2024-04-27_4940b1a79779be3ac78a9d60b23ac496_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-27_4940b1a79779be3ac78a9d60b23ac496_bkransomware
Size

2.6MB
MD5

4940b1a79779be3ac78a9d60b23ac496
SHA1

789e88d3e9d12375e58e42284a5f552d067d9a52
SHA256

875d65cef331382e6bbad95b4ffac7c830ea5187b855e0ab3c85c4723052cdfa
SHA512

8208544b8f00b992c07219a2d85966b4a5563e2d87aeecfd96fe16463272876b974a092fdbf5a85a229999cc9f225134f5d2456d7de4c1e7a03104e021361ce9
SSDEEP

49152:enSZdugzF3i0Xd0wuHIfjErOx7230fNdYrhdV:J7ugNEwbfjErOxS3+U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-27_4940b1a79779be3ac78a9d60b23ac496_bkransomware

Files

2024-04-27_4940b1a79779be3ac78a9d60b23ac496_bkransomware
.exe windows:6 windows x86 arch:x86

4134dd243ac0bb06e4b40013cf8a0d14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\GITREPOS\vim\src\gvim.pdb

Imports

kernel32

SearchPathA
SetFileAttributesA
LoadLibraryA
GetFileType
MoveFileA
GlobalMemoryStatusEx
SetCurrentDirectoryW
CreatePipe
GetModuleFileNameA
SetConsoleTitleW
GetConsoleTitleW
GetCurrentDirectoryA
GetVersionExA
TerminateJobObject
CloseHandle
DeleteFileW
GetCurrentProcessId
GetFileInformationByHandle
SetFileAttributesW
ResumeThread
lstrlenA
GetTickCount
LocalHandle
IsDBCSLeadByte
MoveFileW
GetStartupInfoA
AttachConsole
BackupRead
GetCurrentDirectoryW
SetCurrentDirectoryA
CreateJobObjectA
SetConsoleTitleA
ReadFile
TerminateProcess
CreateProcessA
GetFileAttributesW
GetExitCodeProcess
GetFileAttributesA
FreeConsole
AssignProcessToJobObject
OutputDebugStringW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WriteFile
GetConsoleTitleA
GenerateConsoleCtrlEvent
BackupSeek
GetComputerNameW
WaitForSingleObject
GetCurrentProcess
CreateProcessW
SetErrorMode
PeekNamedPipe
SearchPathW
GlobalMemoryStatus
GetTempFileNameW
GetFullPathNameA
GetComputerNameA
GetCommandLineW
GetFullPathNameW
GlobalFree
Sleep
GlobalAlloc
GlobalSize
LocalFree
GetSystemInfo
GlobalUnlock
CreateFileW
MulDiv
FormatMessageA
IsBadReadPtr
GlobalLock
VirtualQuery
CreateFileA
GetLocaleInfoA
FindNextFileW
FindNextFileA
FindClose
FindFirstFileA
FindFirstFileW
IsValidCodePage
GetProcAddress
IsDBCSLeadByteEx
GetLastError
GetACP
FreeLibrary
GetCPInfo
GetModuleHandleA
DeleteFileA
GetTempPathA
GetTempFileNameA
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
GetLocaleInfoW
WriteConsoleW
FlushFileBuffers
RaiseException
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEndOfFile
MoveFileExW
HeapSize
GetTimeZoneInformation
GetModuleFileNameW
GetProcessHeap
FatalAppExitA
QueryPerformanceCounter
GetLongPathNameA
LocalAlloc
CreateSemaphoreW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThread
SetLastError
GetOEMCP
GetStartupInfoW
DeleteCriticalSection
GetStdHandle
SetEnvironmentVariableA
GetConsoleCP
DuplicateHandle
ReadConsoleW
GetConsoleMode
GetCommandLineA
GetStringTypeW
LoadLibraryExW
ExitThread
GetCurrentThreadId
GetShortPathNameA
CreateThread
RemoveDirectoryW
CreateDirectoryW
SetConsoleCtrlHandler
GetFileAttributesExW
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
SetEnvironmentVariableW
VirtualProtect
VirtualAlloc
AreFileApisANSI
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
SetFilePointerEx
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
HeapFree
IsProcessorFeaturePresent
IsDebuggerPresent

advapi32

OpenProcessToken
RegCloseKey
RegOpenKeyExA
GetUserNameW
GetAclInformation
LookupPrivilegeValueA
GetAce
GetUserNameA
AdjustTokenPrivileges
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA

shell32

DragQueryPoint
DragQueryFileW
DragAcceptFiles
DragQueryFileA
CommandLineToArgvW
Shell_NotifyIconA
DragFinish

gdi32

GetObjectA
GetStockObject
ExtTextOutA
CreateSolidBrush
EndPage
MoveToEx
StartPage
SetTextColor
DeleteDC
GetDeviceCaps
CreateFontIndirectA
SetBkColor
GetPixel
SetAbortProc
SetBkMode
DeleteObject
SelectObject
StartDocA
EnumFontFamiliesA
GetNearestColor
GetTextMetricsA
SetTextAlign
TextOutW
EndDoc
TextOutA
CreatePen
GetTextExtentPointA
GetTextExtentPointW
ExtTextOutW
CreateCompatibleDC
GetDCOrgEx
SetPixel
GdiFlush
CreateFontA
LineTo
CreateDCA
BitBlt
GetTextExtentPoint32W
CreateBitmap

comdlg32

GetSaveFileNameA
FindTextW
GetSaveFileNameW
ReplaceTextW
GetOpenFileNameW
FindTextA
ReplaceTextA
CommDlgExtendedError
PrintDlgA
ChooseFontA
GetOpenFileNameA

ole32

CoCreateInstance
CoUninitialize
CoInitialize
StringFromCLSID
OleUninitialize
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
OleInitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comctl32

CreateToolbarEx
ord17

oleaut32

SetErrorInfo
LoadRegTypeLi
RegisterActiveObject
UnRegisterTypeLi
LoadTypeLi
RevokeActiveObject
SysAllocString
RegisterTypeLi

user32

CallWindowProcA
UpdateWindow
MapWindowPoints
GetDlgItemTextW
InsertMenuA
IsWindowVisible
GetSystemMetrics
RegisterClassW
ScrollWindowEx
ReleaseCapture
InsertMenuW
RemoveMenu
ShowScrollBar
GetMenuItemCount
GetClassInfoA
DrawMenuBar
FrameRect
CreatePopupMenu
SetMenu
ShowWindow
GetCursorPos
SetWindowPos
GetSysColor
DestroyCursor
RedrawWindow
EndDialog
GetDlgItem
GetMenuState
SetClassLongA
PeekMessageW
SetCursorPos
InvalidateRect
IntersectRect
SetWindowLongA
TrackPopupMenuEx
GetKeyboardLayout
DialogBoxIndirectParamA
OffsetRect
GetWindowPlacement
IsDialogMessageW
CreateDialogIndirectParamA
ShowCursor
GetDC
InsertMenuItemW
GetClassInfoW
PtInRect
BeginPaint
RegisterWindowMessageA
CreateMenu
GetClientRect
SetParent
WindowFromPoint
FindWindowExA
MessageBeep
LoadBitmapA
DrawIconEx
GetKeyState
IsZoomed
KillTimer
GetDialogBaseUnits
FillRect
IsIconic
TrackPopupMenu
GetMessageW
InsertMenuItemA
SetActiveWindow
GetWindowRect
ScreenToClient
SetTimer
InvertRect
SetWindowPlacement
EndPaint
DefWindowProcA
DestroyMenu
FindWindowA
LoadCursorA
SetWindowTextW
DestroyIcon
SetScrollInfo
GetMenuItemRect
GetScrollPos
DefWindowProcW
GetMessageTime
mouse_event
GetWindow
MoveWindow
GetFocus
IsDialogMessageA
MessageBoxA
PeekMessageA
DispatchMessageA
CloseClipboard
IsClipboardFormatAvailable
RegisterClipboardFormatA
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
GetClassNameA
GetSystemMenu
CreateDialogParamA
SendDlgItemMessageA
GetWindowDC
MsgWaitForMultipleObjects
GetParent
wsprintfA
SetFocus
SendMessageA
EnumWindows
TranslateMessage
GetWindowTextA
CharUpperBuffA
CreateWindowExA
ReleaseDC
EnableMenuItem
CharLowerBuffA
GetDesktopWindow
PostMessageA
SystemParametersInfoA
SetWindowTextA
LoadImageA
SetDlgItemTextW
EnableWindow
GetDlgItemTextA
SetDlgItemTextA
RegisterClassA
DestroyWindow
IsWindow
SetForegroundWindow
LoadIconA
MapVirtualKeyA
IsRectEmpty
DispatchMessageW
SetCapture
GetMessageA

wsock32

WSAGetLastError
select
connect
inet_ntoa
WSAStartup
send
gethostbyname
closesocket
__WSAFDIsSet
WSACleanup
socket
recv
htons

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 241KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4134dd243ac0bb06e4b40013cf8a0d14

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

gdi32

comdlg32

ole32

version

comctl32

oleaut32

user32

wsock32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 165KB - Virtual size: 164KB

.data Size: 241KB - Virtual size: 289KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 150KB - Virtual size: 149KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 165KB - Virtual size: 164KB

.data
Size: 241KB - Virtual size: 289KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 150KB - Virtual size: 149KB