2024-06-06_9ddb6c981215dfc5a54c0cdf7013816a_bkransomware_karagany

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-06_9ddb6c981215dfc5a54c0cdf7013816a_bkransomware_karagany
Size

90KB
MD5

9ddb6c981215dfc5a54c0cdf7013816a
SHA1

da44cd13cf2a671387277d0b7ec6c5fdd1793a64
SHA256

c65cf0a4079b61b244452268f926c8fcaa46332e5dd27b02a35b5f3949db9f8b
SHA512

8e40eeb917aa7131e835e0fc2811507a1b7a82a12798ae7d87443caf89adc5ff60cacc6f70a293e92b9d5acec1acf5dbea7de4d9ba0464db5dbc70f6fe4c7fea
SSDEEP

1536:312Zinl6FrkwYG7Fc6asWjcdznUGZGsfc9ic96:3toFvRznUeGsfTc96

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-06_9ddb6c981215dfc5a54c0cdf7013816a_bkransomware_karagany

Files

2024-06-06_9ddb6c981215dfc5a54c0cdf7013816a_bkransomware_karagany
.exe windows:5 windows x86 arch:x86

b6c893588f5c88f3ba2fd8039d4a4788

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\fmz\MyProject\bin\LZHandleLink.pdb

Imports

kernel32

GetModuleHandleW
WriteFile
InitializeCriticalSectionAndSpinCount
Sleep
GetModuleFileNameW
GetLastError
GetProcAddress
DecodePointer
DeleteCriticalSection
CloseHandle
CreateFileW
OutputDebugStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
LoadLibraryExW
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
EncodePointer
GetCommandLineA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetProcessHeap
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetConsoleCP
GetConsoleMode
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
LCMapStringW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6c893588f5c88f3ba2fd8039d4a4788

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 17KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 17KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB