2025-02-27_8f55ce9352a6fb03e3d87f8ed1ffaa7f_dharma_ramnit | Triage

Sharing

General

Target

2025-02-27_8f55ce9352a6fb03e3d87f8ed1ffaa7f_dharma_ramnit
Size

200KB
MD5

8f55ce9352a6fb03e3d87f8ed1ffaa7f
SHA1

1c5d21857b4329fee9257d8608134b2f94ea149c
SHA256

590d3c67a0d4bdcfdabdc579ba3ef3e035144c7b422af7d083d30f6f53ce7cc4
SHA512

3d2dfa038b24aa2e4bfdcef334fbe03679a9c56fcbc47267fb4dd4e2cdbd6906c2711c82573399ee7a91932ac5cec998b9053ffdd68ae61f8f4802d0d48c4b6e
SSDEEP

6144:yw+E6shLjgYIz+X303peGbfUTpYDDmu/+3fbY:ycjgLzs0sG+pG/YY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-02-27_8f55ce9352a6fb03e3d87f8ed1ffaa7f_dharma_ramnit

Files

2025-02-27_8f55ce9352a6fb03e3d87f8ed1ffaa7f_dharma_ramnit
.exe windows:5 windows x86 arch:x86

f86dec4a80961955a89e7ed62046cc0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\crysis\Release\PDB\payload.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetLastError
EnterCriticalSection
ReleaseMutex
CloseHandle

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE