2024-06-06_b15e40f7b7885c00e684c26df4b5f56a_bkransomware

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-06_b15e40f7b7885c00e684c26df4b5f56a_bkransomware
Size

3.9MB
MD5

b15e40f7b7885c00e684c26df4b5f56a
SHA1

bd4ec0d098ac90aecef75f85cc080c70626478cd
SHA256

d43a3a31959e7194e334defc7d74938f8a8c49531a2f7997023972e55bf611cc
SHA512

812c0bd4a0839a1cc1ced4346a4cf448203e82a90299a1b9aca83860e185e059406597a00370158c04e1c64dbba1ca09cbfc1f2e605bf8227105eb18a4510f5a
SSDEEP

49152:g5to4EPEW5Rfil0ZkMU7LeMkWntb379qFVrd+Z+0+2KJer0AlpE/F/7YU9jCVuyN:0to4EPEW5Ve1eMzV97E2/TK/GVbJu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-06_b15e40f7b7885c00e684c26df4b5f56a_bkransomware

Files

2024-06-06_b15e40f7b7885c00e684c26df4b5f56a_bkransomware
.exe windows:6 windows x86 arch:x86

5b0b0295bc939c8ff61d4b5dcca78c14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\ArmAWork\Projects stab 3.37\Release\Dayz_updater.pdb

Imports

kernel32

RemoveDirectoryA
EnterCriticalSection
VirtualProtectEx
GlobalFree
FindClose
Process32FirstW
OpenThread
GetProcessId
IsWow64Process
CreateFileMappingW
GlobalMemoryStatusEx
DecodePointer
Module32FirstW
GetSystemInfo
WaitForMultipleObjects
GetModuleFileNameA
Process32NextW
FindNextFileA
GetModuleHandleA
FindNextFileW
GetCurrentDirectoryA
CreateToolhelp32Snapshot
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
Module32NextW
TlsAlloc
Sleep
GetCurrentProcessId
LocalFree
TlsFree
lstrcpyW
FormatMessageW
ReadProcessMemory
QueueUserAPC
TerminateThread
LoadLibraryW
K32GetModuleFileNameExA
WideCharToMultiByte
HeapSize
GlobalAlloc
OpenProcess
K32GetModuleFileNameExW
GetProcAddress
K32EnumProcessModules
VirtualQueryEx
GetWindowsDirectoryA
FormatMessageA
GetProcessHeap
GetCurrentThread
GetModuleHandleW
SetEvent
WaitForSingleObject
HeapFree
GetCurrentProcess
HeapAlloc
CreateProcessW
FreeLibrary
UnmapViewOfFile
MapViewOfFile
lstrlenA
GetNativeSystemInfo
FindFirstFileW
CreateFileA
SetLastError
GetLastError
FindFirstFileA
CreateDirectoryA
RaiseException
lstrlenW
InitializeCriticalSectionEx
MultiByteToWideChar
GetEnvironmentVariableA
GetModuleFileNameW
Thread32Next
TerminateProcess
lstrcpynW
GetExitCodeProcess
LeaveCriticalSection
GetFileAttributesA
CopyFileW
CreateDirectoryExW
RemoveDirectoryW
GetFileAttributesW
CreateDirectoryW
DeviceIoControl
DeleteFileA
SetFileAttributesA
LockResource
Thread32First
GetVersionExW
GlobalUnlock
SizeofResource
HeapReAlloc
GetCommandLineW
CloseHandle
GlobalLock
LoadResource
FindResourceW
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
SetEnvironmentVariableA
CreateProcessA
WriteConsoleW
CreateFileW
GetFileAttributesExW
GetSystemTimeAsFileTime
EncodePointer
GetStringTypeW
ReadFile
IsProcessorFeaturePresent
GetCPInfo
IsDebuggerPresent
CreateTimerQueue
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
TlsGetValue
TlsSetValue
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
GetStartupInfoW
GetTickCount
CreateSemaphoreW
ExitThread
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetModuleHandleExW
AreFileApisANSI
GetStdHandle
GetFileType
GetConsoleMode
ReadConsoleW
SetFilePointerEx
WriteFile
FlushFileBuffers
GetConsoleCP
DeleteFileW
GetTimeZoneInformation
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
ReleaseSemaphore
InitializeSListHead
UnregisterWaitEx
VirtualAlloc
VirtualFree
VirtualProtect
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
ExitProcess

user32

GetWindowLongW
GetDC
GetClientRect
DispatchMessageW
SendMessageW
GetSystemMetrics
GetSysColorBrush
RegisterClassExW
TranslateMessage
LoadCursorW
GetMessageW
GetWindowRect
EnableWindow
UpdateWindow
MessageBoxA
DrawMenuBar
SetWindowPos
GetSysColor
InvalidateRect
GetWindowPlacement
LoadIconW
GetClassLongW
SetFocus
ReleaseDC
DestroyWindow
GetNextDlgTabItem
DefWindowProcW
SetScrollInfo
GetCursorPos
GetScrollInfo
GetUpdateRect
BeginPaint
TrackPopupMenu
PostQuitMessage
SetCursor
EndPaint
DestroyMenu
DestroyIcon
GetWindowTextW
GetDlgItem
ShowWindow
SetWindowsHookExW
UnhookWindowsHookEx
SetWindowLongW
CallNextHookEx
UnregisterClassW
GetTopWindow
IsWindowVisible
SetWindowTextA
GetWindowThreadProcessId
GetWindow
CreateWindowExW

advapi32

RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
CheckTokenMembership
GetUserNameA
RegOpenKeyExW
FreeSid
RegEnumValueW
AllocateAndInitializeSid
LookupPrivilegeValueW
RegQueryValueExW
LookupAccountSidA
GetTokenInformation
OpenThreadToken
OpenProcessToken
RegEnumValueA

shell32

Shell_NotifyIconW
ShellExecuteA
CommandLineToArgvW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysFreeString

libeay32

ord120
ord504
ord502
ord3245
ord503
ord129
ord3686
ord484
ord161
ord150
ord486
ord340
ord341
ord342
ord151

libcurl

curl_slist_append
curl_easy_setopt
curl_easy_perform
curl_easy_strerror
curl_easy_cleanup
curl_global_init
curl_easy_init

iphlpapi

GetAdaptersInfo

shlwapi

PathRemoveFileSpecW

ws2_32

gethostname
inet_ntoa
WSAStartup
WSACleanup
gethostbyname

gdi32

SetBkMode
StretchDIBits
SetDIBitsToDevice
SetTextColor

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsExW

gdiplus

GdipBitmapSetResolution
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipDisposeImage
GdipAlloc
GdipBitmapUnlockBits
GdiplusShutdown
GdipFree
GdipGetImageHeight
GdipCreateBitmapFromStream

comctl32

InitCommonControlsEx

Exports

Exports

??0cryptokey@pbo@@QAE@DDGIIIIPBUbignum_st@@000000@Z
??0cryptokey@pbo@@QAE@XZ
??0entry@pbo@@QAE@ABV01@@Z
??0entry@pbo@@QAE@XZ
??0pbo@0@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
??0productentry@pbo@@QAE@ABV01@@Z
??0productentry@pbo@@QAE@XZ
??0signature@pbo@@QAE@ABV01@@Z
??0signature@pbo@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0signature@pbo@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vcryptokey@1@@Z
??0signature@pbo@@QAE@XZ
??0signature_generator@pbo@@QAE@ABV01@@Z
??0signature_generator@pbo@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1cryptokey@pbo@@QAE@XZ
??1entry@pbo@@QAE@XZ
??1pbo@0@QAE@XZ
??1productentry@pbo@@QAE@XZ
??1signature@pbo@@QAE@XZ
??1signature_generator@pbo@@QAE@XZ
??4cryptokey@pbo@@QAEAAV01@ABV01@@Z
??4entry@pbo@@QAEAAV01@ABV01@@Z
??4productentry@pbo@@QAEAAV01@ABV01@@Z
??4signature@pbo@@QAEAAV01@ABV01@@Z
??4signature_generator@pbo@@QAEAAV01@ABV01@@Z
?__autoclassinit2@cryptokey@pbo@@QAEXI@Z
?__autoclassinit2@entry@pbo@@QAEXI@Z
?__autoclassinit2@pbo@1@QAEXI@Z
?__autoclassinit2@productentry@pbo@@QAEXI@Z
?__autoclassinit2@signature@pbo@@QAEXI@Z
?__autoclassinit2@signature_generator@pbo@@QAEXI@Z
?add@productentry@pbo@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?add_entry@pbo@1@QAEXPAVentry@1@@Z
?add_num@productentry@pbo@@QAEXHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?authorityname@signature@pbo@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?cryptokey@signature@pbo@@QAE?AV02@XZ
?data@cryptokey@pbo@@QAEPADXZ
?file_signature@pbo@1@QAEAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get@productentry@pbo@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?get_data_offset@entry@pbo@@QAE?AV?$fpos@H@std@@XZ
?get_data_size@entry@pbo@@QAEHXZ
?get_entry@pbo@1@QAEAAPAVentry@1@H@Z
?get_entry_name@productentry@pbo@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_file_path@entry@pbo@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_name@productentry@pbo@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_original_size@entry@pbo@@QAEIXZ
?get_packing_method@entry@pbo@@QAEIXZ
?get_path@entry@pbo@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_product_entry@entry@pbo@@QAEAAPAVproductentry@2@XZ
?get_reserved@entry@pbo@@QAEIXZ
?get_timestamp@entry@pbo@@QAEIXZ
?get_version@productentry@pbo@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?is_file_entry@entry@pbo@@QAE_NXZ
?is_product_entry@entry@pbo@@QAE_NXZ
?is_signed@pbo@1@QAE_NXZ
?is_zero_entry@entry@pbo@@QAE_NXZ
?pack@pbo@1@QAEXXZ
?private_signature@signature_generator@pbo@@QAE?AVsignature@2@XZ
?public_signature@signature_generator@pbo@@QAE?AVsignature@2@XZ
?read@pbo@1@AAEXPAD_J@Z
?remove@productentry@pbo@@QAEXH@Z
?remove_entry@entry@pbo@@QAEXH@Z
?remove_entry@pbo@1@QAEXH@Z
?set@productentry@pbo@@QAEXHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_d@cryptokey@pbo@@QAEXPBUbignum_st@@@Z
?set_data_offset@entry@pbo@@QAEXV?$fpos@H@std@@@Z
?set_data_size@entry@pbo@@QAEXI@Z
?set_dmp1@cryptokey@pbo@@QAEXPBUbignum_st@@@Z
?set_dmq1@cryptokey@pbo@@QAEXPBUbignum_st@@@Z
?set_entry_name@productentry@pbo@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_file_path@entry@pbo@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_file_path_new@entry@pbo@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@II@Z
?set_file_signature@pbo@1@AAEXPAD@Z
?set_iqmp@cryptokey@pbo@@QAEXPBUbignum_st@@@Z
?set_n@cryptokey@pbo@@QAEXPBUbignum_st@@@Z
?set_name@productentry@pbo@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_original_size@entry@pbo@@QAEXI@Z
?set_p@cryptokey@pbo@@QAEXPBUbignum_st@@@Z
?set_packing_method@entry@pbo@@QAEXI@Z
?set_path@entry@pbo@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_q@cryptokey@pbo@@QAEXPBUbignum_st@@@Z
?set_reserved@entry@pbo@@QAEXI@Z
?set_signature@pbo@1@AAEXPAD@Z
?set_timestamp@entry@pbo@@QAEXI@Z
?set_version@productentry@pbo@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?signature@pbo@1@QAEAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?signed_file@pbo@1@QAEX_N@Z
?size@cryptokey@pbo@@QAEHXZ
?size@pbo@1@QAEIXZ
?size@productentry@pbo@@QAEIXZ
?unpack@pbo@1@QAEXXZ
?write@pbo@1@AAEXPBD_J@Z

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b0b0295bc939c8ff61d4b5dcca78c14

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

libeay32

libcurl

iphlpapi

shlwapi

ws2_32

gdi32

setupapi

gdiplus

comctl32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 247KB - Virtual size: 247KB

.data Size: 32KB - Virtual size: 51KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 247KB - Virtual size: 247KB

.data
Size: 32KB - Virtual size: 51KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 54KB - Virtual size: 53KB