2024-12-11_bdb49ef7be7155f04cbfd0fc4da33c08_mafia_ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-11_bdb49ef7be7155f04cbfd0fc4da33c08_mafia_ramnit
Size

4.3MB
MD5

bdb49ef7be7155f04cbfd0fc4da33c08
SHA1

5908c9f6f41a8f9c8187d96442947c0cec5cc504
SHA256

245b4df9ceafa31e854f40ce9836424d48a29f930b7d0783f928701138114756
SHA512

cabfe018729925919c2c1bb9259ab63f1aa3cf4abed0042f9afe7949e08a95ff1f208e845f9caf34f231c5b467a35cbdf3d76539706709a7d0f7d026697db676
SSDEEP

98304:Ed675opH8FnKhoIkrxLHCx9D0MEPrPTff4RSoj9ghi1RebMIg9Cbk/V8giirSeF:K810Wx2Xm7Tff4RSojDIg9Cbk/V88

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-11_bdb49ef7be7155f04cbfd0fc4da33c08_mafia_ramnit

Files

2024-12-11_bdb49ef7be7155f04cbfd0fc4da33c08_mafia_ramnit
.exe windows:5 windows x86 arch:x86

9a5df85a8c3da1c8f4956f299d28dfe9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\jyjeon\Desktop\SVN\Inspector\trunk\WinInspector8\Inspector8.0\Release\Ins8.pdb

Imports

kernel32

EnumSystemLocalesA
IsValidLocale
LCMapStringW
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetLocaleInfoA
GetDriveTypeW
WriteConsoleW
SetEnvironmentVariableA
GetOEMCP
GetACP
GetStringTypeW
GetTimeZoneInformation
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
HeapQueryInformation
HeapSize
ExitProcess
SizeofResource
GetFileType
SetStdHandle
HeapReAlloc
RaiseException
RtlUnwind
VirtualQuery
VirtualAlloc
HeapAlloc
HeapFree
CreateThread
ExitThread
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
GetNumberFormatW
VirtualProtect
SearchPathW
Sleep
GetTempPathW
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
TlsGetValue
GetCurrentDirectoryW
GetDiskFreeSpaceW
GetTempFileNameW
ReplaceFileW
GetUserDefaultLCID
lstrcpyW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringA
GlobalGetAtomNameW
GetProfileIntW
GetTickCount
GlobalReAlloc
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
ReleaseActCtx
CreateActCtxW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetFileTime
GetFileSizeEx
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
lstrlenA
lstrcmpA
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetThreadLocale
GetStringTypeExW
LocalAlloc
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcessId
ActivateActCtx
DeactivateActCtx
SetLastError
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
CopyFileW
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
WritePrivateProfileStringW
TerminateThread
GetExitCodeThread
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
FreeLibrary
LoadLibraryW
CreateMutexW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetWindowsDirectoryW
lstrcpynW
MoveFileW
DeleteFileW
WriteFile
OutputDebugStringW
CloseHandle
GetLastError
CreateFileW
GetFileAttributesW
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExW
WideCharToMultiByte
CreateDirectoryW
GetModuleFileNameW
MultiByteToWideChar
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
GetSystemInfo
FindResourceW
LoadResource
LockResource

user32

CopyAcceleratorTableW
SetCursorPos
UnregisterClassW
RealChildWindowFromPoint
CharNextW
SetLayeredWindowAttributes
EnumDisplayMonitors
DrawIconEx
DrawFocusRect
DrawEdge
CharUpperBuffW
UpdateLayeredWindow
EnableScrollBar
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
CopyImage
GetIconInfo
IsMenu
GetSystemMenu
DeleteMenu
DestroyAcceleratorTable
NotifyWinEvent
DrawIcon
IsClipboardFormatAvailable
SetClassLongW
GetUpdateRect
GetAsyncKeyState
UnionRect
ShowOwnedPopups
WaitMessage
PostThreadMessageW
DrawStateW
GetSysColorBrush
MonitorFromPoint
SetWindowContextHelpId
MapDialogRect
MessageBeep
PostQuitMessage
SystemParametersInfoW
GetMenuItemInfoW
WindowFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
DestroyMenu
DestroyIcon
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
IntersectRect
BringWindowToTop
TranslateAcceleratorW
SetParent
SetWindowRgn
IsZoomed
IsRectEmpty
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMessageW
TranslateMessage
ValidateRect
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ToUnicodeEx
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SendMessageW
EnableWindow
InvalidateRect
PostMessageW
GetClientRect
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
CharUpperW
GetDesktopWindow
MapVirtualKeyW
GetKeyNameTextW
CopyRect
GetWindowTextLengthW
GetWindowTextW
SetFocus
SetWindowPos
ShowWindow
MoveWindow
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
EnumChildWindows
InvalidateRgn
GetNextDlgGroupItem
SetMenuDefaultItem
GetMenuDefaultItem
FrameRect
CopyIcon
SubtractRect
DestroyCursor
GetDoubleClickTime
InvertRect
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItem
HideCaret
IsCharLowerW
CreateMenu
GetWindowRgn
ModifyMenuW
MapVirtualKeyExW
GetWindowRect
GetSysColor
GetSystemMetrics
LoadCursorW
GetParent
GetCursorPos
IsWindow
SetCursor
OffsetRect
SetRectEmpty
PtInRect
ClientToScreen
SetCapture
RedrawWindow
LockWindowUpdate
ReleaseCapture
InflateRect
ReleaseDC
DrawFrameControl
GetKeyState
SetTimer
KillTimer
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
LoadMenuW
RegisterClipboardFormatW
UpdateWindow
LoadBitmapW
ScreenToClient
SetRect
LoadImageW
IsIconic
GetWindowLongW
GetFocus
GetDC
FillRect
RemoveMenu
InsertMenuW
AppendMenuW
GetMenuStringW
GetMenuState
MessageBoxW
IsWindowEnabled
GetLastActivePopup
GetWindowThreadProcessId
GetWindow
CheckDlgButton

gdi32

GetMapMode
DPtoLP
GetTextExtentPoint32W
CreateRoundRectRgn
CreateEllipticRgn
LPtoDP
Ellipse
GetTextMetricsW
GetDIBits
RealizePalette
StretchBlt
SetPixel
CreatePolygonRgn
GetTextColor
Polyline
Polygon
Rectangle
RoundRect
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
OffsetRgn
GetRgnBox
ExtFloodFill
CreatePalette
GetPaletteEntries
CombineRgn
GetNearestPaletteIndex
GetSystemPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
SetViewportOrgEx
Escape
ExtTextOutW
CreateFontIndirectW
SetRectRgn
GetBkColor
CreateCompatibleBitmap
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
SetPaletteEntries
CreateSolidBrush
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
CreateRectRgnIndirect
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateDIBSection
GetObjectW
CreateCompatibleDC
SetDIBColorTable
DeleteDC
DeleteObject
PatBlt
SelectObject
OffsetViewportOrgEx

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

SetFileSecurityW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegSetValueW
RegCreateKeyExW
RegEnumValueW
GetFileSecurityW
RegOpenKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW

shell32

SHGetSpecialFolderLocation
DragAcceptFiles
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
DragFinish
DragQueryFileW
ExtractIconW
SHGetMalloc
ShellExecuteW
SHGetDesktopFolder
SHAddToRecentDocs
SHAppBarMessage

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Destroy
ImageList_DrawEx

shlwapi

UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW

ole32

CoTaskMemAlloc
StringFromCLSID
OleDuplicateData
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CreateStreamOnHGlobal
CoInitialize
ReleaseStgMedium
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoTaskMemFree

oleaut32

VariantChangeType
VariantInit
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
VariantCopy
SysAllocString
SafeArrayDestroy
VarBstrFromDate
SysStringLen
SysAllocStringByteLen
VariantClear
SysFreeString
SysAllocStringLen

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipDrawImageRectI
GdiplusStartup
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetSetFilePointer
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
DeleteUrlCacheEntryW
InternetGetConnectedState
InternetQueryDataAvailable

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 115KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a5df85a8c3da1c8f4956f299d28dfe9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

gdiplus

version

wininet

oleacc

imm32

winmm

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 412KB - Virtual size: 412KB

.data Size: 29KB - Virtual size: 63KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 208KB - Virtual size: 207KB

.text Size: 115KB - Virtual size: 116KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 412KB - Virtual size: 412KB

.data
Size: 29KB - Virtual size: 63KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 208KB - Virtual size: 207KB

.text
Size: 115KB - Virtual size: 116KB