Behavioral task
behavioral1
Sample
aedf792eb9cbd91013e5e1904cc1e3e8338c779d0e110593d864e29281d59f19.dll
Resource
win7-20240508-en
General
-
Target
aedf792eb9cbd91013e5e1904cc1e3e8338c779d0e110593d864e29281d59f19
-
Size
38KB
-
MD5
9d5db017dde79b957a9c7c639a470b6c
-
SHA1
9b8c9c762068bd8ec650f806bb80bc2c042a5303
-
SHA256
aedf792eb9cbd91013e5e1904cc1e3e8338c779d0e110593d864e29281d59f19
-
SHA512
cbf93f004b9274a4330089f14f37ad41eb8b5a2113cd142ba4c74dc004cc0082b2580de088d06d813289ab1cf8346a198e97cc78d5ec6909fb34760485132e61
-
SSDEEP
768:Bs+/gMsLIn/wIj2labk+1IsceGSnkmJ0Yblr583CJrVV7IhXUWe6m2sgQVV:WD8w22laSR0V+3CJrV6XOzJg
Malware Config
Signatures
-
Ramnit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource aedf792eb9cbd91013e5e1904cc1e3e8338c779d0e110593d864e29281d59f19
Files
-
aedf792eb9cbd91013e5e1904cc1e3e8338c779d0e110593d864e29281d59f19.dll .vbs windows:4 windows x86 arch:x86 polyglot
2e9f172ab7f5de80401af8d766cf3803
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
GetDiskFreeSpaceExA
GetDriveTypeA
GetFileSize
GetLastError
GetLocaleInfoA
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
CreateProcessA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
ReadFile
ReleaseMutex
SetEndOfFile
SetErrorMode
SetFileAttributesA
SetFilePointer
SetThreadPriority
Sleep
TryEnterCriticalSection
UnmapViewOfFile
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
CreateMutexA
CreateFileMappingA
CreateFileA
CreateDirectoryA
GlobalReAlloc
CloseHandle
ws2_32
htons
inet_addr
ioctlsocket
listen
getsockname
select
send
connect
getpeername
recv
gethostbyname
bind
accept
__WSAFDIsSet
WSAStartup
WSAGetLastError
WSACleanup
socket
closesocket
user32
wsprintfA
MessageBoxA
advapi32
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
shell32
ShellExecuteA
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ