2024-05-16_d8c04370476ded07d23eae020fedbe99_mafia_ramnit

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-16_d8c04370476ded07d23eae020fedbe99_mafia_ramnit
Size

3.8MB
MD5

d8c04370476ded07d23eae020fedbe99
SHA1

72e4bf28dcfea418adc9b27a6349bccc9bd727d5
SHA256

a11d47eb2a4a97de6047006c2f41080ab9c84700ac545b6fc1b2d289bf9327ba
SHA512

af88caf7284266e6fc8d005b6785b73843688a9de859c24af1390159cfa7c12b782e80747f168bf5726ac445f0216d7b6b31d0fb28245d64e7ef483233b4d5e7
SSDEEP

98304:gcp6uwLrxzKZ9JChDVf+qQTewP+WcaHwD/MbUvKQjZ/W1gYzEd8Ho3N0hzjkAp3f:gcp6uwLrxzKZ9JChDVf+qQTewP+WcaH5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-16_d8c04370476ded07d23eae020fedbe99_mafia_ramnit

Files

2024-05-16_d8c04370476ded07d23eae020fedbe99_mafia_ramnit
.exe windows:5 windows x86 arch:x86

0cedaae59131fcfba6e156eec8b3db96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\ff4\Builds\jam_debug\ff4_vs_release_o_off.pdb

Imports

openal32

alcMakeContextCurrent
alcGetContextsDevice
alcGetError
alcDestroyContext
alcGetCurrentContext
alcOpenDevice
alcCreateContext
alcCloseDevice
alSourcei
alGetSourcef
alGetError
alSourcefv
alSourceQueueBuffers
alGetSourcei
alBufferData
alSourcePause
alGetBufferi
alGetBufferiv
alDeleteSources
alSourceStop
alGenBuffers
alSourcePlay
alSourcef
alGenSources
alSourceUnqueueBuffers
alDeleteBuffers

kernel32

DeleteFileA
HeapReAlloc
CreateDirectoryA
HeapAlloc
HeapFree
MultiByteToWideChar
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
FindFirstFileA
FindClose
FindNextFileA
GetCommandLineW
CreateFileA
SetUnhandledExceptionFilter
GetCurrentProcess
WaitForSingleObject
SetCurrentDirectoryA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
GetCurrentThreadId
ReleaseMutex
CloseHandle
GetCurrentProcessId
LocalFree
GetSystemTime
Sleep
SetThreadPriority
SetThreadAffinityMask
QueryPerformanceCounter
GetTickCount
GetSystemInfo
QueryPerformanceFrequency
GetVersionExA
GetFullPathNameA
InitializeCriticalSection
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetPriorityClass
GetCurrentThread
GetPriorityClass
lstrcmpiA
GlobalMemoryStatusEx
GetThreadPriority
GetTempPathA
ExitProcess
lstrlenA
GetModuleHandleExA
FreeLibrary
FormatMessageA
VirtualQuery
VirtualFree
GetSystemTimeAsFileTime
VirtualAlloc
VirtualProtect
SetFilePointer
WriteFile
ReadFile
CreateFileW
DebugBreak
OutputDebugStringA
SetEndOfFile
WriteConsoleW
SetStdHandle
CompareStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetExitCodeProcess
CreatePipe
GetFileAttributesA
GetTimeZoneInformation
SetCurrentDirectoryW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetStringTypeW
LoadLibraryW
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
FatalAppExitA
InitializeCriticalSectionAndSpinCount
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
HeapSize
GetCPInfo
LCMapStringW
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
MoveFileA
GetModuleHandleW
ExitThread
ResumeThread
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
SetEnvironmentVariableA
FindFirstFileExA
GetCurrentDirectoryA
GetTimeFormatA
GetDriveTypeW
SetLastError
GetProcessHeap
DuplicateHandle
CreateProcessA
GetDateFormatA

user32

EndPaint
SetCursor
GetUserObjectInformationA
ScreenToClient
MonitorFromPoint
PostQuitMessage
EnumDisplaySettingsA
OpenInputDesktop
CloseDesktop
BeginPaint
GetMonitorInfoA
ShowCursor
GetKeyboardState
GetForegroundWindow
GetKeyboardLayout
GetAsyncKeyState
InvalidateRect
SetClassLongA
DefWindowProcA
GetCursorPos
GetCursor
GetSystemMetrics
LoadImageA
LoadKeyboardLayoutA
LoadCursorA
SetWindowTextW
ToUnicode
EnumDisplayDevicesA
ChangeDisplaySettingsA
ActivateKeyboardLayout
RegisterClassA
GetWindowRect
LoadIconA
SendMessageA
TranslateMessage
SetRect
SetWindowLongA
GetWindowLongA
PeekMessageA
GetDesktopWindow
SetWindowPos
DispatchMessageA
AdjustWindowRectEx
ValidateRect
ShowWindow
MessageBoxW
UpdateWindow
SetForegroundWindow
wsprintfA
FindWindowW
MessageBoxA
CreateWindowExA

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectA
GetStockObject
SwapBuffers
BitBlt

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

GetUserNameA

shell32

ShellExecuteA
CommandLineToArgvW

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 715KB - Virtual size: 715KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0cedaae59131fcfba6e156eec8b3db96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

openal32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 715KB - Virtual size: 715KB

.data Size: 50KB - Virtual size: 443KB

.rsrc Size: 138KB - Virtual size: 138KB

.reloc Size: 123KB - Virtual size: 123KB

.text Size: 108KB - Virtual size: 108KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 715KB - Virtual size: 715KB

.data
Size: 50KB - Virtual size: 443KB

.rsrc
Size: 138KB - Virtual size: 138KB

.reloc
Size: 123KB - Virtual size: 123KB

.text
Size: 108KB - Virtual size: 108KB