2024-05-08_0a7a16a97d3db5c8157e67591e9dec5d_bkransomware_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-08_0a7a16a97d3db5c8157e67591e9dec5d_bkransomware_revil
Size

8.6MB
MD5

0a7a16a97d3db5c8157e67591e9dec5d
SHA1

e330567c32d951014af8bfed893dd17a3e76476d
SHA256

a5cc862c9d8c1b52d955296ba4eac39a92f3a860da30a0b3256005ed45f749f2
SHA512

3001b17e1c41fd808075b6e876d9134e3a23429ad6dfa3a0f91a2f51ead64400f04f39d99647a5cfd1eb6b2010e770d15e9bda4530f14049afbed4be5a963d4f
SSDEEP

196608:9ONhx/k1guc1CPwDv3uFR0ZOagyBDf+fiWlwCk1guc1CPwDv3uFR0ZOagyBDf+8p:9Ol/buc1CPwDv3uFmTgyBDfkfwCbuc1N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-08_0a7a16a97d3db5c8157e67591e9dec5d_bkransomware_revil

Files

2024-05-08_0a7a16a97d3db5c8157e67591e9dec5d_bkransomware_revil
.exe windows:5 windows x86 arch:x86

710c58409cb40699449dc773f44039be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\projects\libs\fv.pdb

Imports

user32

PeekMessageA
PostMessageA
GetWindowTextA
GetWindowTextLengthA
EnumWindows
GetWindowThreadProcessId
DispatchMessageA
LoadStringA
wsprintfA
UnregisterClassA
TranslateMessage
MessageBoxA

kernel32

TlsFree
GetLocalTime
GetVersionExA
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExA
FormatMessageA
CreateFileA
GetDriveTypeA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
SetLastError
SetErrorMode
GetCurrentProcess
GetCurrentProcessId
GetTickCount
GetProcessAffinityMask
SetProcessAffinityMask
LoadLibraryA
GetComputerNameA
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
MultiByteToWideChar
WideCharToMultiByte
LockFileEx
UnlockFileEx
TryEnterCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
IsBadWritePtr
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
DuplicateHandle
SetThreadPriority
ResumeThread
GetThreadTimes
CreateFileW
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointerEx
GetTempPathA
GetTempFileNameA
GetConsoleWindow
LoadResource
LockResource
SizeofResource
FindResourceA
EnterCriticalSection
GetFullPathNameA
GetFullPathNameW
GetComputerNameExA
TerminateProcess
GetExitCodeProcess
CreateProcessA
OpenProcess
TlsSetValue
WritePrivateProfileStringA
GetPrivateProfileSectionA
SetStdHandle
FillConsoleOutputAttribute
SetConsoleTextAttribute
ReadConsoleInputA
SetConsoleMode
LocalFree
CreateDirectoryA
CreateDirectoryW
DeleteFileW
FindNextFileA
MoveFileExW
VirtualQuery
lstrlenA
IsBadReadPtr
IsBadCodePtr
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
ReleaseMutex
CreateMutexA
lstrlenW
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingA
FlushFileBuffers
CreateThread
ExitThread
SetPriorityClass
TlsGetValue
TlsAlloc
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapValidate
HeapFree
HeapAlloc
Beep
MoveFileExA
CopyFileExA
CopyFileA
SleepEx
GetLastError
SetFileTime
SetFileAttributesA
RemoveDirectoryA
GetFileAttributesA
FindFirstFileA
FindClose
DeleteFileA
GetCurrentDirectoryA
GetEnvironmentVariableA
GetCommandLineA
GetStdHandle
GetPrivateProfileStringA
LeaveCriticalSection
EncodePointer
DecodePointer
GetStringTypeW
GetConsoleMode
RaiseException
ExitProcess
RtlUnwind
GetModuleHandleExW
AreFileApisANSI
GetSystemTimeAsFileTime
LoadLibraryExW
GetDriveTypeW
HeapReAlloc
GetFileType
GetModuleFileNameW
WriteConsoleW
GetModuleHandleW
ReadConsoleW
GetConsoleCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
IsProcessorFeaturePresent
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
HeapSize
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
OutputDebugStringW
SetEnvironmentVariableA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ws2_32

accept
bind
closesocket
connect
ioctlsocket
getpeername
htons
inet_ntoa
listen
recv
send
shutdown
socket
gethostbyname
gethostname
WSAStartup
WSACleanup
WSAGetLastError
WSACancelBlockingCall
WSAIoctl

ole32

OleUninitialize
CoCreateGuid
CoCreateInstance
OleInitialize
CoInitialize
CLSIDFromProgID
CoUninitialize

oleaut32

SysAllocString
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString

imagehlp

MapFileAndCheckSumA
CheckSumMappedFile

advapi32

InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetLengthSid
GetAclInformation
GetAce
EqualSid
AddAce
AddAccessAllowedAce
ConvertSidToStringSidA
GetTokenInformation
RegQueryValueExA
RegOpenKeyExA
RegConnectRegistryA
RegCloseKey
LookupAccountSidA
GetUserNameA
OpenProcessToken
SetSecurityDescriptorDacl
LookupAccountNameA
RegCreateKeyExA
RegSetValueExA
SetFileSecurityA
GetFileSecurityA
ConvertStringSidToSidA
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueA
InitializeAcl

rpcrt4

UuidFromStringA

psapi

GetModuleFileNameExA
EnumProcesses

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 683KB - Virtual size: 683KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

710c58409cb40699449dc773f44039be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

shell32

ws2_32

ole32

oleaut32

imagehlp

advapi32

rpcrt4

psapi

version

Sections

.text Size: 683KB - Virtual size: 683KB

.rdata Size: 179KB - Virtual size: 179KB

.data Size: 25KB - Virtual size: 41KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 683KB - Virtual size: 683KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 25KB - Virtual size: 41KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 37KB - Virtual size: 36KB