2024-06-04_178648ae8ae2217cb4678d29b34cb7e9_bkransomware

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-04_178648ae8ae2217cb4678d29b34cb7e9_bkransomware
Size

637KB
MD5

178648ae8ae2217cb4678d29b34cb7e9
SHA1

2631691e1914e6a744d3db77c7b94c52a6979834
SHA256

49bf4512604026720c7b24d126052604f6de74b5f899506d11486afe7638b955
SHA512

37caf761f19646936fb12119fca76cbc5ae61cc2ac512c72c4b8ebfdc57869686e7920d8f1f26c0192a8d8435bfd78631b4bd13bcbeb45d3712e156b61437ac4
SSDEEP

12288:92Ka2pRmH6ysvWsmYDMtNhkxh3dfhg4OQYZeVHgMkakT/xdV+hoJ/R:9fvlmYDMt0ZuZeVeT/xX+hoJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-04_178648ae8ae2217cb4678d29b34cb7e9_bkransomware

Files

2024-06-04_178648ae8ae2217cb4678d29b34cb7e9_bkransomware
.exe windows:5 windows x86 arch:x86

92cc3fbd444ace3bf8be3ea125c3e95f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\RHUB2\PCSetup\Release.V2013\PCSetup.pdb

Imports

kernel32

GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetThreadLocale
SetErrorMode
GetFileAttributesExW
GetFileSizeEx
GetTickCount
GetCommandLineW
IsProcessorFeaturePresent
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
CreateThread
ExitThread
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
GetFileInformationByHandle
GetFileType
PeekNamedPipe
HeapQueryInformation
GetFullPathNameW
VirtualProtect
GetStdHandle
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
SetStdHandle
GetStringTypeW
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
FlushFileBuffers
GetCurrentDirectoryW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FileTimeToSystemTime
MulDiv
LocalFree
GlobalUnlock
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GlobalLock
SizeofResource
GlobalFindAtomW
GlobalAddAtomW
FindResourceW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LockResource
LoadResource
LoadLibraryExW
FreeResource
GetSystemDirectoryW
EncodePointer
GetModuleHandleA
SetLastError
OutputDebugStringA
GetACP
lstrlenW
lstrcpyW
lstrcmpiW
FileTimeToDosDateTime
FreeLibrary
VirtualQuery
GetCurrentThreadId
OutputDebugStringW
IsDebuggerPresent
WriteFile
SetFilePointer
GetFileTime
GetFileSize
FileTimeToLocalFileTime
CreateMutexW
ReleaseMutex
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFree
GlobalAlloc
GetModuleHandleW
GetSystemInfo
GetSystemTime
CreateProcessW
GetCurrentThread
TerminateProcess
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileA
GetTempPathA
GetTempFileNameA
RemoveDirectoryW
GetLongPathNameW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetThreadPriority
CreateEventW
SetEvent
CloseHandle
GetTempPathW
GetFileAttributesW
CreateDirectoryW
WideCharToMultiByte
FormatMessageW
GetVersionExW
CopyFileW
DeleteFileW
SetFileAttributesW
LoadLibraryW
Sleep
WaitForSingleObject
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GetProcAddress
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
SetUnhandledExceptionFilter
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
VirtualAlloc
DecodePointer

user32

CopyAcceleratorTableW
CharNextW
SetCapture
CharUpperW
KillTimer
SetTimer
DestroyMenu
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
IntersectRect
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
MoveWindow
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
MapDialogRect
SetWindowContextHelpId
SetCursor
GetCursorPos
TranslateMessage
WinHelpW
CallNextHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
SetActiveWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
UnhookWindowsHookEx
SendDlgItemMessageA
wsprintfW
wvsprintfW
GetMonitorInfoW
MonitorFromWindow
GetSystemMetrics
FindWindowW
GetActiveWindow
GetWindow
PostThreadMessageW
RegisterClipboardFormatW
GetWindowThreadProcessId
GetClassNameW
MessageBoxW
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
MapWindowPoints
InvalidateRgn
GetWindowTextW
SetForegroundWindow
GetForegroundWindow
IsWindowVisible
SetWindowPos
ShowWindow
GetIconInfo
CopyImage
DestroyIcon
GetParent
GetWindowLongW
CopyRect
GetSysColor
WindowFromPoint
ClientToScreen
SetWindowRgn
DrawStateW
GetNextDlgTabItem
SetRect
LoadIconW
GetDesktopWindow
OffsetRect
GetWindowRect
GetClientRect
InvalidateRect
ReleaseDC
GetDC
EnableWindow
ReleaseCapture
GetCapture
PostQuitMessage
PeekMessageW
DispatchMessageW
GetMessageW
LoadImageW
GetClassInfoW
UnregisterClassW
PostMessageW
SendMessageW

gdi32

GetMapMode
GetBkColor
GetTextColor
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
GetRgnBox
CreateRoundRectRgn
SetMapMode
SetBkMode
SelectObject
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetClipBox
Escape
CreatePen
SetTextColor
SetBkColor
CreateBitmap
GetObjectW
DeleteObject
DeleteDC
CreateCompatibleDC
GetDeviceCaps
FrameRgn
CreateSolidBrush

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

EqualSid
OpenProcessToken
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
ImpersonateSelf
GetTokenInformation
FreeSid
AllocateAndInitializeSid
OpenThreadToken
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW

comctl32

ord17
_TrackMouseEvent

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripPathW
PathStripToRootW

ole32

CoInitialize
CoCreateInstance
OleInitialize
OleUninitialize
CoUninitialize
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
OleCreateFontIndirect
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

oledlg

OleUIBusyW

ws2_32

gethostname
WSALookupServiceEnd
WSALookupServiceNextW
WSALookupServiceBeginW
WSAAddressToStringW
gethostbyname
socket
shutdown
setsockopt
send
recv
inet_ntoa
inet_addr
htons
connect
WSAStartup
WSAGetLastError
closesocket

oleacc

CreateStdAccessibleObject
LresultFromObject

wininet

HttpSendRequestW
HttpOpenRequestW
InternetReadFile
InternetCloseHandle
InternetOpenW
HttpQueryInfoA
HttpSendRequestA
InternetOpenA
InternetErrorDlg
DetectAutoProxyUrl
InternetConnectA
InternetReadFileExA
InternetQueryOptionA
InternetSetOptionA
InternetConnectW
HttpOpenRequestA

urlmon

URLDownloadToFileA

Sections

.text
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92cc3fbd444ace3bf8be3ea125c3e95f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

ws2_32

oleacc

wininet

urlmon

Sections

.text Size: 386KB - Virtual size: 386KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 34KB - Virtual size: 82KB

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 386KB - Virtual size: 386KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 34KB - Virtual size: 82KB

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 27KB - Virtual size: 27KB