2024-12-28_97b6e4b6822ea362918b206709dbc1f0_mafia_ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-28_97b6e4b6822ea362918b206709dbc1f0_mafia_ramnit
Size

475KB
MD5

97b6e4b6822ea362918b206709dbc1f0
SHA1

13893c0843868e1955c9257740d2d5630046fd71
SHA256

a15208b831ae32566f259844d82abc3a500b2a2c002b9b2e74e749c0db4d78b1
SHA512

d8f2fbe1a62486b22146307214425bd6a34790101d54e17fd4b6ae96e746cd9730d1435e1513b143c1aa64073bdd952c88b09601da20d5a81573223284a930b2
SSDEEP

12288:DQt0D52k1e7rtT1n+mMJOE9vWN0VTTbM/M:qW1e9TRN8OEc0H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-12-28_97b6e4b6822ea362918b206709dbc1f0_mafia_ramnit

Files

2024-12-28_97b6e4b6822ea362918b206709dbc1f0_mafia_ramnit
.exe windows:5 windows x86 arch:x86

5a40ae136f11af4840918cf45d0873ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\Documents\Visual Studio 2010\Projects\server-side-bot\Release\server-side-bot.pdb

Imports

winhttp

WinHttpWriteData
WinHttpReceiveResponse
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpCrackUrl

user32

wsprintfW
GetSystemMetrics
wsprintfA

dnsapi

DnsQuery_A
DnsFree

ws2_32

gethostbyname
gethostname
WSAStartup
WSACleanup
inet_addr
htons
socket
connect
send
closesocket
htonl
recv
__WSAFDIsSet
select
listen
bind
accept
WSAGetLastError
shutdown
ioctlsocket
sendto

urlmon

ObtainUserAgentString

advapi32

StartServiceW
RegisterServiceCtrlHandlerW
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenServiceW
CreateServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
SetServiceStatus

iphlpapi

GetAdaptersInfo
GetBestInterface
SendARP

shell32

ShellExecuteExW
SHChangeNotify
ord680

ole32

CoUninitialize
CoCreateGuid
CoInitialize

shlwapi

StrCatW
StrStrIW

kernel32

HeapSize
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapCreate
GetCurrentThreadId
GetACP
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
LCMapStringW
WideCharToMultiByte
GetCPInfo
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
TlsFree
LoadLibraryW
CompareStringW
HeapReAlloc
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
DeleteCriticalSection
DecodePointer
EncodePointer
InterlockedDecrement
CloseHandle
WaitForSingleObject
CreateProcessW
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
GetModuleHandleW
lstrcatW
GetEnvironmentVariableW
ExitProcess
WriteFile
CreateFileW
MoveFileW
lstrcpyW
GetModuleFileNameW
Sleep
LoadLibraryA
SetThreadContext
ReadProcessMemory
GetThreadContext
VirtualProtect
ResumeThread
InitializeCriticalSection
FreeLibrary
LeaveCriticalSection
GetModuleHandleExW
EnterCriticalSection
GetTickCount
IsBadReadPtr
CreateThread
TerminateThread
ExitThread
VirtualFree
MultiByteToWideChar
VirtualAlloc
SetLastError
OutputDebugStringA
GetLastError
IsBadCodePtr
GetCurrentProcess
GetSystemDirectoryW
DeleteFileW
CreateMutexW
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetShortPathNameW
CopyFileW
GetWindowsDirectoryW
CreateEventW
SetEvent
VirtualProtectEx
HeapAlloc
GetProcessHeap
HeapFree
InterlockedIncrement
LockResource
LoadResource
SizeofResource
FindResourceW
GetTempFileNameW
GetTempPathW
GlobalMemoryStatusEx
GetProcessAffinityMask
GetSystemInfo
GetVersionExW
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime

Exports

Exports

CfgGetBotVersion
CfgGetCurrentDomain
CfgGetCurrentPort
CfgReadConfigBinary
CfgReadConfigInteger
CfgReadConfigString
CfgWriteConfigBinary
CfgWriteConfigInteger
CfgWriteConfigString
NetGetStringFromServer
NetGetStringFromServerSpecifyLocation
NetSendDataToServer
NetSendStringToServer
RtlParseString

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

johfcvn
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a40ae136f11af4840918cf45d0873ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

user32

dnsapi

ws2_32

urlmon

advapi32

iphlpapi

shell32

ole32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 218KB - Virtual size: 218KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 40KB - Virtual size: 41KB

johfcvn Size: - Virtual size: 4KB

.text Size: 162KB - Virtual size: 164KB

.text
Size: 218KB - Virtual size: 218KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 40KB - Virtual size: 41KB

johfcvn
Size: - Virtual size: 4KB

.text
Size: 162KB - Virtual size: 164KB