2024-06-06_299ed5a0f4c9bc25ff790a1eb3f3f973_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-06_299ed5a0f4c9bc25ff790a1eb3f3f973_bkransomware
Size

89KB
MD5

299ed5a0f4c9bc25ff790a1eb3f3f973
SHA1

bb42a04169c571b4764c88903faae1366fdee510
SHA256

794118b75d68737a06d347a8907a65a594f319d97c57ce2ad951153134c80fd5
SHA512

da07c4b0a0e3bab76bbaa7559a28bbed8e473cd07606a74d3292d2350d2b014257050aa0d189d1f0829946cf495ab88629ed33606cd4680f4652a38ac55e6144
SSDEEP

1536:kyB5W65+JIYMS1eTRcnosWjcdxekDiizbR9Xwzz:kD652Tyk3xxDtPvw3

Score

1^/10

Malware Config

Signatures

Files

2024-06-06_299ed5a0f4c9bc25ff790a1eb3f3f973_bkransomware
.exe windows:5 windows x86 arch:x86

1ca4c9b4226be056a14ffbb78082f48f

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:25

Not After

01/09/2022, 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:33

Not After

01/09/2022, 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:6e:65:14:89:11:8a:4c:89:17:f4:0c:bc:d9:ca:3e:37:9e:f6:33:18:9b:7b:c6:fc:9d:a4:18:98:29:06:ec
Signer

Actual PE Digest

3d:6e:65:14:89:11:8a:4c:89:17:f4:0c:bc:d9:ca:3e:37:9e:f6:33:18:9b:7b:c6:fc:9d:a4:18:98:29:06:ec

Digest Algorithm

sha256

PE Digest Matches

false

3d:6e:65:14:89:11:8a:4c:89:17:f4:0c:bc:d9:ca:3e:37:9e:f6:33:18:9b:7b:c6:fc:9d:a4:18:98:29:06:ec
Signer

Actual PE Digest

3d:6e:65:14:89:11:8a:4c:89:17:f4:0c:bc:d9:ca:3e:37:9e:f6:33:18:9b:7b:c6:fc:9d:a4:18:98:29:06:ec

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetLastError
lstrcpynW
LoadLibraryW
GetVersionExW
MultiByteToWideChar
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
RtlUnwind
HeapReAlloc
HeapAlloc
HeapSize
OutputDebugStringW
LCMapStringW
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetModuleFileNameW
HeapFree
LoadLibraryExW
GetProcessHeap
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
CreateFileW

user32

FindWindowW
BringWindowToTop
SetForegroundWindow
MessageBoxW
CreateWindowExW

winspool.drv

GetPrinterW
DocumentPropertiesW
ClosePrinter
OpenPrinterW
SetPrinterW

shell32

SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExW

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ca4c9b4226be056a14ffbb78082f48f

Code Sign

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

3d:6e:65:14:89:11:8a:4c:89:17:f4:0c:bc:d9:ca:3e:37:9e:f6:33:18:9b:7b:c6:fc:9d:a4:18:98:29:06:ecSigner

3d:6e:65:14:89:11:8a:4c:89:17:f4:0c:bc:d9:ca:3e:37:9e:f6:33:18:9b:7b:c6:fc:9d:a4:18:98:29:06:ecSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

shell32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 3KB

33:00:00:04:39:f6:1f:7a:67:6d:a0:00:af:00:00:00:00:04:39
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

3d:6e:65:14:89:11:8a:4c:89:17:f4:0c:bc:d9:ca:3e:37:9e:f6:33:18:9b:7b:c6:fc:9d:a4:18:98:29:06:ec
Signer

3d:6e:65:14:89:11:8a:4c:89:17:f4:0c:bc:d9:ca:3e:37:9e:f6:33:18:9b:7b:c6:fc:9d:a4:18:98:29:06:ec
Signer

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 3KB