2024-05-22_f0824d1c64d3308021cccd40bf58bc3d_bkransomware

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-22_f0824d1c64d3308021cccd40bf58bc3d_bkransomware
Size

1.1MB
MD5

f0824d1c64d3308021cccd40bf58bc3d
SHA1

7b7506c577aa11ecf99dc2670f19d2d99673c7c0
SHA256

a8aaf5b9bcd66be6b41df390b5bf796069cc60402d66fbf98150887ef9c33b2a
SHA512

63167538bf62f8f5ff42c26a5e8d4a3aba5424d143b5a4ffdb5a9dc17fc8106e4415d43a47c4aaace9394f86948d439f5c31e6107651adadf72161303b809b7b
SSDEEP

12288:rNbqySdQlt+x7IhtWlaHrICP3kM6XvNdQbbErj/TAVaTGFEissahXNWucB5gI0mK:ruHC8ak5lguy0W2gbH4LoyUQsf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-22_f0824d1c64d3308021cccd40bf58bc3d_bkransomware

Files

2024-05-22_f0824d1c64d3308021cccd40bf58bc3d_bkransomware
.exe windows:6 windows x86 arch:x86

06893c12f5693df7da38cb78056e7851

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\bamboo\home\xml-data\build-dir\BDAG-TRUNK-SOURCES\bin\Win32\Release\ProductAgentUI.pdb

Imports

kernel32

GetSystemTimeAsFileTime
SetEndOfFile
CreateFileW
WriteConsoleW
ReadConsoleW
SetStdHandle
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
GetFileType
GetModuleHandleExW
ExitProcess
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FormatMessageW
GetTimeFormatW
GetDateFormatW
ExitThread
CreateSemaphoreW
GetTickCount
GetStartupInfoW
TerminateProcess
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
MultiByteToWideChar
GlobalUnlock
GlobalLock
FormatMessageA
CreateThread
ReadFile
GlobalAlloc
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetACP
GetCPInfo
CreateTimerQueue
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
SetEnvironmentVariableA
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetStringTypeW
WriteFile
GetStdHandle
WaitForSingleObject
LoadLibraryExW
GetProcAddress
Sleep
InitializeCriticalSection
CopyFileW
GetFileAttributesW
FreeLibrary
GetModuleFileNameW
LoadLibraryW
FindResourceExW
OutputDebugStringW
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
LocalFree
GetCommandLineW
WaitForMultipleObjects
OpenEventW
CreateEventW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetEvent
CloseHandle
DecodePointer
InitializeCriticalSectionEx
GetLastError
RaiseException
CompareStringW
DeleteCriticalSection
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread

user32

EnableWindow
SetWindowTextW
GetWindowLongW
SetClipboardData
PostMessageW
GetPropW
GetMonitorInfoW
DispatchMessageW
BringWindowToTop
GetKeyState
GetClientRect
SetWindowPos
LoadStringW
GetParent
LoadIconW
SetClassLongW
IsWindow
DestroyWindow
RegisterWindowMessageW
CloseClipboard
GetWindowRect
SetActiveWindow
GetMessageW
OpenClipboard
DefDlgProcW
TranslateMessage
IsDialogMessageW
RegisterClassExW
CreateDialogIndirectParamW
GetAncestor
EmptyClipboard
MonitorFromWindow
SetWindowLongW
GetDesktopWindow
ShowWindow
GetActiveWindow
CreateWindowExW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

CommandLineToArgvW

ole32

OleSetContainedObject
OleUninitialize
CoGetClassObject
OleInitialize

oleaut32

SysFreeString
SysAllocString

shlwapi

PathStripPathW
PathCombineW
PathRemoveFileSpecW
PathAppendW
PathIsRelativeW
SHGetValueW

winmm

timeGetTime

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetSetOptionW

htmlayout

HTMLayoutLoadFile
HTMLayoutSelectElementsW
HTMLayoutSetCallback
HTMLayoutProcND
HTMLayoutDataReady
HTMLayoutUpdateElement
HTMLayoutVisitElements
HTMLayoutLoadHtmlEx
HTMLayoutSetElementInnerText16
HTMLayoutSetElementHtml
HTMLayoutUpdateElementEx
HTMLayoutSelectElements
HTMLayoutGetRootElement
HTMLayoutSetAttributeByName
HTMLayoutGetElementHwnd
HTMLayoutSetStyleAttribute
HTMLayoutGetAttributeByName
HTMLayoutGetStyleAttribute
HTMLayout_UnuseElement
HTMLayout_UseElement
HTMLayoutGetElementHtml
HTMLayoutSetOption
HTMLayoutWindowDetachEventHandler
HTMLayoutGetElementLocation
HTMLayoutWindowAttachEventHandler

Sections

.text
Size: 540KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 353KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06893c12f5693df7da38cb78056e7851

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

winmm

version

wininet

htmlayout

Sections

.text Size: 540KB - Virtual size: 539KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 23KB - Virtual size: 41KB

.rsrc Size: 353KB - Virtual size: 353KB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 540KB - Virtual size: 539KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 23KB - Virtual size: 41KB

.rsrc
Size: 353KB - Virtual size: 353KB

.reloc
Size: 31KB - Virtual size: 30KB