2024-05-08_fd0dbc7909ccea8c76fb6ee9f37941f6_mafia_ramnit

General

Target

2024-05-08_fd0dbc7909ccea8c76fb6ee9f37941f6_mafia_ramnit
Size

10.5MB
MD5

fd0dbc7909ccea8c76fb6ee9f37941f6
SHA1

4d91037afea2a85ac97134b24f9a229c0663c612
SHA256

bc9ef261c71d9c5951bb241d8cd059c11c06d4e642d88078b73d72c843774ff2
SHA512

ea414d109be902d9c2dd041876952948afdc4e117478ce387e3f648e2de9ead7c97282490ba16600220ff506c83afaaea575732469bd5545b95439493fe0447c
SSDEEP

98304:3dYOXwnS4rVR5v77GBfWx77GBfW1p1zYuraz1qfFJYOXwnS4rV3YOXwnS4rVeUD3:iIcRGBfW1GBfW1pVG1qfoIZIcXFik3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-08_fd0dbc7909ccea8c76fb6ee9f37941f6_mafia_ramnit

Files

2024-05-08_fd0dbc7909ccea8c76fb6ee9f37941f6_mafia_ramnit
.exe windows:4 windows x86 arch:x86

60efa693a19725b0dd128cb84a9a313f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA

kernel32

SearchPathA
GetModuleFileNameA
GetModuleHandleA
lstrcatA
ShowConsoleCursor
GetFileSize
Sleep
RemoveDirectoryA
lstrlenA
GetShortPathNameA
CopyFileA
lstrcpynA
lstrcpyA
GetUserDefaultUILanguage
MoveFileA
GetFullPathNameA
SetFileAttributesA
lstrcatW
CreateTimerQueue
WaitForSingleObjectEx
SetEnvironmentVariableW
SetLocalTime
FlushConsoleInputBuffer
GetCurrentConsoleFont
WaitForMultipleObjects
QueryPerformanceCounter
ExitProcess
GetConsoleCP
LocalReAlloc
WaitCommEvent
IsDBCSLeadByteEx
GetSystemTimeAsFileTime
SetThreadAffinityMask
GetModuleHandleA
CreateTimerQueueTimer
GetCurrentThreadId
GlobalMemoryStatus
SetConsolePalette
ClearCommError

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

user32

SendDlgItemMessageA
ShowWindow
CreateWindowExA
GetDlgItemTextA
SetWindowTextA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60efa693a19725b0dd128cb84a9a313f

Headers

File Characteristics

Imports

advapi32

kernel32

version

user32

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 7KB - Virtual size: 35KB

.rsrc Size: 2KB - Virtual size: 2KB

.rdata Size: 83KB - Virtual size: 103KB

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 7KB - Virtual size: 35KB

.rsrc
Size: 2KB - Virtual size: 2KB

.rdata
Size: 83KB - Virtual size: 103KB