2024-05-21_071f5252ff02fdea1f4516c2c5484904_bkransomware_ramnit

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-21_071f5252ff02fdea1f4516c2c5484904_bkransomware_ramnit
Size

3.2MB
MD5

071f5252ff02fdea1f4516c2c5484904
SHA1

c5115c6feb327fa7d83463f6c56c1d586f4dee20
SHA256

67b488bcc767acad42f559f279c243048a8699d077a9983e46dee3f19c08ff7d
SHA512

35af14e74109f8386c5397c4af9cd62ec729a4e1d5c7263721d82dc334288afd3891e369a4d6c1e49e906891815e1af34f29f8735dc976ea4b3d83c253436600
SSDEEP

98304:9wUPeZtmGYvOnPdUwYjQQERhfFLOAkGkzdnEVomFHKnPw:98RDV0QQERNFLOyomFHKnP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-21_071f5252ff02fdea1f4516c2c5484904_bkransomware_ramnit

Files

2024-05-21_071f5252ff02fdea1f4516c2c5484904_bkransomware_ramnit
.exe windows:5 windows x86 arch:x86

527f92561af6d803422ca86f74a2cb5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WindowsDrive\XINYE POS Printer Driver\SetupDriverPOS\Release\POS Printer Driver V7.17.pdb

Imports

kernel32

GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetEnvironmentStringsW
LCMapStringW
OutputDebugStringW
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
QueryPerformanceCounter
GetStdHandle
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsValidCodePage
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapQueryInformation
GetModuleHandleExW
ExitProcess
ExitThread
WideCharToMultiByte
CreateThread
VirtualQuery
VirtualAlloc
RtlUnwind
GetCommandLineA
IsProcessorFeaturePresent
GetStringTypeW
FindResourceExW
SearchPathA
GetProfileIntA
VirtualProtect
GetTempFileNameA
GetTempPathA
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
SetErrorMode
GetWindowsDirectoryA
GetVolumeInformationA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
FlushFileBuffers
FindFirstFileA
FindClose
GetFileSize
IsDebuggerPresent
FreeEnvironmentStringsW
GetFileAttributesA
VerifyVersionInfoA
lstrcpyA
VerSetConditionMask
GetCPInfo
GetOEMCP
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetThreadLocale
FileTimeToSystemTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFlags
GetACP
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
WaitForSingleObject
SetEvent
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
GetCurrentProcessId
MultiByteToWideChar
MulDiv
GlobalSize
GlobalAlloc
FindResourceA
LoadLibraryW
GlobalFree
GlobalUnlock
GlobalLock
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeResource
SetLastError
DeleteCriticalSection
DecodePointer
EnterCriticalSection
HeapSize
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetLocalTime
LocalFree
GetLastError
FormatMessageA
CopyFileA
DeleteFileA
GetVersionExA
GetNativeSystemInfo
GetSystemInfo
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
GetCurrentDirectoryA
Sleep
OutputDebugStringA
GetUserDefaultUILanguage
FindResourceW
LoadResource
LockResource
SizeofResource

user32

UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
UpdateLayeredWindow
GetUpdateRect
SetClassLongA
DestroyAcceleratorTable
ModifyMenuA
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
LockWindowUpdate
CreatePopupMenu
BringWindowToTop
UnionRect
SetCursorPos
NotifyWinEvent
LoadMenuW
GetAsyncKeyState
CharUpperA
IsZoomed
TrackMouseEvent
LoadImageW
LoadImageA
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MonitorFromPoint
SetParent
EnumDisplayMonitors
SetRectEmpty
SetLayeredWindowAttributes
MessageBeep
GetNextDlgGroupItem
SetRect
InvalidateRgn
CopyAcceleratorTableA
CharNextA
DeleteMenu
LoadCursorW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
CopyImage
IntersectRect
LoadCursorA
RealChildWindowFromPoint
MapVirtualKeyA
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
InvalidateRect
SetCursor
ShowOwnedPopups
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawStateA
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
GetCursorPos
TranslateMessage
GetMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
SetWindowsHookExA
GetTopWindow
GetClassNameA
GetClassLongA
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
PostMessageA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
UnhookWindowsHookEx
IsDialogMessageA
SetWindowLongA
GetFocus
GetDlgCtrlID
SendDlgItemMessageA
CheckDlgButton
SetWindowPos
GetWindowRgn
DestroyCursor
CreateMenu
MoveWindow
ShowWindow
GetWindow
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
SetFocus
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxA
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
InvertRect
HideCaret
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
MapVirtualKeyExA
IsCharLowerA
PostThreadMessageA
IsClipboardFormatAvailable
FrameRect
BeginPaint
ReleaseDC
CharUpperBuffA
SubtractRect
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
RegisterClipboardFormatA
SetMenuItemBitmaps
ReuseDDElParam
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
GetParent
GetDesktopWindow
GetWindowLongA
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
IsWindow
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
AppendMenuA
GetSystemMenu
LoadIconW
UnregisterClassA
EnableWindow
FindWindowExA
FindWindowA
SetWindowTextA
KillTimer
SetTimer
SendMessageA
LoadBitmapW
CopyRect
GetKeyNameTextA

gdi32

TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32A
PatBlt
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsA
CreateFontIndirectA
GetMapMode
SetRectRgn
DPtoLP
GetRgnBox
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
MoveToEx
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceA
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SetPolyFillMode
SetTextAlign
SetTextColor
OffsetRgn
CreateFontA
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
GetDeviceCaps
CopyMetaFileA
CreateSolidBrush
DeleteDC
EndDoc
EndPage
BitBlt
StartPage
StartDocA
CreateDCA
CreateCompatibleDC
GetObjectA
SetROP2

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesA
ord202
GetPrinterDriverDirectoryA
OpenPrinterA
ClosePrinter
AddPrinterA
EnumPrintersA
AddPrinterDriverA

advapi32

RegDeleteValueA
RegEnumKeyExA
RegQueryValueA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyA
RegCloseKey
RegEnumValueA

shell32

ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
DragFinish
DragQueryFileA
SHGetSpecialFolderLocation
SHAppBarMessage
SHGetFileInfoA
SHGetDesktopFolder
SHBrowseForFolderA

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
PathIsUNCA

uxtheme

GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeParentBackground
DrawThemeText
IsAppThemed
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
OpenThemeData
CloseThemeData

ole32

CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
OleDuplicateData
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject
CoInitializeEx
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
ReleaseStgMedium
OleFlushClipboard

oleaut32

SysFreeString
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen

oledlg

ord8

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

527f92561af6d803422ca86f74a2cb5a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

version

setupapi

oleacc

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 25KB - Virtual size: 60KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 121KB - Virtual size: 120KB

.rmnet Size: 54KB - Virtual size: 56KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 25KB - Virtual size: 60KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 121KB - Virtual size: 120KB

.rmnet
Size: 54KB - Virtual size: 56KB