2025-01-09_ccb9978edf3b36a12999895f72400491_bkransomware_ramnit

Sharing

Copy URL

Twitter E-mail

General

Target

2025-01-09_ccb9978edf3b36a12999895f72400491_bkransomware_ramnit
Size

4.2MB
MD5

ccb9978edf3b36a12999895f72400491
SHA1

15b5371c6908a845bf7a20ae3b29821892e9bf49
SHA256

fa4fd395f37da0940f08d5966ba6e3af1c570985d91f6cd93018a04452d9fdc8
SHA512

90b746fcb2b06e2fa0c48a76713d17ce98379153883997294d96a2d36c484614ca0329d89836ea9dc54154e34ede3a8f81c0fd7493c814e15795109769ed0878
SSDEEP

98304:LBBIoHkSDVaAYwohLvhTyYfECLacrR4LVos4KBNfzmh19mvgX6JcdCkoLcvTPruS:hHkSubTNac94LVos4KBNfzmh19mvgX6D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-01-09_ccb9978edf3b36a12999895f72400491_bkransomware_ramnit

Files

2025-01-09_ccb9978edf3b36a12999895f72400491_bkransomware_ramnit
.exe windows:5 windows x86 arch:x86

c811416c5d106b60af8f6a9adc9cbf51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

quartz

AMGetErrorTextW

msdmo

DMOEnum
MoFreeMediaType
DMOUnregister

kernel32

CompareStringW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
LocalFileTimeToFileTime
SetErrorMode
GetCurrentDirectoryW
GetWindowsDirectoryW
GetProfileIntW
VirtualProtect
FindResourceExW
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
VirtualQuery
SetStdHandle
GetFileType
RtlUnwind
ExitThread
ExitProcess
GetModuleHandleExW
HeapQueryInformation
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
LCMapStringW
ReadConsoleW
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
LocalReAlloc
GlobalHandle
InterlockedPopEntrySList
InitializeSListHead
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalFlags
FindNextFileW
GlobalGetAtomNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ReplaceFileW
SetFileTime
GetFileTime
CompareStringA
ResumeThread
lstrcmpA
VerifyVersionInfoW
VerSetConditionMask
GetThreadLocale
GetStringTypeExW
MoveFileW
lstrcmpiW
GetVolumeInformationW
GetShortPathNameW
FindFirstFileW
FindClose
CopyFileW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
GetModuleHandleA
FreeResource
SetThreadPriority
GetCurrentThread
GetThreadPriority
InterlockedExchange
VirtualFree
VirtualAlloc
ReleaseSemaphore
WaitForMultipleObjects
DuplicateHandle
CreateEventW
ResetEvent
LoadLibraryExA
GlobalReAlloc
GetTempFileNameW
GetExitCodeProcess
GetVersion
LocalAlloc
SearchPathW
lstrcatW
GetLocaleInfoW
DecodePointer
IsWow64Process
OpenProcess
CreateThread
FreeConsole
GetStdHandle
AllocConsole
lstrcmpW
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentThreadId
RaiseException
InterlockedDecrement
InterlockedIncrement
lstrcpyW
lstrlenW
SetEvent
GetFileSizeEx
SetFilePointerEx
GetVolumePathNameW
QueryPerformanceFrequency
GetLocalTime
SetLastError
SetDllDirectoryW
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
VirtualQueryEx
GlobalFree
GlobalSize
GlobalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleW
GetModuleFileNameW
lstrcpynW
MulDiv
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetCurrentProcessId
DeleteFileW
CloseHandle
GetVersionExA
OutputDebugStringA
DeleteCriticalSection
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
InterlockedPushEntrySList

user32

GetIconInfo
GetSystemMenu
GetAsyncKeyState
DrawIconEx
DrawFrameControl
DrawEdge
DrawStateW
CopyImage
RealChildWindowFromPoint
NotifyWinEvent
UnionRect
DestroyCursor
ShowOwnedPopups
ReuseDDElParam
UnpackDDElParam
LoadImageW
DestroyIcon
InsertMenuItemW
BringWindowToTop
LoadAcceleratorsW
SetWindowContextHelpId
RegisterClipboardFormatW
PostQuitMessage
IsIconic
DestroyMenu
DrawIcon
GetMessageW
WindowFromPoint
SetRectEmpty
GetSysColorBrush
SetLayeredWindowAttributes
InflateRect
SetWindowRgn
CharUpperW
SendDlgItemMessageA
RemoveMenu
AppendMenuW
GetMenuState
GetMenuStringW
GetWindowThreadProcessId
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
ShowWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
ToUnicodeEx
ScrollWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
GetClassInfoW
RegisterClassW
GetMessageTime
GetMessagePos
MapVirtualKeyW
GetKeyNameTextW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
PostThreadMessageW
GetQueueStatus
PeekMessageW
MsgWaitForMultipleObjects
TrackMouseEvent
MapWindowPoints
DispatchMessageW
TranslateMessage
DrawFocusRect
ValidateRect
ShowCursor
SetCursor
MessageBoxW
CreateDialogParamW
SetForegroundWindow
LoadIconW
MapDialogRect
LoadMenuW
EnableMenuItem
SetMenuItemInfoW
EnableWindow
SendMessageW
GetWindowRect
GetClientRect
CopyRect
LoadBitmapW
GetSystemMetrics
TranslateAcceleratorW
GetActiveWindow
GetMenuItemInfoW
MonitorFromWindow
PostMessageW
SetActiveWindow
EnumDisplayMonitors
SystemParametersInfoW
IsWindowVisible
MonitorFromRect
EqualRect
GetMonitorInfoW
MonitorFromPoint
UpdateWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
GetKeyboardLayout
GetKeyboardState
CopyAcceleratorTableW
SetCursorPos
SetParent
LockWindowUpdate
SetClassLongW
GetNextDlgGroupItem
GetTabbedTextExtentW
CreateMenu
EnableScrollBar
HideCaret
InvertRect
IsClipboardFormatAvailable
GetDoubleClickTime
CopyIcon
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
GetClassNameW
GetSysColor
CharNextW
SetMenuDefaultItem
IsMenu
CharUpperBuffW
UpdateLayeredWindow
GetWindowRgn
GetComboBoxInfo
WaitMessage
SubtractRect
GetUpdateRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
FrameRect
SetScrollPos
SetWindowPos
RedrawWindow
IsWindow
InvalidateRect
GetCursorPos
SetRect
SetTimer
KillTimer
GetKeyState
MessageBeep
PtInRect
OffsetRect
CreatePopupMenu
ClientToScreen
InsertMenuW
ModifyMenuW
GetMenuItemCount
SetCapture
ReleaseCapture
IntersectRect
IsRectEmpty
GetDC
ReleaseDC
IsZoomed
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetSubMenu
DeleteMenu
GetMenuItemID
UnregisterClassW
RegisterClassExW
LoadCursorW
DefWindowProcW
SetWindowLongW
GetWindowLongW
DestroyAcceleratorTable
GetDesktopWindow
CallWindowProcW
InvalidateRgn
FillRect
MoveWindow
ScreenToClient
GetParent
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
GetMenuDefaultItem

gdi32

Escape
ExcludeClipRect
GetClipBox
GetCurrentPositionEx
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
StartDocW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgn
CreateDCW
CreateRoundRectRgn
CreateDIBitmap
CreateFontIndirectW
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
CreateEllipticRgn
Ellipse
DPtoLP
LPtoDP
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetViewportOrgEx
GetCharWidthW
StretchDIBits
GetBkColor
GetTextColor
CombineRgn
GetMapMode
SetRectRgn
RealizePalette
StretchBlt
SetDIBColorTable
CreatePolygonRgn
Polyline
GetRgnBox
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetWindowOrgEx
GetTextFaceW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
OffsetRgn
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
SetPixelV
CreatePatternBrush
CreatePen
CreateHatchBrush
SetTextColor
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
CreateSolidBrush
SelectObject
GetStockObject
GetObjectW
DeleteObject
CreateBitmap
BitBlt
PatBlt
CreateCompatibleBitmap
SetPixel
GetPixel
Rectangle
Polygon
GetTextExtentPoint32W
GetDeviceCaps
DeleteDC
CreateFontW
CreateCompatibleDC
CopyMetaFileW
EnumFontFamiliesExW

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW

advapi32

CheckTokenMembership
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueW
SetFileSecurityW
GetFileSecurityW
RegSetValueW
FreeSid
RegCloseKey
AllocateAndInitializeSid
RegEnumKeyW
RegDeleteKeyW
RegOverridePredefKey
RegCreateKeyW
RegDeleteValueW

shell32

SHChangeNotify
DragAcceptFiles
DragQueryPoint
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
SHAddToRecentDocs
SHGetFileInfoW
ExtractIconW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
ShellExecuteW

comctl32

ImageList_AddMasked
ImageList_DragLeave
ImageList_EndDrag
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragMove
InitCommonControlsEx
ImageList_DragShowNolock

shlwapi

PathCanonicalizeW
PathAddExtensionW
PathFindFileNameW
PathIsRelativeW
PathRemoveFileSpecW
SHDeleteKeyW
PathRemoveExtensionW
PathRenameExtensionW
StrToIntW
PathStripPathW
SHRegGetPathW
StrToInt64ExW
StrToIntExW
SHCreateStreamOnFileW
PathIsUNCW
PathStripToRootW
SHStrDupW
StrFormatKBSizeW
PathFindExtensionW
PathFileExistsW

psapi

GetModuleFileNameExW

uxtheme

GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
GetThemeColor
DrawThemeText
IsAppThemed
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData

ole32

StgCreateDocfile
StgOpenStorage
StgIsStorageFile
MkParseDisplayName
CreateBindCtx
CreateStreamOnHGlobal
CreateItemMoniker
GetRunningObjectTable
StringFromCLSID
CLSIDFromString
CoTaskMemFree
CoGetMalloc
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
CoLoadLibrary
CoTaskMemAlloc
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
OleInitialize
CoInitializeEx
CoRegisterClassObject
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
OleDuplicateData
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoDisconnectObject
PropVariantClear
CoCreateGuid
CoCreateInstance

oleaut32

OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysAllocStringLen
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VarBstrCmp
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VariantCopy
VarBstrFromDate
SysFreeString
LoadTypeLibEx

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdiplusShutdown
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdiplusStartup
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipSaveImageToFile

xmllite

CreateXmlReader

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

gethostbyname
inet_ntoa
gethostname

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

timeKillEvent
timeBeginPeriod
timeEndPeriod
PlaySoundW
timeSetEvent
timeGetTime

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 849KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c811416c5d106b60af8f6a9adc9cbf51

Headers

DLL Characteristics

File Characteristics

Imports

quartz

msdmo

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

psapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

xmllite

version

ws2_32

oleacc

imm32

winmm

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 849KB - Virtual size: 848KB

.data Size: 77KB - Virtual size: 122KB

.rsrc Size: 271KB - Virtual size: 271KB

.reloc Size: 224KB - Virtual size: 224KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 849KB - Virtual size: 848KB

.data
Size: 77KB - Virtual size: 122KB

.rsrc
Size: 271KB - Virtual size: 271KB

.reloc
Size: 224KB - Virtual size: 224KB

.rmnet
Size: 56KB - Virtual size: 60KB