2024-11-18_4a836e3e0b5335f5f5ff95dbc9c0e725_mafia_ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-18_4a836e3e0b5335f5f5ff95dbc9c0e725_mafia_ramnit
Size

386KB
MD5

4a836e3e0b5335f5f5ff95dbc9c0e725
SHA1

8da017453494417c54c25cb361e973f0e0302956
SHA256

e634d790bcb9cf00820223a6782a171aceea378ffbdf7896d55664c70e9030b2
SHA512

af16f038c8ff25d7b2b0a8a6fd5cc90350f0d35585b7fe382c617856e110f9b6ed3a0f27993fb6308eeaf60172615e05cd30df34c7e67162eea72bfaee9d472c
SSDEEP

6144:LGiuvY3oDJfaqaWRzAmJ5N3UMf3VYjnrQ6O6agZCPUgidwvRC4Kmn3:LGiuvY3+fv9NAmZ3UMtYQ69ZNPUnfn3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-11-18_4a836e3e0b5335f5f5ff95dbc9c0e725_mafia_ramnit

Files

2024-11-18_4a836e3e0b5335f5f5ff95dbc9c0e725_mafia_ramnit
.exe windows:5 windows x86 arch:x86

bd3aa531077596c0a43a731ca840c793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BarTender\Main\bin\Release-Win32\SysInfo.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FileTimeToSystemTime
GetSystemTime
FindFirstFileW
FindNextFileW
CreateProcessW
WaitForSingleObject
GetTempPathW
GetLastError
CloseHandle
GetComputerNameW
Sleep
TerminateProcess
GetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
FileTimeToLocalFileTime
GetTimeZoneInformation
CompareFileTime
SetEndOfFile
SetStdHandle
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapSize
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
SystemTimeToFileTime
GetNativeSystemInfo
WriteConsoleW
CompareStringW
GetProcessHeap
GetDriveTypeW
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FindClose
SetEnvironmentVariableA
FindFirstFileExW
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleW
ExitProcess
GetCommandLineW
HeapSetInformation
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetFullPathNameW
GetFileInformationByHandle
PeekNamedPipe
GetFileType
CreateFileW
GetCurrentDirectoryW
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetLocaleInfoW
FreeEnvironmentStringsW

winspool.drv

ClosePrinter
GetPrinterDriverW
OpenPrinterW
GetPrinterW
EnumPrintersW

advapi32

RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyW
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bd3aa531077596c0a43a731ca840c793

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

winspool.drv

advapi32

shell32

Sections

.text Size: 151KB - Virtual size: 151KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 10KB - Virtual size: 10KB

.text Size: 180KB - Virtual size: 180KB

.text
Size: 151KB - Virtual size: 151KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 180KB - Virtual size: 180KB