2024-06-15_b009de3ec9b763fe4b9f27ea0cb04726_bkransomware_karagany

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-15_b009de3ec9b763fe4b9f27ea0cb04726_bkransomware_karagany
Size

317KB
MD5

b009de3ec9b763fe4b9f27ea0cb04726
SHA1

eb91d5b478fcb909c9b3b7aefef008c963ddd9e6
SHA256

1765635d7b41e7bbdd4ad710e3d02bfd5022841ca1b87b8874d6d68ab161dfe3
SHA512

df34907b1c46d1fd662251cfa8101143c44a4bfa2f77df2b0ca1ef187a568ae1ae5837a6a3f3bed90c7cc90fa466b88bc4a22923cf82f4b425ffa441fad1b47c
SSDEEP

3072:wI+KpVo/zYC7DpW1okcq7YExCXAxsSxBNrRW6pV/AOSYAAAAAAAAAAAAAAAAAAAS:BpuT7DOo0fxCQxVVWkoOAVijiAtCs

Score

1^/10

Malware Config

Signatures

Files

2024-06-15_b009de3ec9b763fe4b9f27ea0cb04726_bkransomware_karagany
.exe windows:5 windows x86 arch:x86

9f01ff8e38b93c749b939dbac2ad841a

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

50:70:6b:cd:d8:13:fc:1b:4e:3b:33:72:d2:11:48:8d
Certificate

Issuer

CN=CA 沃通根证书,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=CA 沃通根证书,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:de:c4:02:27:0b:f4:ee:9e:89:2c:c6:5e:0a:da:21
Certificate

Issuer

CN=CA 沃通根证书,O=WoSign CA Limited,C=CN

Not Before

10/07/2015, 00:58

Not After

10/07/2025, 00:58

Subject

CN=CA 沃通 EV 代码签名证书,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:d8:95:61:58:85:ac:9d:f1:b0:5d:72:af:79:6a:27
Certificate

Issuer

CN=CA 沃通 EV 代码签名证书,O=WoSign CA Limited,C=CN

Not Before

25/11/2015, 02:53

Not After

25/11/2016, 02:53

Subject

SERIALNUMBER=110108017395785,CN=北京广狐信息技术有限公司,O=北京广狐信息技术有限公司,POSTALCODE=100020,STREET=北京市朝阳区大桥路8号尚都SOHO南塔2012,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1073657276696365406164666f782e636e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:3a:6c:63:13:c7:ba:b6:c2:9f:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=CA 沃通根证书,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:39:bb:9c:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 20:13

Not After

15/04/2021, 20:23

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:ce:a7:f6:a9:7f:e9
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 22:46

Not After

31/12/2019, 23:59

Subject

CN=CA 沃通根证书,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:81:3b:24:6a:81:86:04:5a:50:cb:55:10:34:b5:44:44:e8:2a:cc:58:8a:a0:e2:24:20:31:ef:ee:3d:28:14
Signer

Actual PE Digest

44:81:3b:24:6a:81:86:04:5a:50:cb:55:10:34:b5:44:44:e8:2a:cc:58:8a:a0:e2:24:20:31:ef:ee:3d:28:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DtAEast\android_pc\code\other\CustomSetup\Release\ITunesUpdate.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
SetCurrentDirectoryW
LocalAlloc
LocalFree
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
CloseHandle
Process32NextW
CreateThread
CreateFileW
SetFilePointer
WriteFile
GetLastError
GetFileSize
WaitForSingleObject
SuspendThread
ResumeThread
GetCurrentProcess
CreateMutexW
GetNativeSystemInfo
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
SetStdHandle
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
LCMapStringW
OutputDebugStringW
GetModuleFileNameW
GetTempPathW
TerminateThread
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetProcessHeap
HeapSize
LoadLibraryExW
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapAlloc
HeapFree
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
RaiseException
GetCommandLineW
WriteConsoleW
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer

user32

SetWindowLongW
ShowWindow
IsWindowVisible
FindWindowW
LoadIconW
SetWindowPos
GetWindowLongW

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
AdjustTokenPrivileges

shell32

ShellExecuteW
ShellExecuteExW

ole32

CoUninitialize
CoInitialize

xcgui

XWnd_CreateWindow
XWnd_GetHWnd
XImage_LoadFileAdaptive
XWnd_SetTransparentAlpha
XWnd_SetTransparentFlag
XWnd_SetIcon
XWnd_ShowWindow
XWnd_SetFont
XWnd_SetBkColor
XModalWnd_DoCancel
XModalWnd_CreateWindow
XEle_EnableMouseThrough
XModalWnd_DoModal
XWnd_CloseWindow
XInitXCGUI
xtracew
XWnd_RegisterMsgProcEx
XModalWnd_DoOk
XEle_GetHWindow
XWnd_SetWindowPos
XRunXCGUI
XWnd_SetTimer
XStatic_SetText
XEle_IsShowEle
XWnd_RedrawWnd
XProgBar_SetImage2
XWnd_RegisterMessageEx
XProgBar_SetPos
XProgBar_Create
XStatic_Create
XTextLink_SetStayColor
XTextLink_Create
XEle_SetTextColor
XEle_SetFont
XEle_SetZOrder
XBtn_Create
XFont_Create2
XWnd_SetImage
XImage_LoadFile
XEle_RedrawEle
XEle_SetFocus
XEle_GetHWnd
XEle_ShowEle
XEle_Destroy
XFont_CreateEx
XBtn_SetImageDisable
XBtn_SetImageDown
XBtn_SetImageStay
XBtn_SetImageLeave
XEle_EnableFocus
XEle_SetBkTransparent
XEle_RegisterEventEx
XBtn_SetText
XProgBar_SetImage
XWnd_KillTimer
XStatic_SetTextAlign

shlwapi

StrToIntW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f01ff8e38b93c749b939dbac2ad841a

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

50:70:6b:cd:d8:13:fc:1b:4e:3b:33:72:d2:11:48:8dCertificate

Key Usages

3a:de:c4:02:27:0b:f4:ee:9e:89:2c:c6:5e:0a:da:21Certificate

Extended Key Usages

Key Usages

21:d8:95:61:58:85:ac:9d:f1:b0:5d:72:af:79:6a:27Certificate

Extended Key Usages

Key Usages

33:00:00:00:3a:6c:63:13:c7:ba:b6:c2:9f:00:00:00:00:00:3aCertificate

Extended Key Usages

Key Usages

61:39:bb:9c:00:00:00:00:00:33Certificate

Key Usages

1f:ce:a7:f6:a9:7f:e9Certificate

Key Usages

44:81:3b:24:6a:81:86:04:5a:50:cb:55:10:34:b5:44:44:e8:2a:cc:58:8a:a0:e2:24:20:31:ef:ee:3d:28:14Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

xcgui

shlwapi

version

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 178KB - Virtual size: 178KB

.reloc Size: 6KB - Virtual size: 6KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

50:70:6b:cd:d8:13:fc:1b:4e:3b:33:72:d2:11:48:8d
Certificate

3a:de:c4:02:27:0b:f4:ee:9e:89:2c:c6:5e:0a:da:21
Certificate

21:d8:95:61:58:85:ac:9d:f1:b0:5d:72:af:79:6a:27
Certificate

33:00:00:00:3a:6c:63:13:c7:ba:b6:c2:9f:00:00:00:00:00:3a
Certificate

61:39:bb:9c:00:00:00:00:00:33
Certificate

1f:ce:a7:f6:a9:7f:e9
Certificate

44:81:3b:24:6a:81:86:04:5a:50:cb:55:10:34:b5:44:44:e8:2a:cc:58:8a:a0:e2:24:20:31:ef:ee:3d:28:14
Signer

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 178KB - Virtual size: 178KB

.reloc
Size: 6KB - Virtual size: 6KB