2024-05-09_29ce02a166ff4afb2242724a3672a9e7_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-09_29ce02a166ff4afb2242724a3672a9e7_bkransomware
Size

4.4MB
MD5

29ce02a166ff4afb2242724a3672a9e7
SHA1

261e4bd38d29a7759b0c30e34adda46883c8d01b
SHA256

3efd12f25308997ebeffc5f65bb9a6d483b6854a8822c7045dc8cf93110d307d
SHA512

3f3e5c77b00e792d38c954c6fb40363f4d63970b175b6996a8bf02b26b8b580dc530247614dad3604b520758587e013e9759c26dafaf3aa9148846d32a76c59c
SSDEEP

98304:CWfPjXLbZkcra+yq/6jZXkORQ6g+XaAeauhQ1:7n7LlBrtyqytXkOR9qAe5+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-09_29ce02a166ff4afb2242724a3672a9e7_bkransomware

Files

2024-05-09_29ce02a166ff4afb2242724a3672a9e7_bkransomware
.exe windows:5 windows x86 arch:x86

7412eab1d30da0918d51faafc39ed202

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
GetLocalTime
GetCurrentThreadId
ExitProcess
CloseHandle
lstrcpyA
WriteFile
CreateFileA
SetFilePointer
FreeLibrary
DeleteFileA
ExitThread
ResumeThread
SetThreadPriority
CreateThread
lstrcpyW
GetProcAddress
LoadLibraryA
lstrlenA
GetModuleHandleA
ResetEvent
WaitForSingleObject
CreateEventA
SetEvent
lstrcatA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalSize
GlobalFree
GlobalAlloc
lstrcmpA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVersionExA
GetSystemInfo
GetOEMCP
GlobalMemoryStatus
OutputDebugStringA
lstrlenW
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentDirectoryA
SetCurrentDirectoryA
DeleteFileW
SuspendThread
GetCurrentThread
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTempFileNameA
ReadFile
GetExitCodeThread
GetFileSize
FindFirstFileA
FindNextFileA
FindClose
HeapReAlloc
WaitForMultipleObjects
GetThreadPriority
lstrcmpW
MulDiv
lstrcpynW
InterlockedIncrement
InterlockedDecrement
CreateSemaphoreA
ReleaseSemaphore
VirtualAlloc
VirtualFree
CreateFileW
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetCommandLineA
RtlUnwind
RaiseException
GetModuleHandleExW
AreFileApisANSI
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateDirectoryW
GetStdHandle
GetModuleFileNameW
GetConsoleMode
ReadConsoleW
GetFileType
IsValidCodePage
GetACP
GetCPInfo
GetConsoleCP
HeapSize
GetModuleFileNameA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
FlushFileBuffers
LoadLibraryExW
OutputDebugStringW
SetStdHandle
GetStringTypeW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CompareStringW
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
SetEndOfFile
MultiByteToWideChar
InitializeCriticalSection
WideCharToMultiByte

user32

FindWindowA
ReleaseDC
GetDC
GetDesktopWindow
GetSystemMetrics
GetWindowRect
SetMenu
SetWindowTextA
SetClassLongA
LoadIconA
SetWindowsHookExA
SystemParametersInfoA
UpdateWindow
ShowWindow
GetClipboardData
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
SetClipboardData
EmptyClipboard
SetWindowRgn
SendMessageA
GetMenuItemInfoA
GetMenuItemCount
PostMessageA
ShowCursor
SetCursorPos
GetClientRect
UnhookWindowsHookEx
ChangeDisplaySettingsA
SetWindowPos
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetActiveWindow
DestroyWindow
SetWindowLongA
ClientToScreen
DrawMenuBar
MoveWindow
SetCursor
PostQuitMessage
EndPaint
FillRect
BeginPaint
DestroyMenu
BringWindowToTop
LoadCursorA
GetKeyboardState
EnumDisplaySettingsA
SetTimer
KillTimer
PostThreadMessageA
GetQueueStatus
RegisterWindowMessageA
MsgWaitForMultipleObjects
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetCursorPos
ClipCursor
MessageBoxA
DefWindowProcA
CreateWindowExA
GetWindowLongA
UnregisterClassA
RegisterClassExA
PeekMessageA
AdjustWindowRectEx
IsDialogMessageA

advapi32

CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptHashData

shell32

DragQueryFileA
ShellExecuteA
DragAcceptFiles
DragFinish

ws2_32

send
gethostbyname
closesocket
socket
recv
WSACleanup
htons
inet_addr
WSAStartup
connect
WSAAsyncSelect

gdi32

CreateCompatibleDC
Rectangle
SelectObject
SetDIBitsToDevice
SetTextColor
SetBkColor
SetBkMode
DeleteDC
GetObjectA
DeleteObject
StretchDIBits
GetDeviceCaps
GetTextExtentPoint32A
TextOutA
CreateFontA
GetTextMetricsA
GetGlyphOutlineA
EnumFontFamiliesExA
CreateSolidBrush
GetStockObject
CreateDIBSection

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 649KB - Virtual size: 649KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 664KB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7412eab1d30da0918d51faafc39ed202

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

gdi32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 649KB - Virtual size: 649KB

.data Size: 664KB - Virtual size: 4.3MB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 123KB - Virtual size: 122KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 649KB - Virtual size: 649KB

.data
Size: 664KB - Virtual size: 4.3MB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 123KB - Virtual size: 122KB