2024-04-27_0b929e1aca710e1ffeccb61fb85f1e47_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-27_0b929e1aca710e1ffeccb61fb85f1e47_bkransomware
Size

4.2MB
MD5

0b929e1aca710e1ffeccb61fb85f1e47
SHA1

3482232eae982ee9fba87bc299966e15ad2852c7
SHA256

bb46eb477caebc2595dab744faf2faddf396b7c320e0c2f65da72616afe11354
SHA512

1d11ee0174d08fb4d0d90e026ce64462fe0bac3c69c05182db7272fad7d128b280116cf22103e0d9447e261e464fe7a6a664ced7a2c7239ac14bd79431bf7d08
SSDEEP

24576:y5NJSfRyVv65cZ99+HeB85vSZLPDhY1QfYX80zrv4tx4bitKX0DZ+Rtk9P4zDsrP:ya50CP5KBfNW42sQfGR

Score

1^/10

Malware Config

Signatures

Files

2024-04-27_0b929e1aca710e1ffeccb61fb85f1e47_bkransomware
.exe windows:5 windows x86 arch:x86

8291799ebd808f88c8ad29b0bb42cd09

Code Sign

45:7c:42:c7:7f:0b:91:60:c5:1a:24:3d:c7:46:b2:7f
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2016, 00:00

Not After

09/05/2017, 23:59

Subject

CN=Smart Media Sistemz Ukraina\, TOV,OU=IT,O=Smart Media Sistemz Ukraina\, TOV,POSTALCODE=69000,STREET=Bud. 33 kv. 14\, vul.Pravdy,L=Zaporizhzhya,ST=Zaporizka,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:26:ba:58:7b:35:fb:62:12:e2:d3:d3:5e:b9:f1:04:0c:b5:b2:3c
Signer

Actual PE Digest

cb:26:ba:58:7b:35:fb:62:12:e2:d3:d3:5e:b9:f1:04:0c:b5:b2:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EncodePointer
GetCurrentThreadId
GetLastError
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
DecodePointer
TlsSetValue
TlsFree
GetVersion
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
RtlUnwind
HeapAlloc
HeapReAlloc
LCMapStringW
GetProcAddress
ExitProcess
GetModuleHandleExW
TerminateProcess
GetConsoleCP
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
GetConsoleMode
GetStringTypeW
GetStringTypeA
EnumCalendarInfoA
GetCPInfo
GetOEMCP
ProcessIdToSessionId
GetComputerNameW
IsBadReadPtr
MoveFileExW
FindNextFileA
FindFirstFileA
GetDiskFreeSpaceA
GetWindowsDirectoryA
GetTempPathA
GetSystemDirectoryA
GetPrivateProfileIntW
GlobalAddAtomW
OutputDebugStringW
GetCommandLineW
CreateFileMappingW
CreateSemaphoreA
CreateMutexW
TlsGetValue
TlsAlloc
lstrcpynA
lstrcmpiA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetTimeZoneInformation
MulDiv
GetCommModemStatus
DuplicateHandle
FlushFileBuffers
GetLogicalDrives
SetHandleCount
SetEvent
TryEnterCriticalSection
FreeEnvironmentStringsA
GetShortPathNameW
HeapValidate
HeapSize
VirtualAlloc
GlobalHandle
GlobalLock
SetLastError
CreateFileW

user32

ChildWindowFromPoint
MapWindowPoints
HideCaret
SetCursor
MessageBeep
MessageBoxA
GetSysColorBrush
GetPropA
SetPropW
ScrollWindowEx
RedrawWindow
InvalidateRect
SetWindowRgn
BeginPaint
DrawFocusRect
FillRect
FrameRect
CopyRect
UnionRect
OffsetRect
IsRectEmpty
GetParent
SetParent
FindWindowExA
GetTopWindow
SetWindowTextW
GetWindowThreadProcessId
wvsprintfW
wsprintfA
wsprintfW
ActivateKeyboardLayout
GetKeyboardLayoutList
SetThreadDesktop
GetThreadDesktop
GetUserObjectInformationW
DrawEdge
PeekMessageW
GetMessagePos
GetMessageTime
SetWindowsHookExA
SendNotifyMessageW
UnregisterDeviceNotification
DefWindowProcA
DefWindowProcW
CallWindowProcW
GetDoubleClickTime
RegisterClassA
UnregisterClassW
IsWindow
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
IsWindowVisible
IsZoomed
CreateDialogParamA
EndDialog
GetDlgItem
GetDlgItemInt
SetDlgItemTextW
GetDlgItemTextW
IsDlgButtonChecked
GetDlgCtrlID
SetClipboardData
IsClipboardFormatAvailable
CharUpperBuffW
CharLowerW
CharNextW
CharPrevA
GetActiveWindow
GetAsyncKeyState
GetKeyboardType
SendInput
MsgWaitForMultipleObjects
SetMenu
GetMenuStringW
DrawMenuBar
CheckMenuItem
EnableMenuItem
AppendMenuW
RemoveMenu
DeleteMenu
InsertMenuItemW
SetMenuItemInfoW
DrawTextA
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDCEx
ReleaseDC
CallNextHookEx
LoadBitmapW
LoadCursorW
DestroyCursor
LoadIconA
LoadIconW
DestroyIcon
CopyImage
CreateIconIndirect
LoadStringW
IsDialogMessageW
MapDialogRect
GetScrollInfo
WinHelpW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
NotifyWinEvent
GetWindowInfo
SendMessageTimeoutW

comctl32

PropertySheetA
ImageList_BeginDrag
ImageList_AddMasked

advapi32

CryptReleaseContext
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegConnectRegistryW
RegCloseKey
CheckTokenMembership
DuplicateTokenEx
CreateProcessAsUserW
ImpersonateLoggedOnUser
GetUserNameW
LookupAccountNameW
LookupAccountSidW
SetFileSecurityW
MakeSelfRelativeSD
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetSecurityDescriptorLength
IsValidSecurityDescriptor
InitializeSecurityDescriptor
AddAccessAllowedAce
GetAce
AddAce
GetAclInformation
InitializeAcl
CopySid
GetLengthSid
GetSidSubAuthorityCount
GetSidSubAuthority
FreeSid
AllocateAndInitializeSid
GetSidLengthRequired
EqualSid
IsValidSid
CreateWellKnownSid
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetThreadToken
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumKeyW
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegFlushKey
RegNotifyChangeKeyValue
RegOpenKeyA
RegOpenKeyW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueW
RegQueryValueExA
RegQueryValueExW
RegSetKeySecurity
RegSetValueW
RegSetValueExA
RegSetValueExW
CryptAcquireContextA
CryptAcquireContextW
CryptDestroyKey
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerA
OpenSCManagerW
OpenServiceA
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
SetServiceStatus
StartServiceA
StartServiceW
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
SetEntriesInAclW
SetNamedSecurityInfoW
RegEnumKeyA

shell32

SHChangeNotify
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoW
ShellExecuteExW
SHFileOperationW
CommandLineToArgvW
ShellExecuteW
SHBindToParent

ole32

OleLoad
OleLoadFromStream
OleSaveToStream
OleNoteObjectVisible
RevokeDragDrop
DoDragDrop
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleSetMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
OleRun
OleIsRunning
OleLockRunning
CreateOleAdviseHolder
OleCreateDefaultHandler
OleGetIconOfFile
OleMetafilePictFromIconAndLabel
OleRegGetUserType
OleRegGetMiscStatus
OleRegEnumVerbs
OleConvertOLESTREAMToIStorage
OleGetAutoConvert
OleSetAutoConvert
GetConvertStg
HPALETTE_UserSize
OleCreateFromFile
OleCreateLinkToFile
OleCreateLinkFromData
OleQueryCreateFromData
OleQueryLinkFromData
OleUninitialize
OleInitialize
WriteFmtUserTypeStg
WriteClassStm
ReadClassStm
WriteClassStg
StgConvertVariantToProperty
StgCreatePropStg
PropVariantClear
HWND_UserFree
HWND_UserMarshal
HWND_UserSize
HMENU_UserUnmarshal
HGLOBAL_UserFree
HGLOBAL_UserSize
HACCEL_UserFree
HACCEL_UserUnmarshal
HACCEL_UserMarshal
HACCEL_UserSize
GetRunningObjectTable
CreateAntiMoniker
CreateItemMoniker
CreateGenericComposite
MonikerCommonPrefixWith
CoGetObject
BindMoniker
StgIsStorageILockBytes
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoTaskMemAlloc
CoTreatAsClass
CoGetTreatAsClass
CoInvalidateRemoteMachineBindings
CoWaitForMultipleHandles
CoRegisterMessageFilter
CoFileTimeNow
CoDosDateTimeToFileTime
CoCreateGuid
ProgIDFromCLSID
StringFromIID
CoAllowSetForegroundWindow
CoDisableCallCancellation
CoGetCancelObject
CoCreateInstance
CoSwitchCallContext
CoRevertToSelf
CoQueryClientBlanket
CoCopyProxy
CoSetProxyBlanket
CoQueryProxyBlanket
CoGetCallContext
CoFreeUnusedLibraries
CoFreeAllLibraries
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoIsHandlerConnected
CoGetStdMarshalEx
CoGetStandardMarshal
CoLockObjectExternal
CoDisconnectObject
CoUnmarshalHresult
CoMarshalInterface
CoGetMarshalSizeMax
CoRegisterPSClsid
CoReleaseServerProcess
CoAddRefServerProcess
CoGetClassObject
CoGetSystemSecurityPermissions
CoGetContextToken
CoRevokeInitializeSpy
CoRegisterInitializeSpy
CoInitializeEx
CoGetMalloc
STGMEDIUM_UserFree
HICON_UserFree
HICON_UserSize
HDC_UserMarshal
HDC_UserSize
HBITMAP_UserUnmarshal
CLIPFORMAT_UserFree
HWND_UserUnmarshal

oleaut32

SysReAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayPtrOfIndex
VariantInit
VariantClear
VariantCopy
VariantCopyInd
VariantChangeType
VariantChangeTypeEx
GetActiveObject
SetErrorInfo
GetErrorInfo
CreateErrorInfo
SysAllocStringLen

Sections

.text
Size: 739KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.5fhz
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.s76h
Size: 903KB - Virtual size: 902KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hzgo0
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1v6g5
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8291799ebd808f88c8ad29b0bb42cd09

Code Sign

45:7c:42:c7:7f:0b:91:60:c5:1a:24:3d:c7:46:b2:7fCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

cb:26:ba:58:7b:35:fb:62:12:e2:d3:d3:5e:b9:f1:04:0c:b5:b2:3cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 739KB - Virtual size: 739KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 18KB - Virtual size: 2.2MB

.5fhz Size: 1.8MB - Virtual size: 1.8MB

.s76h Size: 903KB - Virtual size: 902KB

.hzgo0 Size: 261KB - Virtual size: 261KB

.1v6g5 Size: 508KB - Virtual size: 508KB

.rsrc Size: 25KB - Virtual size: 24KB

45:7c:42:c7:7f:0b:91:60:c5:1a:24:3d:c7:46:b2:7f
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

cb:26:ba:58:7b:35:fb:62:12:e2:d3:d3:5e:b9:f1:04:0c:b5:b2:3c
Signer

.text
Size: 739KB - Virtual size: 739KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 18KB - Virtual size: 2.2MB

.5fhz
Size: 1.8MB - Virtual size: 1.8MB

.s76h
Size: 903KB - Virtual size: 902KB

.hzgo0
Size: 261KB - Virtual size: 261KB

.1v6g5
Size: 508KB - Virtual size: 508KB

.rsrc
Size: 25KB - Virtual size: 24KB