2024-05-22_ed92c5f26ec78939c5c17c666fc48fe0_bkransomware

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-22_ed92c5f26ec78939c5c17c666fc48fe0_bkransomware
Size

715KB
MD5

ed92c5f26ec78939c5c17c666fc48fe0
SHA1

8c1b27c7f7e2144cbf3e5983f071d8da5ac11ab3
SHA256

f9ab82aa088dfa2c4cce2d997cc090937863d8babbf08b8e48a77d07585c7466
SHA512

0e74dbb27f72efaf5adeb06ca0575634a5b2b680f3139a63b43b4933790c03937533ea21ff6c6b3fdc46a9a3777097668356b839f9a6d4a5c4e2578c219b0c31
SSDEEP

6144:yb/G6OTmGWBsC8DH9XWUtWu68EW8ciWPbDG6N9RF4/yTDZ+9haCZvq+JiL/7CNjT:ZZ39ptW98iA9OyTDZ+nXeaZ3E+d2BS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-05-22_ed92c5f26ec78939c5c17c666fc48fe0_bkransomware

Files

2024-05-22_ed92c5f26ec78939c5c17c666fc48fe0_bkransomware
.exe windows:5 windows x86 arch:x86

8dabae1d6eec46ac286f7071178eab44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DCB\CBT_Main\Acrobat\Installers\BootStrapExe_Small\Release\Setup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
LoadLibraryExA
GetCommandLineW
GetSystemTimeAsFileTime
RtlUnwind
CreateThread
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
SetStdHandle
GetFileType
ExitProcess
GetModuleHandleExW
LocalAlloc
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
OutputDebugStringW
LCMapStringW
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
FileTimeToSystemTime
FindNextFileW
FileTimeToLocalFileTime
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
EncodePointer
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleA
GetModuleFileNameW
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
GetUserDefaultUILanguage
GetVersionExW
DeleteFileW
GetTempFileNameW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
GetSystemInfo
GetCurrentProcess
FreeResource
GetTempPathW
CopyFileW
CreateFileW
GetCurrentDirectoryW
GetSystemDirectoryW
CreateProcessW
CloseHandle
WaitForSingleObject
SetLastError
GetLastError
GetExitCodeProcess
GetUserDefaultLangID
LoadLibraryW
Sleep
ResumeThread
FreeLibrary
GetThreadPriority
FindResourceW
FormatMessageW
SizeofResource
LoadResource
LocalFree
LockResource
SetDllDirectoryW
SetCurrentDirectoryW
GetSystemWindowsDirectoryW
GetModuleHandleW
GetProcAddress
HeapQueryInformation

user32

InvalidateRect
DestroyMenu
RealChildWindowFromPoint
ClientToScreen
EndPaint
BeginPaint
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadCursorW
GetSysColorBrush
ReleaseDC
GetDC
GetWindowThreadProcessId
SetCursor
PostQuitMessage
GetSystemMetrics
CharUpperW
GetCursorPos
TranslateMessage
GetMessageW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
GetWindowRect
GetClientRect
RemovePropW
GetPropW
SetPropW
ValidateRect
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetDesktopWindow
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
CreateDialogIndirectParamW
DestroyWindow
IsDialogMessageW
GetWindow
SetWindowLongW
GetWindowLongW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
GetFocus
SetFocus
AdjustWindowRectEx
GetDlgCtrlID
GetDlgItem
SetWindowPos
ShowWindow
IsWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetParent
SendDlgItemMessageA
UnregisterClassW
EndDialog
PostMessageW
EnableWindow
KillTimer
SetTimer
SendMessageW
RedrawWindow
GetClassNameW

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SelectObject
CreateBitmap
GetDeviceCaps
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteObject
DeleteDC
GetObjectW
SetTextColor
SetBkColor
SetMapMode

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
InitiateSystemShutdownW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegCreateKeyW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathFileExistsW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
StrFormatByteSizeW

ole32

CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString

urlmon

URLDownloadToFileW

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 382KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dabae1d6eec46ac286f7071178eab44

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

urlmon

Sections

.text Size: 237KB - Virtual size: 236KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 10KB - Virtual size: 26KB

.rsrc Size: 382KB - Virtual size: 384KB

.text
Size: 237KB - Virtual size: 236KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 10KB - Virtual size: 26KB

.rsrc
Size: 382KB - Virtual size: 384KB