Static task
static1
Behavioral task
behavioral1
Sample
2024-12-17_1bf0a60720a09bfdf356a3eb5b0c95a9_mafia_ramnit.exe
Resource
win7-20240903-en
General
-
Target
2024-12-17_1bf0a60720a09bfdf356a3eb5b0c95a9_mafia_ramnit
-
Size
1.9MB
-
MD5
1bf0a60720a09bfdf356a3eb5b0c95a9
-
SHA1
564de3219a8eeb69ba95aa6d07ca538760c0a1f6
-
SHA256
005a72a59dd81fe582da4130b66eb67b9fea0fb07927e7eb1b542adb52d9a1ed
-
SHA512
a9ff4d48224a5b46b61e4b38b1c4368821cba26a3e803e1444d766ef2950cdb94c9daff4eaf51eca2e56d1639ffe7699e20876c8d2d9f92b89a772406244bce2
-
SSDEEP
49152:+yelftAATRDqoe2Q4tGS7yFoHJKfJrachXsTN8vpclTxlUUkXcnfeQMGh:ylftA0Dq72Q4tGS7yFcerachXZBaTxld
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-12-17_1bf0a60720a09bfdf356a3eb5b0c95a9_mafia_ramnit
Files
-
2024-12-17_1bf0a60720a09bfdf356a3eb5b0c95a9_mafia_ramnit.exe windows:5 windows x86 arch:x86
aca55a42bbd90dd82be7d19852a1b5d0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FindResourceA
GetFileAttributesExA
GetFullPathNameA
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetTempFileNameA
GetTempPathA
GetACP
GetCPInfo
GetOEMCP
InitializeCriticalSectionAndSpinCount
GetTickCount
GetProfileIntA
Sleep
SearchPathA
GetWindowsDirectoryA
GetNumberFormatA
VirtualProtect
GetUserDefaultLCID
FindResourceExW
RaiseException
RtlUnwind
EncodePointer
DecodePointer
HeapSetInformation
HeapAlloc
HeapFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
ExitThread
CreateThread
HeapQueryInformation
HeapSize
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsValidCodePage
LCMapStringW
IsProcessorFeaturePresent
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoW
HeapCreate
QueryPerformanceCounter
GetLocaleInfoW
GetStringTypeW
CompareStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
FreeResource
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
lstrcmpiA
GlobalAddAtomA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetVersionExA
lstrcpyA
DeleteFileA
LoadLibraryW
GlobalFlags
GetCurrentDirectoryA
ResumeThread
SetThreadPriority
FileTimeToSystemTime
GlobalGetAtomNameA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
ReleaseActCtx
CreateActCtxW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
CompareStringA
ActivateActCtx
LoadLibraryA
DeactivateActCtx
InterlockedExchange
lstrcmpA
GetModuleHandleW
GetProcAddress
FreeLibrary
SetErrorMode
GetModuleFileNameA
CreateEventA
GetLastError
SetLastError
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MultiByteToWideChar
MulDiv
lstrlenA
GlobalFindAtomA
lstrcmpW
LockFile
GetCommandLineA
GetModuleHandleA
K32EnumProcesses
WaitForSingleObject
TerminateProcess
OpenProcess
K32EnumProcessModulesEx
K32GetModuleBaseNameA
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentProcess
CloseHandle
FileTimeToLocalFileTime
SetEvent
user32
LoadAcceleratorsA
LoadImageA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UnionRect
EnableScrollBar
UpdateLayeredWindow
IsMenu
CreateMenu
PostThreadMessageA
WaitMessage
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetMenuDefaultItem
OpenClipboard
CopyImage
SetClipboardData
CloseClipboard
EmptyClipboard
LoadImageW
RegisterClipboardFormatA
CopyIcon
CharUpperBuffA
GetDoubleClickTime
GetIconInfo
IsCharLowerA
GetKeyNameTextA
MapVirtualKeyExA
SubtractRect
InvertRect
HideCaret
GetNextDlgGroupItem
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
GetSystemMenu
LoadMenuW
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
RedrawWindow
SetWindowRgn
IsZoomed
IsIconic
OffsetRect
IsRectEmpty
DestroyMenu
GetMenuItemInfoA
RegisterWindowMessageA
LoadIconA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
InsertMenuItemA
GetMenu
IntersectRect
InflateRect
SetWindowPos
ShowWindow
MoveWindow
SetWindowLongA
IsWindow
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
CharUpperA
DestroyIcon
GetClassInfoA
DefWindowProcA
MapWindowPoints
GetClientRect
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoA
GetMonitorInfoA
SetRectEmpty
CopyRect
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetDesktopWindow
RealChildWindowFromPoint
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
DeleteMenu
ShowOwnedPopups
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetWindowTextLengthA
GetWindowTextA
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
PostMessageA
SendMessageTimeoutA
FindWindowA
TranslateAcceleratorA
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
PostQuitMessage
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyAcceleratorTableA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateA
MessageBeep
ReleaseCapture
CallWindowProcA
SetCapture
LoadIconW
advapi32
RegEnumKeyExA
RegDeleteValueA
RegEnumValueA
RegSetValueExA
RegEnumKeyA
RegQueryValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
msimg32
TransparentBlt
AlphaBlend
comctl32
ImageList_GetIconSize
shlwapi
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
gdiplus
GdipFree
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipAlloc
oleacc
AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject
imm32
ImmReleaseContext
ImmGetContext
ImmGetOpenStatus
winmm
PlaySoundA
gdi32
SetPolyFillMode
SetBkMode
SetBkColor
CreateCompatibleDC
GetStockObject
CopyMetaFileA
CreateDCA
SetROP2
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetObjectA
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
SelectPalette
GetObjectType
OffsetViewportOrgEx
SetViewportExtEx
CreatePen
CreateBitmap
CreateHatchBrush
RestoreDC
CreateFontIndirectA
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
SetRectRgn
CombineRgn
PatBlt
DPtoLP
GetTextExtentPoint32A
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
OffsetRgn
GetRgnBox
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExA
GetTextFaceA
SetPixelV
CreateDIBitmap
SaveDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
CreateSolidBrush
GetDeviceCaps
ScaleViewportExtEx
winspool.drv
ClosePrinter
DocumentPropertiesA
OpenPrinterA
comdlg32
GetFileTitleA
shell32
SHGetSpecialFolderLocation
SHGetFileInfoA
DragFinish
DragQueryFileA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetDesktopFolder
ShellExecuteA
SHAppBarMessage
ole32
OleGetClipboard
CoLockObjectExternal
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
CoInitializeEx
DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitialize
CoUninitialize
CoCreateInstance
RegisterDragDrop
ReleaseStgMedium
CoTaskMemFree
RevokeDragDrop
oleaut32
SysStringLen
VariantClear
VariantChangeType
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
VariantInit
SysAllocString
SysFreeString
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 261KB - Virtual size: 261KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 161KB - Virtual size: 161KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 357KB - Virtual size: 360KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE