2024-05-17_8b5c33b054d94da031198e63eb0822b4_bkransomware_karagany

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-17_8b5c33b054d94da031198e63eb0822b4_bkransomware_karagany
Size

79KB
MD5

8b5c33b054d94da031198e63eb0822b4
SHA1

43c3dc2562b85198896f9b55dea08ed62e50d60f
SHA256

562056834f50eeef80f79c1ddb6b9322b57dc220d737e775a2d9045cc1e9faca
SHA512

70edd84fd52db4a5bae5c5db5e64eb10c2307c9988e95e22fd416507dcb2a12aee576cc4a5add21ecd7f0c73852c3c3ed51e997a9c800a13ef556e815421e0ed
SSDEEP

768:6URY49PHovmFmCZIaTCvvo5Fg4vp0Bv63I/Bf7TyioTW6NKtch2sWjcdkc5S2lJX:6tj49iRvL4vvuBETyccsWjcdZ3yVs

Score

1^/10

Malware Config

Signatures

Files

2024-05-17_8b5c33b054d94da031198e63eb0822b4_bkransomware_karagany
.exe windows:5 windows x86 arch:x86

cbb53d1565e82d78fcdfe818ac2e8dca

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ea:9c:e7:67:28:f5:5e:8f:87:b7:f0:68:37:73:b7
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/06/2014, 00:00

Not After

09/06/2016, 23:59

Subject

CN=Savepath Deals,O=Savepath Deals,POSTALCODE=90069,STREET=8923 W Sunset blvd,L=West Hollywood,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

be:20:14:ae:ed:9b:d4:4c:34:66:3e:ca:3b:29:2b:f2:f1:6a:4b:ef
Signer

Actual PE Digest

be:20:14:ae:ed:9b:d4:4c:34:66:3e:ca:3b:29:2b:f2:f1:6a:4b:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

N:\work\projects\spd\SpdProxy\installers\_proxyTracker\Release\pt.pdb

Imports

psapi

GetModuleFileNameExW
EnumProcesses

kernel32

GetSystemTimeAsFileTime
WriteConsoleW
SetFilePointerEx
OpenProcess
CloseHandle
OutputDebugStringW
CreateProcessW
GetLastError
WaitForSingleObject
CreateMutexW
GetModuleFileNameW
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
MultiByteToWideChar
ExitProcess
GetModuleHandleExW
GetProcAddress
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
CreateFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetStringTypeW
LCMapStringW
LoadLibraryExW
RtlUnwind
HeapAlloc
HeapReAlloc

user32

wsprintfW

shlwapi

PathAppendW
PathFileExistsW

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbb53d1565e82d78fcdfe818ac2e8dca

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

56:ea:9c:e7:67:28:f5:5e:8f:87:b7:f0:68:37:73:b7Certificate

Extended Key Usages

Key Usages

be:20:14:ae:ed:9b:d4:4c:34:66:3e:ca:3b:29:2b:f2:f1:6a:4b:efSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

shlwapi

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 3KB

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

56:ea:9c:e7:67:28:f5:5e:8f:87:b7:f0:68:37:73:b7
Certificate

be:20:14:ae:ed:9b:d4:4c:34:66:3e:ca:3b:29:2b:f2:f1:6a:4b:ef
Signer

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 3KB