ramnit | e142a1e51ce0e8d28fd852683b65688dcc97a6b705e8adc799d5af0bdefefecf[.]bin | Triage

Sharing

General

Target

e142a1e51ce0e8d28fd852683b65688dcc97a6b705e8adc799d5af0bdefefecf.bin
Size

216KB
MD5

118962ea993c489f14c068235b1a8397
SHA1

0f6e1c3388f65c6f483b15e6a35b8acdf0a93de6
SHA256

e142a1e51ce0e8d28fd852683b65688dcc97a6b705e8adc799d5af0bdefefecf
SHA512

8ebc8268f53f87698a2685ccc8d6233043f9f405abbe0dcba039c19f7862f37fbcced43a674dbccc97cadec44b0e10e0aa2dd06dd726751b81177762f642435b
SSDEEP

3072:GtSqS6SbEjAr+Y1/5G6yC2Yb6CyH6wap4EWHUW1:GtRmbEjAr+K/5mC2dH6wpL

Score

10^/10

ramnit

Malware Config

Signatures

Ramnit family
ramnit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e142a1e51ce0e8d28fd852683b65688dcc97a6b705e8adc799d5af0bdefefecf.bin

Files

e142a1e51ce0e8d28fd852683b65688dcc97a6b705e8adc799d5af0bdefefecf.bin
.exe windows:4 windows x86 arch:x86

Password: InfectedSample!@#

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_ApplyExploit@4
_CheckBypassed@0

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE