D:\workspace\YHKJ\新框架项目\NationEcCodeUpdater\Updater_Bin\Release\NationEcCodeUpdater.pdb
Static task
static1
Behavioral task
behavioral1
Sample
2024-08-28_af69d9e79bf454cd88d63d3545a16ddc_mafia_ramnit.exe
Resource
win7-20240705-en
General
-
Target
2024-08-28_af69d9e79bf454cd88d63d3545a16ddc_mafia_ramnit
-
Size
3.6MB
-
MD5
af69d9e79bf454cd88d63d3545a16ddc
-
SHA1
49183aa43ea492f8d75928f8fdbacfb9ebbd202d
-
SHA256
d84b4c56a7ea8a408355fc0da8cfea328f9adee2b6cdd860ef45f61094f82df9
-
SHA512
23bd34307c73a7d23261570fcc582877b14d0b26dbb2688395438795847384806a13820eab83c24e002f6f85dbb7a27cfec8c4c89c2d9c74dd92fa4e3c9059be
-
SSDEEP
98304:sYU9jxBZmhcjN+/Kj/yHzX7LcmbuT20DJ9Z4UFGivYzLEQHlLJabCnnrEA5VGHiO:sYqYhcjWLcdT2xIGivYzLEILJabCnaya
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-08-28_af69d9e79bf454cd88d63d3545a16ddc_mafia_ramnit
Files
-
2024-08-28_af69d9e79bf454cd88d63d3545a16ddc_mafia_ramnit.exe windows:5 windows x86 arch:x86
0b3770c8921a99024ad0071203a967c5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
CompareStringW
WriteConsoleW
GetCurrentDirectoryW
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
SetConsoleCtrlHandler
SetHandleCount
GetConsoleMode
GetConsoleCP
LCMapStringW
GetDriveTypeW
SetConsoleMode
ReadConsoleInputA
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
ExpandEnvironmentStringsA
PeekNamedPipe
SleepEx
DosDateTimeToFileTime
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
IsValidCodePage
HeapCreate
GetLocaleInfoW
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
GetSystemInfo
VirtualAlloc
RaiseException
ExitThread
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapReAlloc
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathA
GetProfileIntA
GetNumberFormatA
GetWindowsDirectoryA
GetFileTime
GetFileSizeEx
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
GetTempPathA
GetTempFileNameA
SetErrorMode
GetOEMCP
GetCPInfo
SystemTimeToFileTime
GetACP
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiA
GetThreadLocale
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetSystemDirectoryW
GetCurrentDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
FindNextFileA
FindClose
GlobalGetAtomNameA
GlobalFindAtomA
GetVersionExA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalSize
FormatMessageA
LocalFree
lstrlenW
GlobalUnlock
GlobalAddAtomA
ResumeThread
SetThreadPriority
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
CompareStringA
ActivateActCtx
DeactivateActCtx
SetLastError
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleW
InterlockedExchange
GetFileAttributesA
WritePrivateProfileStringA
SetFileAttributesA
TerminateProcess
OpenProcess
GetTickCount
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualQuery
lstrlenA
CreateMutexA
GetLocalTime
GetModuleFileNameA
FreeLibrary
CopyFileA
GetShortPathNameA
SetUnhandledExceptionFilter
CreateDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
MoveFileExA
WaitForMultipleObjects
GetLastError
DeleteFileA
CloseHandle
WaitForSingleObject
Sleep
LoadLibraryA
EnterCriticalSection
MultiByteToWideChar
MulDiv
ExitProcess
FreeResource
FindResourceA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CreateThread
GetProcAddress
lstrcpyA
GetModuleHandleA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
user32
SetRect
IsRectEmpty
CopyAcceleratorTableA
OffsetRect
KillTimer
RealChildWindowFromPoint
GetSysColorBrush
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
WaitMessage
ReleaseCapture
LoadCursorW
WindowFromPoint
SetCapture
IsDialogMessageA
CheckDlgButton
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
RedrawWindow
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
CallWindowProcA
GetMenu
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
CopyRect
UnhookWindowsHookEx
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
InvalidateRgn
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
SetActiveWindow
CreateDialogIndirectParamA
GetDlgItem
GetNextDlgTabItem
EndDialog
InvalidateRect
UpdateWindow
FillRect
DrawStateA
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterWindowMessageA
SetWindowContextHelpId
SetParent
DestroyAcceleratorTable
SetClassLongA
DrawIconEx
DrawEdge
MapDialogRect
GetMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
GetWindowRgn
DestroyWindow
DefWindowProcA
CreateWindowExA
RegisterClassExA
LoadCursorA
IsWindow
PostMessageA
MoveWindow
MapWindowPoints
SetFocus
GetNextDlgGroupItem
MessageBeep
DestroyIcon
CharUpperA
LoadMenuW
NotifyWinEvent
GetAsyncKeyState
UnionRect
EnableScrollBar
UpdateLayeredWindow
MonitorFromPoint
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
CharNextA
IntersectRect
GetFocus
GetKeyState
GetCaretBlinkTime
PtInRect
GetSysColor
ClientToScreen
SetCursor
SetCaretPos
GetCaretPos
UnregisterClassA
CopyImage
TranslateAcceleratorA
BringWindowToTop
InsertMenuItemA
LoadAcceleratorsA
GetDC
LoadImageA
SetWindowTextA
LoadIconA
GetCursorPos
SetForegroundWindow
CreatePopupMenu
AppendMenuA
TrackPopupMenu
PostQuitMessage
SetTimer
GetProcessWindowStation
GetUserObjectInformationW
GetGUIThreadInfo
CharPrevA
DrawFrameControl
wvsprintfA
SetWindowPos
ShowWindow
LoadIconW
GetSystemMenu
SendMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
EnableWindow
SetWindowLongA
GetWindowLongA
MessageBoxA
ScreenToClient
GetWindowRect
SetWindowRgn
GetMonitorInfoA
MonitorFromWindow
IsZoomed
GetParent
GetWindow
GetDesktopWindow
CreateCaret
ShowCaret
HideCaret
DestroyCursor
SubtractRect
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
GetKeyNameTextA
PostThreadMessageA
CharUpperBuffA
CopyIcon
FrameRect
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetIconInfo
InvertRect
RegisterClipboardFormatA
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
GetClassNameA
DrawFocusRect
gdi32
GetLayout
SetLayout
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
GetTextExtentPoint32A
CreateDIBitmap
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetTextColor
SetTextAlign
SetRectRgn
LineTo
GetMapMode
PatBlt
DPtoLP
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
RoundRect
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceA
SetPixelV
GetRgnBox
MoveToEx
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
CreateSolidBrush
CreateBitmap
PtInRegion
CreateRectRgn
DeleteDC
SelectObject
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectA
GetStockObject
CreatePenIndirect
GetCharABCWidthsA
GetDeviceCaps
GetObjectA
DeleteObject
CombineRgn
SetBkColor
CreateRoundRectRgn
msimg32
AlphaBlend
TransparentBlt
comdlg32
GetFileTitleA
winspool.drv
OpenPrinterA
DocumentPropertiesA
ClosePrinter
advapi32
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegEnumValueA
RegOpenKeyExA
RegEnumKeyExA
shell32
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder
SHGetMalloc
SHAppBarMessage
DragQueryFileA
DragFinish
Shell_NotifyIconA
SHBrowseForFolderA
comctl32
InitCommonControlsEx
ImageList_GetIconSize
_TrackMouseEvent
ord17
shlwapi
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFileExistsA
PathRemoveFileSpecW
ole32
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoRegisterMessageFilter
CoRevokeClassObject
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleCreateMenuDescriptor
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitialize
OleDestroyMenuDescriptor
oleaut32
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
OleCreateFontIndirect
VariantCopy
SysAllocStringByteLen
SysStringLen
VariantInit
VariantChangeType
SysFreeString
SysAllocStringLen
VarBstrFromDate
VariantClear
oledlg
ord8
gdiplus
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCloneBrush
GdipGetFamily
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImage
GdipDrawString
GdipGraphicsClear
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipImageSelectActiveFrame
ws2_32
ioctlsocket
listen
accept
shutdown
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSACleanup
inet_ntoa
gethostbyname
gethostname
WSAStartup
wldap32
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
netapi32
Netbios
oleacc
CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject
imm32
ImmGetOpenStatus
ImmGetContext
ImmReleaseContext
winmm
PlaySoundA
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 616KB - Virtual size: 615KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 67KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 248KB - Virtual size: 248KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rmnet Size: 56KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE