Ransomware[.]GangBang

Sharing

Copy URL

Twitter E-mail

General

Target

Ransomware.GangBang
Size

125KB
MD5

173ab5a59490ea2f66fe37c5e20e05b8
SHA1

ac091ce1281a16f9d7766a7853108c612f058c09
SHA256

2e434bd96b08293786cd010883adfeacce5a30f5743d89c5187f38966b2e5d21
SHA512

0e0d2480fb1bcef185a91d49eb49116dd0fc1837fe634d69451adbdfca00e157495590a59d14409073b0b8b5c96ff3a7f34a7f29976e8fa6cd5aa0b8eedeb05e
SSDEEP

3072:6Zwbr5Sc0Kr+rPRk8R7l8zWNWOe5WMZDqnSSpkvupMjsJHuMqfR1t0sPZlJEznwp:uwbYD7rPRE/OiZpvupMjsJHuVtxnEznQ

Score

1^/10

Malware Config

Signatures

Files

Ransomware.GangBang
.exe windows x86

d304e79034f5fbf7623eda468ccb7f1d

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:b3:62:ab:62:fd:13:00:6e:f7:72:69:67:67:50:4c
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22-01-2021 00:00

Not After

22-01-2022 23:59

Subject

CN=MASK CONSTRUCTION LIMITED,O=MASK CONSTRUCTION LIMITED,POSTALCODE=CM5 9JJ,STREET=204c High Street,L=Ongar,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:62:04:ce:82:11:f7:8d:10:ff:cb:5c:fe:df:6c:00:9f:78:05:fe
Signer

Actual PE Digest

0f:62:04:ce:82:11:f7:8d:10:ff:cb:5c:fe:df:6c:00:9f:78:05:fe

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=MASK CONSTRUCTION LIMITED,O=MASK CONSTRUCTION LIMITED,POSTALCODE=CM5 9JJ,STREET=204c High Street,L=Ongar,C=GB

24-02-2021 15:33
Valid: true

Chain 1

CN=MASK CONSTRUCTION LIMITED,O=MASK CONSTRUCTION LIMITED,POSTALCODE=CM5 9JJ,STREET=204c High Street,L=Ongar,C=GB

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
FindFirstFileW
GetFileSizeEx
SetLastError
FindNextFileW
WriteFile
FindClose
WaitForSingleObject
CreateFileW
Sleep
GetLastError
lstrcatW
CloseHandle
CreateThread
SetFilePointerEx
lstrcpyW
MoveFileW
GetDriveTypeW
GetCommandLineW
ExitProcess
HeapFree
CreateMutexA
GetFileAttributesW
GlobalAlloc
HeapAlloc
GetProcessHeap
LoadLibraryA
LoadLibraryW
GetProcAddress
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
GetCommandLineA
CompareStringW
LCMapStringW
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
DecodePointer

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d304e79034f5fbf7623eda468ccb7f1d

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

33:b3:62:ab:62:fd:13:00:6e:f7:72:69:67:67:50:4cCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0f:62:04:ce:82:11:f7:8d:10:ff:cb:5c:fe:df:6c:00:9f:78:05:feSigner

Signature Validations

Verification

24-02-2021 15:33 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 4KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

33:b3:62:ab:62:fd:13:00:6e:f7:72:69:67:67:50:4c
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0f:62:04:ce:82:11:f7:8d:10:ff:cb:5c:fe:df:6c:00:9f:78:05:fe
Signer

24-02-2021 15:33
Valid: true

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 4KB