2024-12-28_c7935b7adb3e3a1f605c43f4a677c362_mafia_ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-28_c7935b7adb3e3a1f605c43f4a677c362_mafia_ramnit
Size

475KB
MD5

c7935b7adb3e3a1f605c43f4a677c362
SHA1

3a40eb380afb34d7fdd7b0d8c2af1d67cdc05091
SHA256

55102f91cee46c5717d73ddf7c5897247e9e92a15d89534463d8318661632281
SHA512

dd10b85a985071cfdee3cb64e2f69d17c66a2a29ea5cbadb60efbd2267eaf24f3cdd3f8dd7af16b5fcfbaaf07da69e308334f6e52dd0216209196535c6400f9d
SSDEEP

6144:b4QyDFmyRm0N2A5a5k10iI5nQartTn16fmui+domLBf0dJ5TTBZbspom7bXq:0Qt0D52k1e7rtT1n+dHN0VTTbM/6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-28_c7935b7adb3e3a1f605c43f4a677c362_mafia_ramnit

Files

2024-12-28_c7935b7adb3e3a1f605c43f4a677c362_mafia_ramnit
.exe windows:5 windows x86 arch:x86

5a40ae136f11af4840918cf45d0873ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\Documents\Visual Studio 2010\Projects\server-side-bot\Release\server-side-bot.pdb

Imports

winhttp

WinHttpWriteData
WinHttpReceiveResponse
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpCrackUrl

user32

wsprintfW
GetSystemMetrics
wsprintfA

dnsapi

DnsQuery_A
DnsFree

ws2_32

gethostbyname
gethostname
WSAStartup
WSACleanup
inet_addr
htons
socket
connect
send
closesocket
htonl
recv
__WSAFDIsSet
select
listen
bind
accept
WSAGetLastError
shutdown
ioctlsocket
sendto

urlmon

ObtainUserAgentString

advapi32

StartServiceW
RegisterServiceCtrlHandlerW
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenServiceW
CreateServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
SetServiceStatus

iphlpapi

GetAdaptersInfo
GetBestInterface
SendARP

shell32

ShellExecuteExW
SHChangeNotify
ord680

ole32

CoUninitialize
CoCreateGuid
CoInitialize

shlwapi

StrCatW
StrStrIW

kernel32

HeapSize
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapCreate
GetCurrentThreadId
GetACP
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
LCMapStringW
WideCharToMultiByte
GetCPInfo
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
TlsFree
LoadLibraryW
CompareStringW
HeapReAlloc
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
DeleteCriticalSection
DecodePointer
EncodePointer
InterlockedDecrement
CloseHandle
WaitForSingleObject
CreateProcessW
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
GetModuleHandleW
lstrcatW
GetEnvironmentVariableW
ExitProcess
WriteFile
CreateFileW
MoveFileW
lstrcpyW
GetModuleFileNameW
Sleep
LoadLibraryA
SetThreadContext
ReadProcessMemory
GetThreadContext
VirtualProtect
ResumeThread
InitializeCriticalSection
FreeLibrary
LeaveCriticalSection
GetModuleHandleExW
EnterCriticalSection
GetTickCount
IsBadReadPtr
CreateThread
TerminateThread
ExitThread
VirtualFree
MultiByteToWideChar
VirtualAlloc
SetLastError
OutputDebugStringA
GetLastError
IsBadCodePtr
GetCurrentProcess
GetSystemDirectoryW
DeleteFileW
CreateMutexW
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetShortPathNameW
CopyFileW
GetWindowsDirectoryW
CreateEventW
SetEvent
VirtualProtectEx
HeapAlloc
GetProcessHeap
HeapFree
InterlockedIncrement
LockResource
LoadResource
SizeofResource
FindResourceW
GetTempFileNameW
GetTempPathW
GlobalMemoryStatusEx
GetProcessAffinityMask
GetSystemInfo
GetVersionExW
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime

Exports

Exports

CfgGetBotVersion
CfgGetCurrentDomain
CfgGetCurrentPort
CfgReadConfigBinary
CfgReadConfigInteger
CfgReadConfigString
CfgWriteConfigBinary
CfgWriteConfigInteger
CfgWriteConfigString
NetGetStringFromServer
NetGetStringFromServerSpecifyLocation
NetSendDataToServer
NetSendStringToServer
RtlParseString

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qhcoghc
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a40ae136f11af4840918cf45d0873ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

user32

dnsapi

ws2_32

urlmon

advapi32

iphlpapi

shell32

ole32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 218KB - Virtual size: 218KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 40KB - Virtual size: 41KB

qhcoghc Size: - Virtual size: 4KB

.text Size: 162KB - Virtual size: 164KB

.text
Size: 218KB - Virtual size: 218KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 40KB - Virtual size: 41KB

qhcoghc
Size: - Virtual size: 4KB

.text
Size: 162KB - Virtual size: 164KB