2024-05-04_aaecde742a2a61180b85ef1ff04ad595_bkransomware

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-04_aaecde742a2a61180b85ef1ff04ad595_bkransomware
Size

572KB
MD5

aaecde742a2a61180b85ef1ff04ad595
SHA1

f673823c9b137c42942c498466a2ec9806601990
SHA256

8b6341ae7eccc462071363c42898908ee73eeaaafe84de3381a9f4e659b41df9
SHA512

f91bf2666ee95ebe106983e630c158209d1247d77daa0b8c91e63ffd7e21c432d21dc5505047770c8ff0d32a06ef4bf73e4370b16b4a8577d3c6c304d2f31391
SSDEEP

12288:GjixmJ6byfx/Il95xmIJYiheDeyefqlqwd7khc2:Gj44KCRKyljd7ku2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-04_aaecde742a2a61180b85ef1ff04ad595_bkransomware

Files

2024-05-04_aaecde742a2a61180b85ef1ff04ad595_bkransomware
.exe windows:5 windows x86 arch:x86

c783ff0e735a6b78a5a09f950a5c2876

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Builds\13810\Tools\Autoruns_master\bin\Win32\Release Console\autorunsc.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_ReplaceIcon
ImageList_Add

crypt32

CryptSIPRetrieveSubjectGuidForCatalogFile
CryptSIPLoad
CertGetNameStringW
CertDuplicateCertificateContext

kernel32

FreeLibrary
LoadLibraryExW
MultiByteToWideChar
LeaveCriticalSection
GetCurrentThread
SetThreadPriority
EnterCriticalSection
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
CreateThread
GetExitCodeThread
SetEndOfFile
ReadConsoleW
OpenProcess
OutputDebugStringW
SetFilePointerEx
GetPrivateProfileStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetStdHandle
GetFileType
GetStringTypeW
HeapSize
GetConsoleMode
lstrlenW
FlushFileBuffers
DeleteCriticalSection
GetStartupInfoW
TlsFree
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetFullPathNameW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetModuleFileNameW
TlsSetValue
LCMapStringW
TlsAlloc
FormatMessageA
GetFileTime
GetVersion
IsDebuggerPresent
TlsGetValue
GetCommandLineW
LocalFree
LocalAlloc
GetDateFormatW
GetTimeFormatW
GetModuleHandleW
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
MulDiv
ReadFile
GetLastError
InterlockedIncrement
FindNextFileW
FindFirstFileW
GetFileAttributesW
CreateFileW
LoadLibraryW
FindClose
Sleep
GetProcAddress
InterlockedDecrement
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetFileSizeEx
WriteFile
GetStdHandle
GetFileSize
SetErrorMode
InitializeCriticalSection
ExitThread
GetConsoleCP
GetCurrentProcess
lstrlenA
RtlUnwind
HeapAlloc
WriteConsoleW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
GetProcessHeap
SetLastError
GetCPInfo
GetOEMCP
IsProcessorFeaturePresent
HeapReAlloc
RaiseException
EncodePointer
DecodePointer
GetCurrentThreadId
IsValidCodePage
GetACP
HeapFree

user32

GetDlgItem
SetWindowTextW
SetCursor
GetSysColorBrush
InflateRect
EndDialog
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
DeleteMenu
DialogBoxIndirectParamW
SendMessageW
MessageBoxW
LoadCursorW
PostMessageW
LoadStringW
DestroyIcon
LoadIconW

gdi32

EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC
DeleteObject

comdlg32

PrintDlgW

advapi32

CryptReleaseContext
RegQueryValueW
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
DuplicateTokenEx
ImpersonateLoggedOnUser
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
EqualSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RevertToSelf
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW

shell32

SHGetFileInfoW
ShellExecuteW

ole32

CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantChangeType
VariantInit
SysAllocStringByteLen
SysStringLen
VariantClear
SysFreeString
SysAllocString

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpSendRequest

shlwapi

ord176
UrlUnescapeW

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c783ff0e735a6b78a5a09f950a5c2876

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

comctl32

crypt32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winhttp

shlwapi

Sections

.text Size: 315KB - Virtual size: 315KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 17KB - Virtual size: 31KB

.rsrc Size: 104KB - Virtual size: 103KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 315KB - Virtual size: 315KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 17KB - Virtual size: 31KB

.rsrc
Size: 104KB - Virtual size: 103KB

.reloc
Size: 21KB - Virtual size: 20KB