2024-07-26_e92197630c730f144f5eb35fa09395ce_bkransomware_karagany_virut

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-26_e92197630c730f144f5eb35fa09395ce_bkransomware_karagany_virut
Size

411KB
MD5

e92197630c730f144f5eb35fa09395ce
SHA1

c9cff106f18a21b5fdb1d27d6f4aed122c93e10f
SHA256

c44dfdffe3e98e9439fb1caa1c10526f8e66b424cdd0a62200aca162979a2daf
SHA512

765247ae30ff468a7bd2e31ea27427e8b2d4443ee032a5624fd858ee935c5c497711f1bfa027059dc9059dba9ac093416679a82d3f815a6681edb8bec28f1b4e
SSDEEP

6144:WQk4a+YXnxX1usZaWbB3lu0NoRB3lxEI/xnR/25REXXmu+0RpRAcjc7Bkj:unnNai1uQmB3hx925Rqmu+0hAcg

Score

1^/10

Malware Config

Signatures

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

2024-07-26_e92197630c730f144f5eb35fa09395ce_bkransomware_karagany_virut
.exe windows:5 windows x86 arch:x86

c64d6279560f66aff26075e2a6dc39ac

Code Sign

03:b4:71:cd:4d:7f:fe:c2:9a:3b:20:b2:cb:0f:5f:54
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/04/2016, 00:00

Not After

10/08/2017, 12:00

Subject

CN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:35:10:bf:3f:89:e3:4b:7e:bc:45:8b:01:09:f1:48:96:5d:5f:40
Signer

Actual PE Digest

eb:35:10:bf:3f:89:e3:4b:7e:bc:45:8b:01:09:f1:48:96:5d:5f:40

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src\LunarHub-Doc\SDKs\Windows\nsisRuntime\nsis\nsis-3.0b3-src\build\urelease\stub_zlib-x86-ansi\stub_zlib.pdb

Imports

kernel32

WritePrivateProfileStringA
MoveFileA
MultiByteToWideChar
GetFileSize
GetTickCount
GetModuleFileNameA
GetCommandLineA
SetEnvironmentVariableA
SetErrorMode
GetCurrentProcess
ExitProcess
GetVersion
GetWindowsDirectoryA
GetTempPathA
CopyFileA
GetDiskFreeSpaceA
CreateThread
GlobalLock
GlobalUnlock
lstrcpynA
lstrlenA
CreateDirectoryA
CreateFileA
ReadFile
RemoveDirectoryA
WriteFile
CreateProcessA
GetPrivateProfileStringA
GetSystemDirectoryA
GetProcAddress
lstrcpyA
lstrcatA
LoadLibraryA
GetTempFileNameA
MoveFileExA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
lstrcmpiA
lstrcmpA
MulDiv
GetShortPathNameA
GlobalFree
GlobalAlloc
LoadLibraryExA
GetModuleHandleA
FreeLibrary
GetExitCodeProcess
Sleep
WaitForSingleObject
GetLastError
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesA
GetFullPathNameA
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CompareFileTime
SearchPathA
SetCurrentDirectoryA
GetLocalTime
ExpandEnvironmentStringsA

user32

GetWindowLongA
SetClassLongA
LoadBitmapA
LoadCursorA
SystemParametersInfoA
wvsprintfA
DispatchMessageA
PeekMessageA
SetDlgItemTextA
GetDlgItemTextA
GetSysColor
MessageBoxIndirectA
CreatePopupMenu
GetSystemMenu
GetSystemMetrics
IsWindowEnabled
GetAsyncKeyState
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
ScreenToClient
SetCursor
GetWindowRect
TrackPopupMenu
AppendMenuA
CharPrevA
EnableMenuItem
IsDlgButtonChecked
CheckDlgButton
EndDialog
DialogBoxParamA
IsWindowVisible
SetWindowPos
GetClassInfoA
RegisterClassA
CallWindowProcA
GetMessagePos
CharNextA
ExitWindowsEx
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
LoadImageA
FindWindowExA
SetWindowLongA
DefWindowProcA
DrawTextA
BeginPaint
EndPaint
GetClientRect
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutA
SendMessageA
wsprintfA
FillRect
CreateWindowExA

gdi32

SetBkColor
GetDeviceCaps
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA
SHGetSpecialFolderLocation

advapi32

RegEnumValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
SetFileSecurityA
LookupPrivilegeValueA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
AdjustTokenPrivileges

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ord17

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data
.rdata
.reloc
.text
CERTIFICATE

Sharing

General

Malware Config

Signatures

Files

c64d6279560f66aff26075e2a6dc39ac

Code Sign

03:b4:71:cd:4d:7f:fe:c2:9a:3b:20:b2:cb:0f:5f:54Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

eb:35:10:bf:3f:89:e3:4b:7e:bc:45:8b:01:09:f1:48:96:5d:5f:40Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 292KB

.ndata Size: - Virtual size: 288KB

.rsrc Size: 189KB - Virtual size: 189KB

.reloc Size: 368KB - Virtual size: 368KB

03:b4:71:cd:4d:7f:fe:c2:9a:3b:20:b2:cb:0f:5f:54
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

eb:35:10:bf:3f:89:e3:4b:7e:bc:45:8b:01:09:f1:48:96:5d:5f:40
Signer

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 292KB

.ndata
Size: - Virtual size: 288KB

.rsrc
Size: 189KB - Virtual size: 189KB

.reloc
Size: 368KB - Virtual size: 368KB