2024-05-05_e139c100b57db872df72697104471c62_mafia_ramnit

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-05_e139c100b57db872df72697104471c62_mafia_ramnit
Size

1.7MB
MD5

e139c100b57db872df72697104471c62
SHA1

a78beeed1f2f6aa605bc093186a149745cd8c2d8
SHA256

025c58c34ae6e038d7feaa2b45151539a2d270ee1a3b6640c30edc76ca829e4c
SHA512

277dad0c9ac5cae2dd833454a3d7f76661d6aeb21d1201aed8d79261a5dbb6e12a34bb3afff41c2f057b8e1a77c4987ccf0f0b5c80b58049a827c3ec6a4655f7
SSDEEP

49152:fDhcPSxT5i8f84fSCSfXoLdx2HtdkweVQxre09I9OLn069Zq23c5QB:ePSxT5i8fptSf4L/ctdkweVQxROOLn0M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-05_e139c100b57db872df72697104471c62_mafia_ramnit

Files

2024-05-05_e139c100b57db872df72697104471c62_mafia_ramnit
.exe windows:5 windows x86 arch:x86

5f572786d449253c7b6c01cfcec94bba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\131111\Program\jwy_Qulcommm_download_firehose_8x10_8x26_8916_V1.2_20140704\Release\jwy_vc_qulcommm1.pdb

Imports

qmsl_msvc10r

QLIB_DIAG_NV_READ_F
QLIB_QPHONEMS_SwitchToEDL
QLIB_QPHONEMS_FireHosePower
QLIB_QPHONEMS_UploadEmmcImage_FireHose
QLIB_QPHONEMS_SetSendDataDelay_FireHose
QLIB_QPHONEMS_FireHoseConfigure
QLIB_QPHONEMS_FireHoseNOP
QLIB_QPHONEMS_FireHoseConfigureCallback
QLIB_QPHONEMS_ConnectServer_FireHose
QLIB_QPHONEMS_Sahara_FlashProgrammer
QLIB_QPHONEMS_SaharaConfigureCallback
QLIB_QPHONEMS_ConnectServer_Sahara
QLIB_SetTargetType
QLIB_DisconnectServer_FireHose
QLIB_DisconnectServer_Sahara
QLIB_DisconnectServer
QLIB_IsPhoneConnected
QLIB_ConnectServerWithWait
QLIB_SetLibraryMode

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces

kernel32

VirtualQuery
HeapReAlloc
ExitProcess
ExitThread
CreateThread
HeapQueryInformation
HeapSize
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsValidCodePage
LCMapStringW
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStringTypeW
CompareStringW
GetTimeZoneInformation
HeapFree
GetConsoleMode
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GetVersionExA
GetLastError
CreateFileA
CloseHandle
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
Sleep
GetLocalTime
CreateDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetSystemInfo
CreateEventA
WriteFile
WaitForSingleObject
ReadFile
lstrcmpW
MultiByteToWideChar
SetLastError
DeactivateActCtx
ActivateActCtx
LoadLibraryA
LoadLibraryW
CompareStringA
GetProcAddress
FreeLibrary
GetModuleHandleA
HeapAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
InitializeCriticalSectionAndSpinCount
GetTickCount
GetTempPathA
GetTempFileNameA
GetNumberFormatA
GetWindowsDirectoryA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GlobalDeleteAtom
VirtualAlloc
RaiseException
WritePrivateProfileStringA
RtlUnwind
GetFileAttributesExA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
SetErrorMode
lstrcpyA
GetCurrentDirectoryA
FileTimeToSystemTime
GetACP
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DeleteFileA
lstrcmpiA
GetThreadLocale
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetModuleHandleW
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
FormatMessageA
LocalFree
lstrlenW
GetCurrentProcessId
GetModuleFileNameA
GlobalLock
GlobalUnlock
MulDiv
lstrlenA
FindResourceA
FreeResource
GetCurrentThreadId
GetConsoleCP

user32

CloseClipboard
SetClipboardData
OpenClipboard
RegisterClipboardFormatA
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawEdge
SetClassLongA
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
DrawIconEx
LoadImageA
CopyImage
GetIconInfo
HideCaret
DrawFocusRect
InvertRect
UnregisterClassA
DestroyIcon
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
RedrawWindow
SetWindowRgn
GetSystemMenu
LoadMenuW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
OffsetRect
CharNextA
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
WaitMessage
ReleaseCapture
LoadCursorW
WindowFromPoint
SetCapture
LoadCursorA
GetSysColorBrush
RealChildWindowFromPoint
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
MapVirtualKeyA
GetKeyNameTextA
IntersectRect
InflateRect
DrawStateA
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
ValidateRect
GetCursorPos
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EmptyClipboard
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DrawMenuBar
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
LoadImageW
FrameRect
CopyIcon
CharUpperBuffA
GetWindowRgn
DestroyCursor
SubtractRect
GetDoubleClickTime
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
PostMessageA
GetSubMenu
GetUpdateRect
IsClipboardFormatAvailable
CreateMenu
EndDialog
TranslateMDISysAccel
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
GetWindow
UpdateWindow
KillTimer
SetTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
GetWindowRect
LoadIconW
SendMessageA
InvalidateRect
GetSysColor
EnableWindow
DefMDIChildProcA
DefFrameProcA
MapVirtualKeyExA
IsCharLowerA
FillRect
PostThreadMessageA
CharUpperA

gdi32

SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
GetObjectType
GetDeviceCaps
CreatePen
CreateHatchBrush
CopyMetaFileA
CreateDCA
CreateFontIndirectA
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
LineTo
DPtoLP
GetTextExtentPoint32A
CreateDIBitmap
CreateCompatibleBitmap
DeleteObject
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreateRoundRectRgn
CreateDIBSection
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
SetPixelV
GetTextFaceA
SetLayout
GetLayout
SetTextAlign
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
CreateFontA
GetTextMetricsA
CreateSolidBrush
MoveToEx

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyExA
RegCloseKey
RegQueryValueExA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueA
RegEnumKeyA

shell32

DragFinish
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoA
SHAppBarMessage
DragQueryFileA
SHBrowseForFolderA
ShellExecuteA

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

ole32

OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
CoGetClassObject
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
StgCreateDocfileOnILockBytes
CoTaskMemFree
RegisterDragDrop
OleGetClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
CoRevokeClassObject

oleaut32

SysAllocString
OleCreateFontIndirect
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

oledlg

ord8

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 191KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5f572786d449253c7b6c01cfcec94bba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qmsl_msvc10r

setupapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 273KB - Virtual size: 273KB

.data Size: 24KB - Virtual size: 53KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 191KB - Virtual size: 192KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 273KB - Virtual size: 273KB

.data
Size: 24KB - Virtual size: 53KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 191KB - Virtual size: 192KB

.rmnet
Size: 56KB - Virtual size: 60KB