2024-05-08_e88b5209863e0cb7032d2bfcf16d146c_bkransomware_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-08_e88b5209863e0cb7032d2bfcf16d146c_bkransomware_revil
Size

8.7MB
MD5

e88b5209863e0cb7032d2bfcf16d146c
SHA1

36b86ae08897018e7fc8f81f408d4d1106be54d7
SHA256

cf4ee5a132fa48884bedfa80492b3e3b38dc296ba6c05a55ea4bf89a4b984b41
SHA512

21a0bc251c95bfad479bd843443e4bbf99731091dc5d4c18747a12a5c62abb8c2a1600a14ce13e72b09b09234809dad59f8b8196b835022c480bdfe616988d22
SSDEEP

196608:Qahyk1guc1CPwDv3uFR0ZOagyBDf+fUpC7nk1guc1CPwDv3uFR0ZOagyBDf+Nl:Qlbuc1CPwDv3uFmTgyBDfc2C7nbuc1Cx

Score

1^/10

Malware Config

Signatures

Files

2024-05-08_e88b5209863e0cb7032d2bfcf16d146c_bkransomware_revil
.exe windows:5 windows x86 arch:x86

c6b434223f2a850a9045fad0e6ff674c

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:ae:c1:0a:2f:9d:6a:a9:81:c0:21:94:94:4c:5e:7a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/01/2019, 00:00

Not After

16/01/2020, 12:00

Subject

CN=Marcotte Systems Ltd,O=Marcotte Systems Ltd,L=Boucherville,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:8d:71:98:94:af:dd:fa:ef:6e:7e:82:1f:e7:ad:99:45:c9:d0:33
Signer

Actual PE Digest

e0:8d:71:98:94:af:dd:fa:ef:6e:7e:82:1f:e7:ad:99:45:c9:d0:33

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\projects\libs\fv.pdb

Imports

user32

PeekMessageA
PostMessageA
GetWindowTextA
GetWindowTextLengthA
EnumWindows
GetWindowThreadProcessId
DispatchMessageA
wsprintfA
UnregisterClassA
LoadStringA
MessageBoxA
TranslateMessage

kernel32

GetLocalTime
GetVersionExA
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExA
FormatMessageA
CreateFileA
GetDriveTypeA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
SetLastError
SetErrorMode
GetCurrentProcess
GetCurrentProcessId
GetTickCount
GetProcessAffinityMask
SetProcessAffinityMask
LoadLibraryA
GetComputerNameA
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
MultiByteToWideChar
WideCharToMultiByte
LockFileEx
UnlockFileEx
TryEnterCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
IsBadWritePtr
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
DuplicateHandle
SetThreadPriority
ResumeThread
GetThreadTimes
CreateFileW
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointerEx
GetTempPathA
GetTempFileNameA
GetConsoleWindow
LoadResource
LockResource
SizeofResource
FindResourceA
SetEnvironmentVariableA
EnterCriticalSection
GetFullPathNameA
GetFullPathNameW
GetComputerNameExA
TerminateProcess
GetExitCodeProcess
CreateProcessA
OpenProcess
GetPrivateProfileStringA
TlsFree
GetPrivateProfileSectionA
SetStdHandle
FillConsoleOutputAttribute
SetConsoleTextAttribute
ReadConsoleInputA
SetConsoleMode
LocalFree
CreateDirectoryA
CreateDirectoryW
DeleteFileW
FindNextFileA
MoveFileExW
VirtualQuery
lstrlenA
IsBadReadPtr
IsBadCodePtr
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
ReleaseMutex
CreateMutexA
lstrlenW
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingA
FlushFileBuffers
CreateThread
ExitThread
SetPriorityClass
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapValidate
HeapFree
HeapAlloc
Beep
MoveFileExA
CopyFileExA
CopyFileA
SleepEx
GetLastError
SetFileTime
SetFileAttributesA
RemoveDirectoryA
GetFileAttributesA
FindFirstFileA
FindClose
DeleteFileA
GetCurrentDirectoryA
GetEnvironmentVariableA
GetCommandLineA
GetStdHandle
WritePrivateProfileStringA
LeaveCriticalSection
EncodePointer
DecodePointer
GetStringTypeW
RaiseException
RtlUnwind
GetModuleHandleExW
ExitProcess
AreFileApisANSI
GetSystemTimeAsFileTime
LoadLibraryExW
GetDriveTypeW
GetConsoleMode
HeapReAlloc
GetFileType
GetModuleFileNameW
WriteConsoleW
GetModuleHandleW
ReadConsoleW
GetConsoleCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
IsProcessorFeaturePresent
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
HeapSize
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
OutputDebugStringW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ws2_32

accept
bind
closesocket
connect
ioctlsocket
getpeername
htons
inet_ntoa
listen
recv
send
shutdown
socket
gethostbyname
gethostname
WSAStartup
WSACleanup
WSAGetLastError
WSACancelBlockingCall
WSAIoctl

ole32

OleUninitialize
CoCreateGuid
CoCreateInstance
CLSIDFromProgID
OleInitialize
CoInitializeSecurity
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SafeArrayDestroy
VariantChangeType
VariantCopy
VariantClear
VariantInit

imagehlp

MapFileAndCheckSumA
CheckSumMappedFile

advapi32

EqualSid
AddAccessAllowedAce
ConvertSidToStringSidA
GetTokenInformation
RegQueryValueExA
RegOpenKeyExA
RegConnectRegistryA
RegCloseKey
LookupAccountSidA
GetUserNameA
OpenProcessToken
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameA
RegCreateKeyExA
RegSetValueExA
SetFileSecurityA
GetFileSecurityA
ConvertStringSidToSidA
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueA
AddAce

rpcrt4

UuidFromStringA

psapi

EnumProcesses
GetModuleFileNameExA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 701KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6b434223f2a850a9045fad0e6ff674c

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0f:ae:c1:0a:2f:9d:6a:a9:81:c0:21:94:94:4c:5e:7aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

e0:8d:71:98:94:af:dd:fa:ef:6e:7e:82:1f:e7:ad:99:45:c9:d0:33Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

shell32

ws2_32

ole32

oleaut32

imagehlp

advapi32

rpcrt4

psapi

version

Sections

.text Size: 701KB - Virtual size: 700KB

.rdata Size: 184KB - Virtual size: 183KB

.data Size: 25KB - Virtual size: 41KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 38KB - Virtual size: 37KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:ae:c1:0a:2f:9d:6a:a9:81:c0:21:94:94:4c:5e:7a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

e0:8d:71:98:94:af:dd:fa:ef:6e:7e:82:1f:e7:ad:99:45:c9:d0:33
Signer

.text
Size: 701KB - Virtual size: 700KB

.rdata
Size: 184KB - Virtual size: 183KB

.data
Size: 25KB - Virtual size: 41KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 38KB - Virtual size: 37KB