2024-05-16_9adf7c18ceb2b7ab6752e13a12b2b128_bkransomware_floxif

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-16_9adf7c18ceb2b7ab6752e13a12b2b128_bkransomware_floxif
Size

4.7MB
MD5

9adf7c18ceb2b7ab6752e13a12b2b128
SHA1

b35ef3a9b4eabec8db69f5076dbbb264ca898fac
SHA256

e3d3c910e1d205d5a9e937d74b8b9f640803f71a7ed3eccf92696f587ab64050
SHA512

12d7d09028554ae9eb054c0c1c20b82adca1c590d7297af3a77530ae89c38fd0f7469fdc775027895c9cab0af0b061e030abf24f8ed75e12317decd512beecf1
SSDEEP

98304:kBe40bl9dRPenSR5gSoCO0DHDB1dE46V3u/e:h3NenwO8L/e

Score

1^/10

Malware Config

Signatures

Files

2024-05-16_9adf7c18ceb2b7ab6752e13a12b2b128_bkransomware_floxif
.exe windows:5 windows x86 arch:x86

fc331e21a1c50ae9f60d3a0c23b3669a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2f:93:06:89:e0:2d:92:9c:08:58:23:f1:2e:80:9e:27
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01-04-2015 00:00

Not After

30-06-2017 23:59

Subject

CN=WIBU-SYSTEMS AG,O=WIBU-SYSTEMS AG,L=Karlsruhe,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:93:06:89:e0:2d:92:9c:08:58:23:f1:2e:80:9e:27
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01-04-2015 00:00

Not After

30-06-2017 23:59

Subject

CN=WIBU-SYSTEMS AG,O=WIBU-SYSTEMS AG,L=Karlsruhe,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:26:7c:75:30:b6:43:1c:bb:eb:8a:06:11:f3:42:82:8c:9e:45:1f:3c:fa:81:6c:65:3e:72:53:74:d0:b3:b4
Signer

Actual PE Digest

80:26:7c:75:30:b6:43:1c:bb:eb:8a:06:11:f3:42:82:8c:9e:45:1f:3c:fa:81:6c:65:3e:72:53:74:d0:b3:b4

Digest Algorithm

sha256

PE Digest Matches

false

87:96:1c:2e:f4:7c:cd:7a:02:00:da:54:5d:4d:6c:fe:e3:3f:0a:96
Signer

Actual PE Digest

87:96:1c:2e:f4:7c:cd:7a:02:00:da:54:5d:4d:6c:fe:e3:3f:0a:96

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

PDB Paths

E:\BUILD\CM_XPM_WK\CM_RELEASE_6_40\wibu\cm\dev\RunTime\exe\obj\Release\winX86V12W\CodeMeter.pdb

Imports

secur32

GetUserNameExW

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
GetTempPathA
GetStartupInfoA
SetConsoleCtrlHandler
TerminateProcess
GetExitCodeProcess
GetLogicalDriveStringsA
QueryDosDeviceA
CreateDirectoryA
DeleteFileA
SetFileAttributesA
SetFileTime
GetTempFileNameA
CopyFileA
MoveFileA
FindClose
FindFirstFileA
FindNextFileA
GetUserDefaultUILanguage
GetSystemDirectoryA
GetWindowsDirectoryA
GetComputerNameA
GetStdHandle
GetConsoleScreenBufferInfo
FlushConsoleInputBuffer
GetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputA
SetConsoleMode
FlushFileBuffers
GetFileSizeEx
GetFileTime
ReadFile
SetEndOfFile
ExpandEnvironmentStringsA
GetVersionExA
SleepEx
GetSystemTimeAsFileTime
DeviceIoControl
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateDirectoryW
GetDiskFreeSpaceW
GetFileSize
GetVolumeInformationW
SetFileAttributesW
GetLogicalDriveStringsW
SetFilePointerEx
ReplaceFileA
FileTimeToLocalFileTime
LocalFree
GetComputerNameExA
IsBadReadPtr
LocalAlloc
CancelIo
FormatMessageW
QueryPerformanceCounter
GetStringTypeW
EncodePointer
DecodePointer
DuplicateHandle
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
WritePrivateProfileSectionA
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
WaitForMultipleObjects
OpenEventA
CreateEventA
ResetEvent
ExitThread
GetCurrentThreadId
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VerifyVersionInfoW
AreFileApisANSI
LoadLibraryA
FormatMessageA
GetModuleHandleA
IsWow64Process
GetCurrentProcess
SetLastError
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExA
GetProcAddress
FreeLibrary
RaiseException
OpenProcess
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentThread
ExitProcess
GetModuleFileNameA
OpenSemaphoreA
GetTickCount
SetEvent
SetErrorMode
QueryDosDeviceW
GetDriveTypeW
GetDriveTypeA
WriteFile
CreateFileW
lstrcmpiA
GetLastError
CreateFileA
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetCurrentProcessId
CloseHandle
OutputDebugStringA
lstrlenA
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
WriteConsoleW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetEnvironmentVariableW
CreateSemaphoreA
SetFilePointer
SetStdHandle
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
ReadConsoleW
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryW
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
HeapSize
GetModuleFileNameW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetStartupInfoW
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
LoadLibraryExW
GetCPInfo
GetCommandLineA
GetModuleHandleExW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
GetModuleHandleW
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
CreateTimerQueue
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList

advapi32

LookupAccountNameA
SetSecurityDescriptorDacl
RegCloseKey
CryptGenRandom
QueryServiceStatusEx
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
LsaFreeMemory
ConvertSidToStringSidA
ReadEventLogA
OpenEventLogA
CloseEventLog
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
GetUserNameA
GetLengthSid
CopySid
RegConnectRegistryA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegDeleteValueA
StartServiceA
QueryServiceStatus
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
ChangeServiceConfig2A
LookupPrivilegeNameA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegSetValueExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
FreeSid
EqualSid
AllocateAndInitializeSid
LookupAccountSidA
GetTokenInformation
OpenProcessToken
LookupPrivilegeValueA
ImpersonateSelf
AdjustTokenPrivileges
OpenThreadToken
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetFolderLocation

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

iphlpapi

GetAdaptersAddresses
GetIpAddrTable

ws2_32

getpeername
WSACleanup
WSAStartup
listen
accept
__WSAFDIsSet
WSAGetLastError
socket
setsockopt
sendto
recvfrom
inet_ntoa
htons
getaddrinfo
getsockname
bind
shutdown
send
select
recv
closesocket
gethostname
freeaddrinfo
WSARecv
connect
getsockopt
WSASend
inet_addr
ntohl
gethostbyname
ntohs
WSASetLastError
ioctlsocket
htonl
gethostbyaddr
getnameinfo

netapi32

NetApiBufferFree
NetServerEnum
NetGroupEnum
NetUserGetGroups
NetUserEnum
DsEnumerateDomainTrustsA

psapi

GetModuleFileNameExA

setupapi

CMP_WaitNoPendingInstallEvents
SetupDiGetClassDevsA
CM_Get_Child
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDA
CM_Get_Device_ID_Size
CM_Get_DevNode_Registry_PropertyA
CM_Get_Parent
CM_Get_Sibling
SetupDiOpenDeviceInfoA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc331e21a1c50ae9f60d3a0c23b3669a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2f:93:06:89:e0:2d:92:9c:08:58:23:f1:2e:80:9e:27Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

2f:93:06:89:e0:2d:92:9c:08:58:23:f1:2e:80:9e:27Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

80:26:7c:75:30:b6:43:1c:bb:eb:8a:06:11:f3:42:82:8c:9e:45:1f:3c:fa:81:6c:65:3e:72:53:74:d0:b3:b4Signer

87:96:1c:2e:f4:7c:cd:7a:02:00:da:54:5d:4d:6c:fe:e3:3f:0a:96Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

secur32

kernel32

advapi32

shell32

version

iphlpapi

ws2_32

netapi32

psapi

setupapi

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 539KB - Virtual size: 539KB

.data Size: 184KB - Virtual size: 349KB

.rsrc Size: 211KB - Virtual size: 211KB

.reloc Size: 185KB - Virtual size: 185KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2f:93:06:89:e0:2d:92:9c:08:58:23:f1:2e:80:9e:27
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

2f:93:06:89:e0:2d:92:9c:08:58:23:f1:2e:80:9e:27
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

80:26:7c:75:30:b6:43:1c:bb:eb:8a:06:11:f3:42:82:8c:9e:45:1f:3c:fa:81:6c:65:3e:72:53:74:d0:b3:b4
Signer

87:96:1c:2e:f4:7c:cd:7a:02:00:da:54:5d:4d:6c:fe:e3:3f:0a:96
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 539KB - Virtual size: 539KB

.data
Size: 184KB - Virtual size: 349KB

.rsrc
Size: 211KB - Virtual size: 211KB

.reloc
Size: 185KB - Virtual size: 185KB