2024-06-02_501a8b8cb12a53f099989002082b90d4_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-02_501a8b8cb12a53f099989002082b90d4_bkransomware
Size

794KB
MD5

501a8b8cb12a53f099989002082b90d4
SHA1

cf5852226d19f1dc70b13c70993bdccad83376eb
SHA256

6919f0a15d7619ea09052cdd0dd0664241effd5387c241c38528ad38753b530e
SHA512

60498b638ee4774f599c082bec3778d64f58fc6ac66d5187e5f21a88c2c027d5e49160f382ee93cd1ee71295df52915f7b8f7823b0f8f0f252c2e769e4b0aebf
SSDEEP

12288:S7oa3U+TspmGmE6kumdjD0b5zS8XMAb+KnblenuB3+fPbRtgs:S7oKAHcb+0b5SSNN3+fVl

Score

1^/10

Malware Config

Signatures

Files

2024-06-02_501a8b8cb12a53f099989002082b90d4_bkransomware
.exe windows:5 windows x86 arch:x86

c6876da4679ed3b1131e75abb43d0bf8

Code Sign

25:dd:e5:f7:73:67:6a:5f:42:8d:1b:8a:c0:36:28:49
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

15/12/2014, 09:01

Not After

15/12/2015, 09:01

Subject

CN=Shanghai Louji Network Technology Co.\, Ltd.,O=Shanghai Louji Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:2e:a7:5d:86:27:b9:c5:c9:01:e1:db:13:4f:1a:ed:ce:b4:f4:ce
Signer

Actual PE Digest

1f:2e:a7:5d:86:27:b9:c5:c9:01:e1:db:13:4f:1a:ed:ce:b4:f4:ce

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\source\dx_kbdm\dxpyim\build\ime_install.pdb

Imports

kernel32

CloseHandle
LocalFileTimeToFileTime
GetFileSize
FindResourceA
SetPriorityClass
FreeLibrary
LoadResource
GetCurrentProcess
GetCurrentThread
GetWindowsDirectoryA
SetProcessPriorityBoost
OpenProcess
GlobalAlloc
Sleep
SizeofResource
TerminateProcess
GetSystemDirectoryA
GetCurrentDirectoryA
GetEnvironmentVariableA
SetThreadPriority
GetShortPathNameA
GetLastError
GetProcAddress
GlobalFree
LoadLibraryA
LockResource
GetModuleFileNameA
GetModuleHandleA
WinExec
DeleteFileA
lstrcpyA
SetEndOfFile
CreateFileW
FlushFileBuffers
CreateDirectoryA
ReadFile
GetFileAttributesA
WriteFile
SetFileTime
SystemTimeToFileTime
SetFilePointer
lstrcatA
CreateFileA
WriteConsoleW
SetStdHandle
HeapSize
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetProcessHeap
GetStdHandle
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LoadLibraryExW
GetFileAttributesExW
DeleteFileW
RtlUnwind
GetConsoleCP
GetConsoleMode
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
OutputDebugStringW
GetStringTypeW
LCMapStringW
ReadConsoleW

user32

wsprintfA
MessageBoxA

advapi32

ControlService
OpenSCManagerA
QueryServiceStatusEx
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
OpenServiceA
AdjustTokenPrivileges

shell32

SHChangeNotify
ShellExecuteExA

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 653KB - Virtual size: 653KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6876da4679ed3b1131e75abb43d0bf8

Code Sign

25:dd:e5:f7:73:67:6a:5f:42:8d:1b:8a:c0:36:28:49Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

19:9d:f8:8eCertificate

Key Usages

3dCertificate

Key Usages

1f:2e:a7:5d:86:27:b9:c5:c9:01:e1:db:13:4f:1a:ed:ce:b4:f4:ceSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 653KB - Virtual size: 653KB

25:dd:e5:f7:73:67:6a:5f:42:8d:1b:8a:c0:36:28:49
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

19:9d:f8:8e
Certificate

3d
Certificate

1f:2e:a7:5d:86:27:b9:c5:c9:01:e1:db:13:4f:1a:ed:ce:b4:f4:ce
Signer

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 653KB - Virtual size: 653KB