2024-04-27_358227cd5efe1eb4180a44fffb45be84_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-27_358227cd5efe1eb4180a44fffb45be84_bkransomware
Size

639KB
MD5

358227cd5efe1eb4180a44fffb45be84
SHA1

956cbc8baeb39ccc793a63149c276e0af48279a4
SHA256

128eda9646bc3f6271e89f058f7708de67359ffcc48a06489ff7a2722ef2e994
SHA512

7cb2416c88a275e09b0fb0b92382cc0ed45b1a637fdc7c73397f580144621831c66ef5c0b135e987f14593baeafd286c4028a60084e82cce43a987ce0036a8ab
SSDEEP

12288:Du2QOf8hy0T/oCF2j6L1iyY4UuG5tpFIGAG2+7PSJLh0fLkT/fVkPhDpKA:hEoo2j65g2NeAT/NkPhDp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-27_358227cd5efe1eb4180a44fffb45be84_bkransomware

Files

2024-04-27_358227cd5efe1eb4180a44fffb45be84_bkransomware
.exe windows:5 windows x86 arch:x86

06942f3c81312c897a06ccb2c0bae2cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\RHUB2\PCSetup\Release.V2013\PCSetup.pdb

Imports

kernel32

GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetThreadLocale
SetErrorMode
GetFileAttributesExW
GetFileSizeEx
GetTickCount
GetCommandLineW
IsProcessorFeaturePresent
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetSystemTimeAsFileTime
CreateThread
ExitThread
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetFileType
PeekNamedPipe
HeapQueryInformation
GetFullPathNameW
VirtualProtect
GetStdHandle
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
SetStdHandle
GetStringTypeW
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
FlushFileBuffers
GetCurrentDirectoryW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FileTimeToSystemTime
MulDiv
LocalFree
GlobalUnlock
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GlobalLock
SizeofResource
GlobalFindAtomW
GlobalAddAtomW
FindResourceW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LockResource
LoadResource
LoadLibraryExW
FreeResource
GetSystemDirectoryW
EncodePointer
GetModuleHandleA
SetLastError
OutputDebugStringA
GetACP
lstrlenW
lstrcpyW
lstrcmpiW
FileTimeToDosDateTime
FreeLibrary
VirtualQuery
GetCurrentThreadId
OutputDebugStringW
IsDebuggerPresent
WriteFile
SetFilePointer
GetFileTime
GetFileSize
FileTimeToLocalFileTime
CreateMutexW
ReleaseMutex
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFree
GlobalAlloc
GetModuleHandleW
GetSystemInfo
GetSystemTime
CreateProcessW
GetCurrentThread
TerminateProcess
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileA
GetTempPathA
GetTempFileNameA
RemoveDirectoryW
GetLongPathNameW
FindNextFileW
FindFirstFileW
FindClose
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetThreadPriority
CreateEventW
SetEvent
GetTempPathW
WideCharToMultiByte
GetVersionExW
CopyFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CreateFileW
CreateDirectoryW
LoadLibraryW
FormatMessageW
CloseHandle
Sleep
WaitForSingleObject
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GetProcAddress
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
SetUnhandledExceptionFilter
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
VirtualAlloc
DecodePointer

user32

CopyAcceleratorTableW
CharNextW
SetCapture
CharUpperW
KillTimer
SetTimer
DestroyMenu
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
IntersectRect
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
MoveWindow
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
MapDialogRect
SetWindowContextHelpId
SetCursor
GetCursorPos
TranslateMessage
WinHelpW
CallNextHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
SetActiveWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
UnhookWindowsHookEx
SendDlgItemMessageA
wsprintfW
wvsprintfW
GetMonitorInfoW
MonitorFromWindow
GetSystemMetrics
FindWindowW
GetActiveWindow
GetWindow
PostThreadMessageW
RegisterClipboardFormatW
GetWindowThreadProcessId
GetClassNameW
MessageBoxW
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
MapWindowPoints
InvalidateRgn
GetWindowTextW
SetForegroundWindow
GetForegroundWindow
IsWindowVisible
SetWindowPos
ShowWindow
GetIconInfo
CopyImage
DestroyIcon
GetParent
GetWindowLongW
CopyRect
GetSysColor
WindowFromPoint
ClientToScreen
SetWindowRgn
DrawStateW
GetNextDlgTabItem
SetRect
LoadIconW
GetDesktopWindow
OffsetRect
GetWindowRect
GetClientRect
InvalidateRect
ReleaseDC
GetDC
EnableWindow
ReleaseCapture
GetCapture
PostQuitMessage
PeekMessageW
DispatchMessageW
GetMessageW
LoadImageW
GetClassInfoW
UnregisterClassW
PostMessageW
SendMessageW

gdi32

GetMapMode
GetBkColor
GetTextColor
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
GetRgnBox
CreateRoundRectRgn
SetMapMode
SetBkMode
SelectObject
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetClipBox
Escape
CreatePen
SetTextColor
SetBkColor
CreateBitmap
GetObjectW
DeleteObject
DeleteDC
CreateCompatibleDC
GetDeviceCaps
FrameRgn
CreateSolidBrush

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

EqualSid
OpenProcessToken
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
ImpersonateSelf
GetTokenInformation
FreeSid
AllocateAndInitializeSid
OpenThreadToken
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW

comctl32

ord17
_TrackMouseEvent

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripPathW
PathStripToRootW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleInitialize
OleUninitialize
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleIsCurrentClipboard
CoFreeUnusedLibraries
CoRevokeClassObject
OleFlushClipboard

oleaut32

VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
OleCreateFontIndirect
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

oledlg

OleUIBusyW

ws2_32

WSAAddressToStringW
gethostbyname
socket
shutdown
WSALookupServiceBeginW
send
recv
inet_ntoa
WSALookupServiceNextW
WSALookupServiceEnd
setsockopt
gethostname
getaddrinfo
inet_addr
htons
WSAStartup
WSAGetLastError
closesocket
connect

oleacc

CreateStdAccessibleObject
LresultFromObject

wininet

InternetOpenA
InternetErrorDlg
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestW
HttpOpenRequestW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpOpenRequestA
InternetConnectA
InternetReadFileExA
InternetQueryOptionA
InternetSetOptionA
DetectAutoProxyUrl

urlmon

URLDownloadToFileA

Sections

.text
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06942f3c81312c897a06ccb2c0bae2cf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

ws2_32

oleacc

wininet

urlmon

Sections

.text Size: 388KB - Virtual size: 387KB

.rdata Size: 121KB - Virtual size: 120KB

.data Size: 34KB - Virtual size: 82KB

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 388KB - Virtual size: 387KB

.rdata
Size: 121KB - Virtual size: 120KB

.data
Size: 34KB - Virtual size: 82KB

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 27KB - Virtual size: 27KB