ramnit | 8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8

Sharing

Copy URL

Twitter E-mail

General

Target

8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8
Size

95KB
MD5

38098115b28513e9953ac978b324aeea
SHA1

73271e4c7e37fbb2493ed03f6269ca9dddda8070
SHA256

8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8
SHA512

20d56dc6bad1a8899efbc7293c4cc825fae1d40ce0734a8af3971418729b17c0e0cdb4af7fee10ea5efcf648a5268b5d3d3212c61ed18a31c11d5e0d8563b4a8
SSDEEP

1536:NkGwueOJxhi6loej9cX8VAU0EgB2AW6dY5pZn4nDx2W6:umivAq7186a4nDxI

Score

10^/10

ramnit

Malware Config

Signatures

Ramnit family
ramnit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8

Files

8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8
.dll windows:4 windows x86 arch:x86

d7ba6bc6b6c26383001c0b3cc4ef9d26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDriveTypeA
GetEnvironmentVariableA
GetFileSize
GetLastError
GetLocaleInfoA
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetOverlappedResult
GetPrivateProfileStringA
GetProcAddress
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalReAlloc
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
LockFileEx
MapViewOfFile
GetCurrentProcessId
OpenMutexA
OpenProcess
PeekNamedPipe
Process32First
Process32Next
ReadFile
ReadFileEx
ReleaseMutex
ResetEvent
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetNamedPipeHandleState
Sleep
TerminateProcess
TryEnterCriticalSection
UnlockFileEx
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteFile
WriteFileEx
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpyW
lstrcpynA
lstrlenA
lstrlenW
GetCurrentProcess
GetComputerNameA
FindNextFileA
FindFirstFileA
FindClose
ExpandEnvironmentStringsA
ExitProcess
EnterCriticalSection
DisconnectNamedPipe
DeleteFileA
DeviceIoControl
DeleteCriticalSection
CreateToolhelp32Snapshot
CreateThread
CreateProcessA
CreateNamedPipeA
CreateMutexA
CreateFileW
CreateFileMappingA
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
ConnectNamedPipe
MultiByteToWideChar
CloseHandle

ws2_32

recv
listen
select
inet_addr
htons
send
socket
getsockname
getpeername
gethostbyname
connect
closesocket
bind
accept
__WSAFDIsSet
WSAStartup
WSAGetLastError
WSACleanup
ioctlsocket

user32

ReleaseDC
GetDesktopWindow
LoadCursorA
DrawTextA
DrawIcon
CharUpperBuffW
wsprintfA
GetWindowRect
GetWindowDC
ExitWindowsEx
GetIconInfo

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
GetUserNameA

shell32

ShellExecuteA

gdi32

CreateCompatibleDC
DeleteDC
DeleteObject
GdiFlush
SelectObject
SetBkColor
SetStretchBltMode
SetTextColor
StretchBlt
CreateDIBSection

ole32

CreateStreamOnHGlobal

Exports

Exports

_CryptoCheckSignMessage@24

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7ba6bc6b6c26383001c0b3cc4ef9d26

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

advapi32

shell32

gdi32

ole32

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 5KB - Virtual size: 10KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 10KB

.reloc
Size: 2KB - Virtual size: 1KB