2024-09-02_7f859c2f925f15c25ae2eab68bb4f3cd_bkransomware_karagany

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-02_7f859c2f925f15c25ae2eab68bb4f3cd_bkransomware_karagany
Size

1.1MB
MD5

7f859c2f925f15c25ae2eab68bb4f3cd
SHA1

5a5594355fafdde5efed87e605162e26aaaed72d
SHA256

43e216a7f271d25c112ff298c42ae0dfd536e307f6011a115f2258ef50fdebba
SHA512

00d5c50d34d204aac94e6e58f58a151b1c11729a5d727f445225c81073c44f97201d20caea58da29ee0a8ed9edc7e9e6977f78ed317dbe859097a0f681a2df82
SSDEEP

12288:kFYqISEJOoUNRME0FyDNIxTou6O/TZbIBnPpJa/ublU/L+n7vkkOCtJm+Jk:kFUrJOoh+NpYFEnRMWblsmvOKk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-02_7f859c2f925f15c25ae2eab68bb4f3cd_bkransomware_karagany

Files

2024-09-02_7f859c2f925f15c25ae2eab68bb4f3cd_bkransomware_karagany
.exe windows:5 windows x86 arch:x86

b09ea43d54a322c432fc5a32d14cd25b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\svn\local\迅推\MainPage\SPIFilterX86\Release\packet.pdb

Imports

kernel32

GetSystemInfo
CloseHandle
CreateFileA
GetFileSize
ReadFile
lstrcpyA
lstrcatA
DeviceIoControl
MultiByteToWideChar
GetProcAddress
WriteFile
FindResourceA
FreeResource
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
GetProcessHeap
CreateProcessA
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DecodePointer
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
CreateFileW
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
GetLocalTime
WideCharToMultiByte
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep

user32

wsprintfA

advapi32

CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegOpenKeyA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

VariantInit

shlwapi

PathRemoveFileSpecA

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b09ea43d54a322c432fc5a32d14cd25b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

urlmon

iphlpapi

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 5KB - Virtual size: 16KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 5KB - Virtual size: 16KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 6KB - Virtual size: 5KB