ramnit | 7zFMmgr[.]exe | Triage

Sharing

General

Target

7zFMmgr.exe
Size

142KB
MD5

303f491b9fc879064b210cb0b865d178
SHA1

5cbdc35fb45bd3fb5ac62950ec22443a4179203c
SHA256

15f7fb2edc9b34e0da2fc658df38d8aea52664f6be1510dba4636dc13f466f86
SHA512

96c076c5027998281c408c1314e67f14c0150ec01173a400bf42e482866744d7e6f58cc7bf9748124c3a652753020f4606b170b61f1e722f8d4f74bff65fee24
SSDEEP

3072:3jnAcMbIWiyr7pjvTooBFEbWwIUclTBft3+oT:zAcCIWiyr7JHn17lTBl3+o

Score

10^/10

ramnit

Malware Config

Signatures

Ramnit family
ramnit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7zFMmgr.exe

Files

7zFMmgr.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE