2024-04-24_dfd0bb3b158bab0d204349768cf68f40_mafia_ramnit

General

Target

2024-04-24_dfd0bb3b158bab0d204349768cf68f40_mafia_ramnit
Size

16.5MB
MD5

dfd0bb3b158bab0d204349768cf68f40
SHA1

1b5a685ea2ff8351222ca33f23d24e5050ff080a
SHA256

12fab34d5863c2ac49e0dead2e3c230269838241d984bf68b7c6dc700f5761bc
SHA512

3e54cf2e30beb267b8d17e5136fee75cccf140c442b40189ca181922ea910c80a5c25ee9879ddcded9f6c58c092f686912c8d91860af815901ac0bef68c03ec9
SSDEEP

196608:iIcRGBfW1GBfW1pVG1qfoIZIcXJyHFNikXikWiki:iIBWCW0QfoIZIc5y7tXtWti

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-24_dfd0bb3b158bab0d204349768cf68f40_mafia_ramnit

Files

2024-04-24_dfd0bb3b158bab0d204349768cf68f40_mafia_ramnit
.exe windows:4 windows x86 arch:x86

60efa693a19725b0dd128cb84a9a313f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA

kernel32

SearchPathA
GetModuleFileNameA
GetModuleHandleA
lstrcatA
ShowConsoleCursor
GetFileSize
Sleep
RemoveDirectoryA
lstrlenA
GetShortPathNameA
CopyFileA
lstrcpynA
lstrcpyA
GetUserDefaultUILanguage
MoveFileA
GetFullPathNameA
SetFileAttributesA
lstrcatW
CreateTimerQueue
WaitForSingleObjectEx
SetEnvironmentVariableW
SetLocalTime
FlushConsoleInputBuffer
GetCurrentConsoleFont
WaitForMultipleObjects
QueryPerformanceCounter
ExitProcess
GetConsoleCP
LocalReAlloc
WaitCommEvent
IsDBCSLeadByteEx
GetSystemTimeAsFileTime
SetThreadAffinityMask
GetModuleHandleA
CreateTimerQueueTimer
GetCurrentThreadId
GlobalMemoryStatus
SetConsolePalette
ClearCommError

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

user32

SendDlgItemMessageA
ShowWindow
CreateWindowExA
GetDlgItemTextA
SetWindowTextA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60efa693a19725b0dd128cb84a9a313f

Headers

File Characteristics

Imports

advapi32

kernel32

version

user32

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 7KB - Virtual size: 35KB

.rsrc Size: 2KB - Virtual size: 2KB

.rdata Size: 83KB - Virtual size: 103KB

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 7KB - Virtual size: 35KB

.rsrc
Size: 2KB - Virtual size: 2KB

.rdata
Size: 83KB - Virtual size: 103KB