2024-05-24_a855a656d61d7408c461649e823ae5a3_bkransomware

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-24_a855a656d61d7408c461649e823ae5a3_bkransomware
Size

1.0MB
MD5

a855a656d61d7408c461649e823ae5a3
SHA1

ffa5ecc85ce4a2096d99bec4e1593abe5eb0143b
SHA256

3f5d15ef36d2d6691560ba6ee13be03c6331e801735dbe8a7a0f3677e02601bf
SHA512

162023cc45ac3c6b73520c17eaff4a1c716aaa7d4a67fc0d0584457704f0a39d3bc1e5c33b4e4fc23f7a840e152b8241b6b6c76534ef1685ee9d26280d5e0642
SSDEEP

12288:OB1FsD8AMAVrHvENTPEsE/ffPE3WEszWeiMZhZMOlenh+FMIVDTGg4P3ALeIdPNX:OB1FsD8AMAV7ERo3krBa+OlNVaPwLB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_a855a656d61d7408c461649e823ae5a3_bkransomware

Files

2024-05-24_a855a656d61d7408c461649e823ae5a3_bkransomware
.exe windows:6 windows x86 arch:x86

1c41f309b96b83a1145c682c3cf6efe7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\SwrBuilds\Vmax\Vmax28-5b\Release\visbo2.pdb

Imports

kernel32

IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
AreFileApisANSI
MultiByteToWideChar
SetFilePointerEx
GetConsoleMode
ReadConsoleW
WideCharToMultiByte
GetConsoleCP
GetSystemTimeAsFileTime
GetDriveTypeW
GetLocalTime
RtlUnwind
EncodePointer
DecodePointer
SetConsoleCtrlHandler
GetTimeZoneInformation
SetEnvironmentVariableA
SetCurrentDirectoryA
SetCurrentDirectoryW
K32EnumProcessModules
SetLastError
ExitProcess
GetModuleHandleExW
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
MoveFileExW
DeleteFileW
GetFileAttributesExW
SetStdHandle
WriteConsoleW
CreateFileW
CreateDirectoryW
RemoveDirectoryW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
RaiseException
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
GetCommandLineA
CompareStringW
LCMapStringW
FlushFileBuffers
HeapReAlloc
SetEndOfFile
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
HeapSize
CopyFileA
SetCommState
SetCommMask
PurgeComm
GetTickCount
GetCommState
SetupComm
ClearCommError
WriteFile
GetDriveTypeA
GetComputerNameA
IsBadReadPtr
GetVolumeInformationA
GetTempPathA
FatalAppExitA
lstrcatA
lstrcmpA
SetHandleCount
GetModuleFileNameA
GetWindowsDirectoryA
CreateProcessA
GetCurrentThreadId
GetExitCodeProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
WinExec
GetPrivateProfileIntA
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
GetTempFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetProfileStringA
LoadLibraryA
_llseek
_lread
lstrlenA
lstrcpyA
GetProcAddress
FreeLibrary
SetPriorityClass
GetCurrentProcess
Sleep
SetErrorMode
GetLastError
CloseHandle
OutputDebugStringA
RemoveDirectoryA
ReadFile
GetFullPathNameA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CreateFileA
GetCurrentDirectoryA
GetEnvironmentVariableA
MulDiv
GetModuleHandleA
_lclose
_lwrite
_lcreat
_lopen
GetCurrentDirectoryW

user32

GetWindowDC
BeginPaint
EndPaint
ScrollWindow
SetScrollPos
SetWindowTextA
GetWindowTextA
GetWindowRect
SetCursorPos
SetCursor
ClipCursor
GetCursor
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
WindowFromPoint
GetSysColor
DrawFocusRect
SetRect
SetWindowLongA
GetParent
GetClassNameA
GetWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
CheckMenuRadioItem
LoadCursorA
DestroyCursor
LoadIconA
GetWindowInfo
GetWindowTextLengthA
IntersectRect
IsRectEmpty
IsDialogMessageA
UnregisterClassA
GetClassInfoA
wsprintfA
EnableMenuItem
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
GetMenuState
GetMenuStringA
GetSystemMetrics
LoadAcceleratorsA
IsWindowEnabled
KillTimer
SetTimer
ReleaseCapture
SetForegroundWindow
GetCapture
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetDialogBaseUnits
GetDlgCtrlID
GetNextDlgTabItem
CreateDialogParamA
IsWindowVisible
MoveWindow
DestroyWindow
IsChild
CreateWindowExA
RegisterClassA
CallWindowProcA
PostQuitMessage
DefWindowProcA
WaitForInputIdle
ExitWindowsEx
GetMessageA
TrackMouseEvent
RegisterWindowMessageA
PtInRect
GetForegroundWindow
SetWindowPos
MessageBeep
GetClientRect
ScrollDC
ReleaseDC
GetDC
IsZoomed
GetLastActivePopup
FindWindowA
GetWindowLongA
MessageBoxA
InvalidateRect
SetMenu
TranslateAcceleratorA
EnableWindow
GetFocus
GetActiveWindow
SetFocus
CharUpperA
GetDlgItem
ShowWindow
IsWindow
PostMessageA
SendMessageA
PeekMessageA
TranslateMessage
MapWindowPoints
ClientToScreen
GetCursorPos
SetActiveWindow
UpdateWindow
InsertMenuItemA
TrackPopupMenuEx
ModifyMenuA
AppendMenuA
GetMenuItemCount
GetMenuItemID
SetCapture
GetSubMenu
GetAsyncKeyState
DispatchMessageA

virtisr

_ReadAbs1022Volume@0
_Zero1022Volume@0
_Start1022Sampling@0
_CheckProcess@4
_TerminateProcess16All@0
_SetProcessPriority@8
_OpenVmaxStartup@0
_CloseVmaxStartup@0
_WriteVmaxStartup@12
_VmaxDeviceStarted@0
_HookTask@4
_RFlagEnabled@4
_GetStart@0
_GetProbeStatusText@4
_GetAcquisitionDeviceType@0
_GetColdWireDAC@0
_GetHotWireDAC@0
_GetSrcDAC@0
_AF0Reset@4
_AF0IsEnabled@0
_AF0GetAverageE1@0
_AF0FlowCalNeeded@4
_AF0DataValid@4
_AF0IsDataValid@0
_AF0GetLastDataValidTick@0
_AF0GetE1ZeroReference@0
_AF0SetE1ZeroReference@4
_Read1022Temperature@0
_TerminateDataAcquisition@0
_RunningValidOS@0
_RFlagSetAccess@4
_RFlagReadFlags@0
_OpenAmbientModule@0
_CloseAmbientModule@0
_GetAmbientValue@8
_CheckProcessId@8
_IsRemoteSession@0
_SetSeSPhysicianReviewMode@4
_SendAndros@4
_GetTempIntercept@0
_SetTempIntercept@8
_SetBVDetectionThreshold@16
_LoadSuperLinearizer@8
_GetDacoutAtCal@0
_SetDacoutAtCal@4
_SetColdWireDAC@4
_SetHotWireDAC@4
_SetSrcDAC@4
_AF0Enable@0
_AF0Disable@0
_AF0GetDacsPerDegreeC@0
_ReadSystemID@0
_GetDBxConnectVersionString@0
_GetPatientIsValidStatus@0
_SetPatientIsValidStatus@4
_DBDiskFree@4
_InitSpirometerInterface@0
_AF0GetAmbientProbeTemperature@0
_RestartDataAcquisition@0
_DisableISR@0
_SetV62Type@4
_GetV62Type@0
_GetProbeStatus@0
_GetO2ResponseDataSamples@0
_GetMFSBoardType@0
_SpeedupO2@16
_GetLinearizedValue@24
_WAKEUP85@4
_QueryVmaxAttribute@4
_GetOptionStatus@4
_SetOptionStatus@8
_VirtisrPeriodic@0
_GetSpirometerType@0
_SetISRAdr@4
_SetPort@8
_SetPort62@8
_AF0IsFlowCalNeeded@0
_EnableISR@0
_GetISRData@0
_GetO2ResponseData@4
_GetSeSPhysicianReviewMode@0
_End1022Sampling@0

visecure

VAS_EnableScreensaver
VAS_DisableScreensaver
VAS_ClearAllRights
VAS_GetHIPAADLLLoadCount
VAS_LogoutUser
VAS_WriteProperty
VAS_AuditInitialize
VAS_EnableLABOption
VAS_EnableAAAOption
VAS_WriteAudit
VAS_CheckAccessRight
VAS_SetMinimalRights

cdintf450

DocSaveA
DocClose
DocOpenA
CDICreateDC
EnablePrinter
DriverEnd
DriverInit
DocAddFileAttachmentA

iphlpapi

GetAdaptersInfo

lz32

LZCopy
LZOpenFileA
LZClose
LZSeek
LZRead

winmm

mciSendStringA
sndPlaySoundA

msimg32

GradientFill

comctl32

ord14
ord13
InitCommonControlsEx

gdi32

GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
Ellipse
DeleteObject
Rectangle
LineTo
SelectObject
MoveToEx
DPtoLP
LPtoDP
Polygon
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateHatchBrush
CreateICA
CreatePen
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
Escape
GetPixel
GetStockObject
GetTextExtentPointA
GetTextExtentPoint32A
RestoreDC
SaveDC
SelectClipRgn
SetBkColor
SetBkMode
SetDIBitsToDevice
SetMapMode
SetPixel
StretchDIBits
SetROP2
SetStretchBltMode
SetTextColor
SetTextAlign
GetTextMetricsA
TextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
ExtFloodFill
CreatePalette
GetCurrentPositionEx
RealizePalette
RoundRect
SelectPalette
GetObjectA
ExtTextOutA
SetWindowOrgEx
CloseMetaFile
CreateDCA
CreateMetaFileA
DeleteMetaFile
GetMetaFileA
PlayMetaFile
StretchBlt
StartDocA
EndDoc
StartPage
EndPage
SetAbortProc
CreateFontIndirectA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetSaveFileNameA
PrintDlgA

advapi32

RegSetValueExA
RegCloseKey
LookupPrivilegeValueA
CryptCreateHash
CryptHashData
RegQueryValueExA
RegOpenKeyExA
CryptDestroyHash
OpenProcessToken
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
AdjustTokenPrivileges
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

crp32dll

ord53
ord30
ord49
ord34
ord31
ord42
ord44
ord55

dbfdll

update_dbf_record_count
d4memo_compress
dtoa
Function
DBL_Init
FreeFunction
Eval
DBL_Calc
EvalStr
Parse_Ex
date4time_now
date4today
date4long
date4assign
date4format
date4init
DBL_GTrim
DBL_ConvertTime
u4ncpy
calc4_assign
level4_assign
t4eof
t4skip
t4top
i4open
i4close
truncate_dbf
d4tag_default
d4tag_select
d4seek
d4skip
d4find
d4reindex
d4reindex_yield
i4create
DBL_close
DBL_load
DBL_store
DBL_goto_low
DBL_append_start
DBL_append_finish
DBL_blank
DBL_encryption_method
DBL_encryption_method_supported
DBL_modify_encryption
DBL_security_level
DBL_modify_security_level
DBL_encrypt_file
DBL_decrypt_file
DBL_file_encryption_method
d4flush
d4lock_all
pack_dbf
DBL_DeleteField
DBL_AddField
DBL_CopyRecordAux
DBL_CopyRecordPiece
DBL_RecordBytes
DBL_Fieldname
d4tag
DBL_Fieldnumber
DBL_open
DBL_field

dragoninterface

_DgnInitialize@0
_DgnTerminate@4
_DgnSetMicState@8
_DgnGetMicState@4
_DgnToggleMicState@4

vifileio

FileIoCreateDirectory
FileIoCloseFile
FileIoOpenFile
FileIoReadFile
FileIoCreateFile
FileIoWriteFile
FileIoCopyDirectory

vimirror

PatientMirrorEnabled
MirrorThis
EnableDemographicsMirror
EnablePatientMirror
DisableMirror

virectst

_RestoreOriginalDatabaseFiles@0
_RecordUserEvent@8

vmaxdatainterface

_VdiGetDataIntegrationMode@0
_VdiSetDataIntegrationMode@4
_VdiSetVmaxFoxproDbPath@4
_VdiSetSystemInfo@8
_VdiCheckDataAdapterConnection@0
_VdiInitSearchCriteria@8
_VRepDataOutFinishMetabolicTable@0
_VRepDataOutSetColumnValueForRow@8
_VRepDataOutSetColumnValue@4
_VRepDataOutAddRowToTable@0
_VRepDataOutCreateMetabolicTable@12
_VRepDataOutAddMetabolicDataElement@20
_VRepDataOutAddPftDataElement@20
_VRepDataOutAddPatientDataElement@8
_VRepDataOutWriteXmlFile@4
_VRepDataOutInitialize@4
_VdiGetEmergencyPassword@8
_VdiEnterEmergencyPassword@4
_SeSCalcGetPftPredictedValues@8
_VdiGetFoxproVisitInUse@0
_VdiClearFoxproVisitInUse@0
_VdiSetFoxproVisitInUse@4
_VdiSetVisitSaveError@4
_VdiGetVisitSaveError@0
_VdiGetLockedVisitList@8
_VdiCheckVisitLock@4
_VdiUnlockVisit@4
_VdiLockVisit@4
_VdiSaveVisit@4
_VdiGetVisits@12
_VdiGetVisitList@8
_VdiSetDataIntegrationUrl@4

Exports

Exports

DBExtern_Calc
DBLevel_Calc

Sections

.text
Size: 827KB - Virtual size: 827KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data2
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

main1
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vimedit
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

virpt
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vigraph
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c41f309b96b83a1145c682c3cf6efe7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

virtisr

visecure

cdintf450

iphlpapi

lz32

winmm

msimg32

comctl32

gdi32

winspool.drv

comdlg32

advapi32

shell32

crp32dll

dbfdll

dragoninterface

vifileio

vimirror

virectst

vmaxdatainterface

Exports

Exports

Sections

.text Size: 827KB - Virtual size: 827KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 27KB - Virtual size: 95KB

data1 Size: 28KB - Virtual size: 28KB

data2 Size: 18KB - Virtual size: 18KB

main1 Size: 9KB - Virtual size: 9KB

vimedit Size: 13KB - Virtual size: 12KB

virpt Size: 10KB - Virtual size: 10KB

vigraph Size: 7KB - Virtual size: 7KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 827KB - Virtual size: 827KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 27KB - Virtual size: 95KB

data1
Size: 28KB - Virtual size: 28KB

data2
Size: 18KB - Virtual size: 18KB

main1
Size: 9KB - Virtual size: 9KB

vimedit
Size: 13KB - Virtual size: 12KB

virpt
Size: 10KB - Virtual size: 10KB

vigraph
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 3KB - Virtual size: 3KB