2024-06-05_eb009d9a80a5ec3dd668bad555a55245_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-05_eb009d9a80a5ec3dd668bad555a55245_bkransomware
Size

5.8MB
MD5

eb009d9a80a5ec3dd668bad555a55245
SHA1

37d9e98f41a6bd241c9986772fdaf54b20bdbd74
SHA256

bd1abe539ce9a885bb896bf2cbc574a72504d903ca571604ccaebb005d77ce43
SHA512

01561ef2c66dd931927c19631067075af591a5c20cb0b92c87f1b72ed0fcc6174d3411b7cbeecc0d11923360674057bffc342d02d2c77e89e0f0acb603f5b643
SSDEEP

98304:kOQugJH+uwcNmuYRLLTQiLW9Foaanu5sKx23UWHJVHVeFCTvk:bQugJH+uoZXAzagQ3UgMFgk

Score

1^/10

Malware Config

Signatures

Files

2024-06-05_eb009d9a80a5ec3dd668bad555a55245_bkransomware
.exe windows:5 windows x86 arch:x86

17234c200c5bb3103c369a78e4c8d427

Code Sign

fd:21:21:f7:f1:b4:a1:fb:43:bf:7f:ca:52:28:78:ef
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22/03/2016, 00:00

Not After

22/03/2017, 23:59

Subject

CN=Avanpost IT\, TOV,OU=IT,O=Avanpost IT\, TOV,POSTALCODE=61000,STREET=Bud. 58 prospekt P'yatdesyatyrichchya Srsr,L=Kharkiv,ST=Kharkivska,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:76:8f:15:e8:a1:d2:9d:67:3b:08:22:25:ff:3b:d7:aa:0b:a5:67
Signer

Actual PE Digest

46:76:8f:15:e8:a1:d2:9d:67:3b:08:22:25:ff:3b:d7:aa:0b:a5:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLCID
GetStringTypeExW
GetStringTypeW
FreeConsole
CloseHandle
GetSystemDefaultLangID
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
GetUserDefaultUILanguage
GetNumberFormatW
GetTimeFormatA
SetFileTime
LCMapStringW
LCMapStringA
GetCPInfo
IsValidCodePage
ProcessIdToSessionId
VerifyVersionInfoW
CreateTimerQueueTimer
BuildCommDCBW
IsBadWritePtr
GetVolumeInformationA
SearchPathA
FindNextFileW
FindFirstFileA
FindFirstFileExA
GetFullPathNameW
GetFullPathNameA
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetWindowsDirectoryA
GetTempFileNameW
GetTempFileNameA
GetTempPathW
GetDriveTypeW
GetPrivateProfileStringA
FindResourceExW
FindResourceA
ExpandEnvironmentStringsA
GetCommandLineW
GetCommandLineA
GetStartupInfoW
CreateProcessW
OpenFileMappingW
CreateFileMappingW
CreateSemaphoreW
OpenEventA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SleepEx
TlsAlloc
lstrcatA
lstrcpyA
MapViewOfFile
GetTimeZoneInformation
IsProcessorFeaturePresent
DeviceIoControl
FlushFileBuffers
GetStdHandle
GetFileType
GetFileInformationByHandle
SetHandleCount
GlobalDeleteAtom
ReleaseMutex
GetQueuedCompletionStatus
ExitThread
GetThreadPriority
LocalReAlloc
SetThreadPriority
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapSize
HeapCreate
VirtualProtect
VirtualAlloc
WriteConsoleW
HeapReAlloc
HeapAlloc
OutputDebugStringW
RtlUnwind
LoadLibraryExW
GetOEMCP
GetACP
HeapFree
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameW
WriteFile
GetModuleFileNameA
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
GetCurrentThreadId
SetLastError
GetLastError
IsDebuggerPresent
CreateFileW

user32

WinHelpW
GetDesktopWindow
OffsetRect
GetWindowTextLengthW
CharToOemA
DefWindowProcA
GetDlgItemInt

comctl32

PropertySheetA
InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
CreateStatusWindowW
CreateToolbarEx
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_GetIcon
ImageList_Remove
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControlsEx
ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
CreatePropertySheetPageA

advapi32

SetSecurityDescriptorGroup
LsaOpenPolicy
CryptReleaseContext
CryptAcquireContextW
RegSetValueExA
RegSetKeySecurity
RegQueryInfoKeyA
CheckTokenMembership
AddAuditAccessAce
GetAce
AreAllAccessesGranted
GetSidSubAuthorityCount
GetSidIdentifierAuthority
EqualSid
SetTokenInformation
OpenThreadToken
RegisterEventSourceW
DeregisterEventSource

shell32

ShellExecuteExW
SHBindToParent
SHChangeNotify
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
ShellExecuteW
CommandLineToArgvW
SHFileOperationW
SHGetFileInfoW
SHGetMalloc

ole32

CoWaitForMultipleHandles
ProgIDFromCLSID
CoEnableCallCancellation
CoCreateInstance
CoRevertToSelf
CoSetProxyBlanket
CoGetStdMarshalEx
CoLockObjectExternal
CoSuspendClassObjects
CoResumeClassObjects
CoGetSystemSecurityPermissions
CoRevokeInitializeSpy
HDC_UserMarshal
HBITMAP_UserMarshal
HBITMAP_UserSize
CLIPFORMAT_UserUnmarshal
CoTreatAsClass
StgOpenStorage
StgSetTimes
StgCreateStorageEx
HACCEL_UserUnmarshal
HGLOBAL_UserUnmarshal
OleBuildVersion
WriteClassStm
OleQueryCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleLoadFromStream
OleSaveToStream
OleSetContainedObject
RegisterDragDrop
OleSetClipboard
OleFlushClipboard
OleRegGetUserType
CoGetMarshalSizeMax
GetHGlobalFromILockBytes
CoInvalidateRemoteMachineBindings

oleaut32

SysReAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayPtrOfIndex
VariantInit
VariantClear
VariantCopy
VariantCopyInd
VariantChangeType
VariantChangeTypeEx
GetActiveObject
GetErrorInfo
SysAllocStringLen

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 407KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i97
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kwqm6
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.5kd
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xi1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17234c200c5bb3103c369a78e4c8d427

Code Sign

fd:21:21:f7:f1:b4:a1:fb:43:bf:7f:ca:52:28:78:efCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

46:76:8f:15:e8:a1:d2:9d:67:3b:08:22:25:ff:3b:d7:aa:0b:a5:67Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 278KB - Virtual size: 278KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 407KB - Virtual size: 414KB

.i97 Size: 1.6MB - Virtual size: 1.6MB

.kwqm6 Size: 464KB - Virtual size: 464KB

.5kd Size: 1.4MB - Virtual size: 1.4MB

.xi1 Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 26KB - Virtual size: 25KB

fd:21:21:f7:f1:b4:a1:fb:43:bf:7f:ca:52:28:78:ef
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

46:76:8f:15:e8:a1:d2:9d:67:3b:08:22:25:ff:3b:d7:aa:0b:a5:67
Signer

.text
Size: 278KB - Virtual size: 278KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 407KB - Virtual size: 414KB

.i97
Size: 1.6MB - Virtual size: 1.6MB

.kwqm6
Size: 464KB - Virtual size: 464KB

.5kd
Size: 1.4MB - Virtual size: 1.4MB

.xi1
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 26KB - Virtual size: 25KB