2024-05-10_709f42ed18db7259702db66837e49800_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-10_709f42ed18db7259702db66837e49800_bkransomware
Size

3.2MB
MD5

709f42ed18db7259702db66837e49800
SHA1

587ba6be5b8df43e7969414deb39846fba7fd574
SHA256

c5dd8eb7314a4294a88a495d76cc282b082a98c1e31119e3ddf1846ec0141b76
SHA512

4f0c9b252e4a4febdfe7bf7f5a97c55ba02a7a7986e78aa1015f0f9ce9ff3d6b7c34da2470e38383167e5f0cc33c0b6978ca61e08c41fa5eea0fee47f4d3c75c
SSDEEP

49152:PGDeGKP4rlSJxRAyzMqSVsTrJc6WIHs/BBo62cVhAEO2YvRkkf:MnKP4rlSJVzMpVsvWBBo62ChAcYvWkf

Score

1^/10

Malware Config

Signatures

Files

2024-05-10_709f42ed18db7259702db66837e49800_bkransomware
.exe windows:5 windows x86 arch:x86

7593ba67b9f5d473511ef6f2704535c2

Code Sign

22:e4:5a:07:06:45:00:79:3a:1b:6a:8f:63:98:9c:d0
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2016, 00:00

Not After

09/05/2017, 23:59

Subject

CN=Smart Solyushns Autsorsing\, TOV,OU=IT,O=Smart Solyushns Autsorsing\, TOV,POSTALCODE=49000,STREET=vul. STARTOVA\, 3,L=Dnipropetrovsk,ST=Dnipropetrovska,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d5:d8:bf:29:81:ec:b5:2b:fc:a5:d1:0e:df:91:db:c9:c9:5d:8d:af
Signer

Actual PE Digest

d5:d8:bf:29:81:ec:b5:2b:fc:a5:d1:0e:df:91:db:c9:c9:5d:8d:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleDisplayMode
SetConsoleCP
Module32FirstW
GetNumberOfConsoleInputEvents
EnumCalendarInfoA
GetCalendarInfoA
CompareStringA
GetVolumePathNameW
GetFullPathNameA
GetSystemWindowsDirectoryW
GetWindowsDirectoryA
OpenFileMappingW
OpenMutexA
SetMailslotInfo
FormatMessageW
PrepareTape
SetHandleInformation
GetThreadContext
SetThreadExecutionState
GetShortPathNameW
CreateToolhelp32Snapshot
VirtualAlloc
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCommandLineA
GetLastError
SetLastError
GetCurrentThreadId
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
RtlUnwind
OutputDebugStringW
HeapAlloc
HeapReAlloc
GetStringTypeW
HeapSize
LCMapStringW
CreateFileW

advapi32

RegSetValueW
RegSetValueA
RegSetKeySecurity
RegQueryValueExA
RegNotifyChangeKeyValue
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExA
InitializeSecurityDescriptor
AddAuditAccessAce
AddAccessDeniedAce
InitializeAcl
AreAllAccessesGranted
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
FreeSid
RegSetValueExA

shell32

ShellExecuteExW
SHGetMalloc
SHGetDesktopFolder

ole32

GetClassFile
OleFlushClipboard
CoFreeLibrary

Sections

.text
Size: 445KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 345KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vwpdo
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7593ba67b9f5d473511ef6f2704535c2

Code Sign

22:e4:5a:07:06:45:00:79:3a:1b:6a:8f:63:98:9c:d0Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

d5:d8:bf:29:81:ec:b5:2b:fc:a5:d1:0e:df:91:db:c9:c9:5d:8d:afSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

Sections

.text Size: 445KB - Virtual size: 444KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 345KB - Virtual size: 1.8MB

.vwpdo Size: 2.4MB - Virtual size: 2.4MB

.rsrc Size: 37KB - Virtual size: 37KB

22:e4:5a:07:06:45:00:79:3a:1b:6a:8f:63:98:9c:d0
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

d5:d8:bf:29:81:ec:b5:2b:fc:a5:d1:0e:df:91:db:c9:c9:5d:8d:af
Signer

.text
Size: 445KB - Virtual size: 444KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 345KB - Virtual size: 1.8MB

.vwpdo
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 37KB - Virtual size: 37KB