2024-05-12_48ee8e2cffdccc3b6c95a43b0ac1bf5d_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-12_48ee8e2cffdccc3b6c95a43b0ac1bf5d_bkransomware
Size

1.6MB
MD5

48ee8e2cffdccc3b6c95a43b0ac1bf5d
SHA1

bd989877495e14ce65a9d236d5f4ea2788ad0442
SHA256

9a839af36db0457a20bfc6117326fce2aff999874fa30a9be4d569c50ed93463
SHA512

fdef68bd8c5924b621c34654ec3c2e04b6260fd1d65fc3ae3ceff28fcc3c3b5ba1d7c38a3ed27fe9ea51291f6af613407a947b5361c5147ebbb7c59306f3b2dc
SSDEEP

24576:9HLt/K8+xBuKhpSK438pckG0WY9gxdvAp2ei9tige/5pgvKU+9ZVxOqXeCzTyist:9HLt+gSUa3qZp2ybYbVzRDcuwv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-12_48ee8e2cffdccc3b6c95a43b0ac1bf5d_bkransomware

Files

2024-05-12_48ee8e2cffdccc3b6c95a43b0ac1bf5d_bkransomware
.exe windows:5 windows x86 arch:x86

5ec9935e5eafed42cc63d6ebb1b6a0b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\_develop\notepad2\notepad2-mod\mywork\4.2.25 rev915\Eng\bin\VS2013\Release_x86\Notepad2.pdb

Imports

comctl32

CreateStatusWindowW
ImageList_AddMasked
ord8
ImageList_Destroy
ImageList_Create
InitCommonControlsEx

shlwapi

StrCatBuffA
StrCpyNW
StrDupA
StrStrIA
StrChrIA
StrTrimA
PathMatchSpecW
StrRetToBufW
StrNCatW
StrCatW
StrCmpIW
StrCmpW
StrStrA
UrlEscapeW
StrCmpNA
StrDupW
StrChrA
StrCmpNIA
StrCpyW
UrlUnescapeW
PathRelativePathToW
PathIsPrefixW
PathUnExpandEnvStringsW
PathIsDirectoryW
PathFindExtensionW
PathIsUNCW
StrStrW
PathIsRelativeW
PathCanonicalizeW
PathGetDriveNumberW
PathIsRootW
PathAppendW
StrChrIW
StrCmpNIW
PathCommonPrefixW
PathCompactPathExW
PathStripToRootW
StrRChrW
StrFormatByteSizeW
PathRenameExtensionW
StrStrIW
PathQuoteSpacesW
PathUnquoteSpacesW
PathFileExistsW
StrChrW
SHAutoComplete
StrTrimW
PathRemoveFileSpecW
PathFindFileNameW
StrCatBuffW

kernel32

LocalFree
lstrcpyW
CreateThread
lstrcmpW
GetFileSize
lstrcmpA
lstrlenA
GetCPInfo
lstrcpynA
SetEndOfFile
GlobalSize
GlobalLock
GetModuleHandleW
GetTickCount
WriteFile
WideCharToMultiByte
ReadFile
CreateFileW
lstrcatA
GetACP
MultiByteToWideChar
GlobalUnlock
GetLastError
lstrcmpiA
GetProcAddress
IsValidCodePage
GetOEMCP
LocalSize
LCMapStringW
lstrcpyA
FreeResource
FindResourceW
LoadResource
GetCurrentProcess
GetLocaleInfoW
SizeofResource
MulDiv
WritePrivateProfileSectionW
GetLongPathNameW
LockResource
GetModuleHandleA
GetWindowsDirectoryW
GetPrivateProfileSectionW
ExpandEnvironmentStringsW
GetCommandLineW
GetDateFormatW
SearchPathW
FindFirstFileW
FindFirstChangeNotificationW
SetErrorMode
FreeLibrary
CreateProcessW
CompareFileTime
FindCloseChangeNotification
GetPrivateProfileStringW
LoadLibraryW
GetTimeFormatW
GetStartupInfoW
FindClose
GetLocalTime
SetCurrentDirectoryW
FindNextChangeNotification
GetVersion
SetFileAttributesW
SetEvent
GlobalAlloc
FormatMessageW
lstrcpynW
CloseHandle
GetModuleFileNameW
ExitThread
lstrlenW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
ReadConsoleW
OutputDebugStringW
RtlUnwind
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetModuleFileNameA
GetFileType
GetStdHandle
RaiseException
HeapSize
GetModuleHandleExW
ExitProcess
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CompareStringW
HeapAlloc
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
GetSystemTimeAsFileTime
GetCommandLineA
DecodePointer
EncodePointer
HeapFree
IsProcessorFeaturePresent
IsDebuggerPresent
DeleteCriticalSection
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
InitializeCriticalSection
QueryPerformanceCounter
LoadLibraryExW
GetLocaleInfoA
lstrcatW
lstrcmpiW
CreateEventW
LocalAlloc
ResetEvent
GetFileAttributesW
GlobalFree
WaitForSingleObject

user32

SetCapture
DestroyCursor
GetCaretBlinkTime
ShowOwnedPopups
ClientToScreen
SetWindowPlacement
TranslateAcceleratorW
SetTimer
ScreenToClient
GetMessageW
PostQuitMessage
TrackPopupMenu
ShowWindowAsync
RegisterWindowMessageW
IsChild
UnregisterClassW
KillTimer
IsZoomed
GetSubMenu
CopyImage
EnumWindows
GetDoubleClickTime
LoadAcceleratorsW
GetForegroundWindow
IsDialogMessageW
GetWindowPlacement
OffsetRect
TrackPopupMenuEx
CheckMenuRadioItem
IntersectRect
LoadMenuW
GetClassNameW
EnableMenuItem
ChangeClipboardChain
IsWindow
SetMenuDefaultItem
EqualRect
MessageBoxW
RegisterClassW
IsWindowVisible
CountClipboardFormats
UpdateWindow
DestroyMenu
GetDlgCtrlID
SetClipboardViewer
DefWindowProcW
CheckMenuItem
DrawAnimatedRects
GetWindowRect
CharUpperBuffW
DialogBoxIndirectParamW
SetForegroundWindow
GetMenuStringW
IsWindowEnabled
GetClientRect
GetDC
GetMenu
CreateDialogIndirectParamW
SetRect
InvalidateRect
SystemParametersInfoW
ReleaseDC
GetMenuState
SetWindowPos
FindWindowExW
AdjustWindowRectEx
DeferWindowPos
GetSystemMetrics
MapWindowPoints
GetMonitorInfoW
MonitorFromRect
DestroyWindow
SetCursor
CloseClipboard
GetSystemMenu
CharNextW
GetKeyState
IsClipboardFormatAvailable
LoadCursorW
wsprintfA
IsCharLowerA
SetFocus
IsCharUpperW
CharLowerW
GetCapture
ChildWindowFromPoint
SetCursorPos
CharLowerA
GetClipboardData
EmptyClipboard
CharUpperW
GetSysColor
GetCursorPos
GetSysColorBrush
IsCharLowerW
GetActiveWindow
CreateWindowExW
InsertMenuW
OpenClipboard
ReleaseCapture
SetClipboardData
SetWindowTextW
IsCharAlphaNumericA
GetParent
GetWindowTextLengthW
GetDlgItemInt
RemovePropW
wvsprintfW
LoadImageW
PostMessageW
GetFocus
MessageBeep
CharPrevW
wsprintfW
SetPropW
TranslateMessage
SetDlgItemInt
LoadIconW
IsCharAlphaNumericW
GetWindowLongW
PeekMessageW
GetDlgItem
SetWindowLongW
EndDialog
SendDlgItemMessageW
LoadStringW
CheckDlgButton
ShowWindow
IsDlgButtonChecked
GetMessageTime
SetScrollInfo
RegisterClipboardFormatW
SetCaretPos
CreateCaret
AppendMenuA
DestroyCaret
IsWindowUnicode
GetScrollInfo
GetKeyboardLayout
RegisterClassExW
BeginPaint
ShowCaret
MsgWaitForMultipleObjects
HideCaret
GetUpdateRgn
EndPaint
CallWindowProcW
SystemParametersInfoA
FrameRect
CreatePopupMenu
InflateRect
DrawFocusRect
GetIconInfo
CreateIconIndirect
DrawTextA
DrawTextW
FillRect
CheckRadioButton
MessageBoxIndirectW
BeginDeferWindowPos
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
EnableWindow
EndDeferWindowPos
MessageBoxExW
GetPropW
DispatchMessageW
IsIconic
SetActiveWindow

gdi32

Polygon
GetTextExtentPoint32A
BitBlt
CreateDIBSection
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgn
CombineRgn
CreateBitmap
CreateSolidBrush
ExtTextOutA
IntersectClipRect
RoundRect
CreatePatternBrush
GetNearestColor
GetTextExtentExPointA
GetTextExtentExPointW
Ellipse
StretchBlt
MoveToEx
EndPage
GetTextMetricsW
LineTo
StartPage
DeleteDC
SetBkColor
DPtoLP
ExtTextOutW
CreateFontW
StartDocW
CreatePen
SetTextAlign
EndDoc
TranslateCharsetInfo
GetTextExtentPoint32W
EnumFontsW
GetDeviceCaps
SetMapMode
SetTextColor
SetBkMode
SelectObject
CreateFontIndirectW
DeleteObject
GetObjectW
GetStockObject
Rectangle

comdlg32

ChooseFontW
PrintDlgW
PageSetupDlgW
GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

advapi32

GetTokenInformation
OpenProcessToken
IsTextUnicode
RegSetValueW
RegOpenKeyW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
RegCreateKeyW

shell32

ShellExecuteExW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetDataFromIDListW
SHAppBarMessage
DragFinish
DragQueryFileW
DragAcceptFiles
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ord180
SHGetFolderPathW
SHAddToRecentDocs
SHBrowseForFolderW

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoUninitialize
RevokeDragDrop
DoDragDrop
RegisterDragDrop

imm32

ImmSetCompositionFontA
ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmNotifyIME
ImmGetContext

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 170KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ec9935e5eafed42cc63d6ebb1b6a0b5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

imm32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 170KB - Virtual size: 210KB

.idata Size: 12KB - Virtual size: 11KB

.rsrc Size: 191KB - Virtual size: 191KB

.reloc Size: 49KB - Virtual size: 48KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 170KB - Virtual size: 210KB

.idata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 191KB - Virtual size: 191KB

.reloc
Size: 49KB - Virtual size: 48KB