API tools faq
paste
MalwareBreakdown

Static properties of Ramnit sample

MalwareBreakdown
Aug 21st, 2017
11,029
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.39 KB | None | 0 0
raw download clone embed print report
  1. Short information
  2. ------------------------------------------------------------
  3. File Name 20etyh0j.exe
  4. File Size 355840 byte
  5. Compile Time 2017-08-21 07:33:00
  6. DLL False
  7. Sections 6
  8. Hash MD5 1434bf543d01649e15f8c104630c9331
  9. Hash SHA-1 5810bba44999cf8b7ca9a672f61cfceded8a95e2
  10. Imphash 4cb4666d64e85218df03f899472bde6c
  11. ssdeep 6144:pAOWNuZ4rgsTJ5gW7sVxdSCUshGOuGacgFeTqkuyJlzZr:pEvrn118eshGBCgFeTqkuyJDr
  12. Detected Packer, Anti Debug
  13. Directory Import, Resource, Debug, TLS
  14.  
  15. Packer matched [2]
  16. ------------------------------------------------------------
  17. Packer Microsoft Visual C++ 8
  18. Packer VC8 -> Microsoft Corporation
  19.  
  20. Anti Debug discovered [4]
  21. ------------------------------------------------------------
  22. Function GetLastError
  23. Function IsDebuggerPresent
  24. Function TerminateProcess
  25. Function UnhandledExceptionFilter
  26.  
  27. Suspicious API discovered [22]
  28. ------------------------------------------------------------
  29. Function CloseHandle
  30. Function CreateFileW
  31. Function ExitProcess
  32. Function FindFirstFileExA
  33. Function FindNextFileA
  34. Function GetCommandLineA
  35. Function GetCommandLineW
  36. Function GetCurrentProcess
  37. Function GetCurrentProcessId
  38. Function GetModuleFileNameA
  39. Function GetModuleHandleExW
  40. Function GetModuleHandleW
  41. Function GetProcAddress
  42. Function GetStartupInfoW
  43. Function GetTickCount
  44. Function IsDebuggerPresent
  45. Function LoadLibraryExW
  46. Function LoadLibraryW
  47. Function SetFilePointerEx
  48. Function TerminateProcess
  49. Function UnhandledExceptionFilter
  50. Function WriteFile
  51.  
  52. Suspicious Sections discovered [2]
  53. ------------------------------------------------------------
  54. Section .tls
  55. Hash MD5 1f354d76203061bfdd5a53dae48d5435
  56. Hash SHA-1 aa0d33a0c854e073439067876e932688b65cb6a9
  57. Section .rsrc
  58. Hash MD5 60fbefacdbdfb69270d11310cff7a556
  59. Hash SHA-1 cd99f7778fbcb3b33385e7acdefda9cd859431c0
  60.  
  61. File name discovered [3]
  62. ------------------------------------------------------------
  63. Library KERNEL32.dll
  64. Library USER32.dll
  65. Library WINHTTP.dll
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!