55KB

.rsrc
Size: 81KB - Virtual size: 80KB

.reloc
Size: 171KB - Virtual size: 170KB

.rmnet
Size: 56KB - Virtual size: 60KB