2024-06-07_c7199dfce7b3bfefb8eb4709ff2db6b9_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-07_c7199dfce7b3bfefb8eb4709ff2db6b9_bkransomware
Size

2.5MB
MD5

c7199dfce7b3bfefb8eb4709ff2db6b9
SHA1

ca72480210be9ac4ed1004560d562bfcd367453a
SHA256

f96edbfbd7969200c6c7afd6868361ac9a35317b45a4c93d5942d347783a7e21
SHA512

33d77c9f8836b9c25da610150706fe7be3b3fd9e58bc1d108773f02bfad6fc3d6fdb5cfaeb513f634fbdc99f88e2f4b54aa1bf637e46406a6624b726c6d15c21
SSDEEP

49152:L/RsZR7kPmyZkB9FeKNy50iIduW0SfavwIjBP8jJTVsGMmvBCXCi6e:Lq7kPmb9NEhId0SfaoIjB6McBCXd

Score

1^/10

Malware Config

Signatures

Files

2024-06-07_c7199dfce7b3bfefb8eb4709ff2db6b9_bkransomware
.exe windows:5 windows x86 arch:x86

86dfb489d6d597c6e04a3575b92ad2be

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:9c:e4:91:60:7b:7f:c3:77:b3:61:6b:1e:b0:ed:77
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22/04/2014, 00:00

Not After

22/04/2015, 23:59

Subject

CN=IOSoftware,O=IOSoftware,POSTALCODE=9010,STREET=m-st sv. Nikola 1595,L=Varna,ST=Varna,C=BG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

28:20:75:f0:e4:12:a8:cc:6e:ac:31:a3:6b:de:51:a8:07:6b:6b:c4
Signer

Actual PE Digest

28:20:75:f0:e4:12:a8:cc:6e:ac:31:a3:6b:de:51:a8:07:6b:6b:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreateSequential

version

VerQueryValueW

winmm

waveOutPause
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutRestart
waveOutOpen
waveOutGetNumDevs
waveOutReset
waveOutClose

opengl32

glTexParameteri
glTexImage2D
glGenTextures
glDeleteTextures
glBlendFunc
glBindTexture
wglMakeCurrent
wglGetProcAddress
wglDeleteContext
wglCreateContext
glViewport
glScissor
glPixelStorei
glGetFloatv
glDrawElements
glGetString
glGetIntegerv
glGetError
glEnable
glDrawArrays
glDisable
glClearColor
glClear

glew32

__glewGenBuffers
__glewDeleteBuffers
__glewBufferSubData
__glewBufferData
__glewGetShaderInfoLog
__glewBindFramebuffer
__glewBindBuffer
__glewVertexAttribPointer
__glewGetUniformLocation
__glewGetShaderiv
__glewLinkProgram
__glewShaderSource
__glewUniform1i
__glewUniformMatrix4fv
__glewUseProgram
__glewFramebufferTexture1D
__glewFramebufferTexture3D
__glewGenerateMipmap
__glewGetFramebufferAttachmentParameteriv
__glewBindRenderbuffer
__glewCheckFramebufferStatus
__glewDeleteFramebuffers
__glewDeleteRenderbuffers
__glewFramebufferRenderbuffer
__glewFramebufferTexture2D
__glewGenFramebuffers
__glewGenRenderbuffers
__glewRenderbufferStorage
glewInit
glewIsSupported
__glewGetRenderbufferParameteriv
glewGetErrorString
__glewCompressedTexImage2D
__glewAttachShader
__glewBindAttribLocation
__glewCompileShader
__glewCreateProgram
__glewCreateShader
__glewDeleteProgram
__glewDeleteShader
__glewDisableVertexAttribArray
__glewIsFramebuffer
__glewIsRenderbuffer
__GLEW_ARB_fragment_shader
__GLEW_ARB_vertex_shader
__glewEnableVertexAttribArray

libtiff

_TIFFmalloc
TIFFClose
TIFFGetField
TIFFReadRGBAImageOriented
TIFFClientOpen
_TIFFfree

zlib1

inflateInit_
inflateReset
gzopen
inflateInit2_
crc32
gzclose
gzread
uncompress
inflateEnd
inflate

pthreadvce2

sem_post

libxml2

xmlGetProp
xmlFree
xmlReadFile
xmlSAXUserParseMemory
xmlCleanupParser
xmlMemoryDump
xmlInitParser
xmlNodeGetContent
xmlNodeSetContent
xmlAddChild
xmlDocSetRootElement
xmlDocGetRootElement
xmlNewText
xmlNewNode
xmlFreeDoc
xmlParseFile
xmlNewDoc
xmlStrcmp
xmlCheckVersion
xmlSaveFile

steam_api

SteamAPI_Init
SteamAPI_SetMiniDumpComment
SteamAPI_Shutdown
SteamAPI_WriteMiniDump
SteamUtils

kernel32

GetCurrentDirectoryW
FindResourceW
OutputDebugStringW
GetModuleHandleW
GetModuleFileNameW
SizeofResource
LoadResource
Sleep
GetLastError
LocalFree
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
IsValidLocale
GetStringTypeW
CreateFileW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
FlushFileBuffers
DeleteFileW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetFileType
FindNextFileW
GetProcessHeap
WriteFile
GetStdHandle
HeapSize
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
TlsFree
GetFileAttributesA
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExW
ExitThread
GetCurrentThreadId
GetTimeZoneInformation
GetDriveTypeW
FindFirstFileExW
GetCommandLineW
ReadFile
SetCurrentDirectoryW
SetEnvironmentVariableW
HeapReAlloc
RtlUnwind
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindClose
HeapAlloc
HeapFree
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EncodePointer
IsProcessorFeaturePresent
InterlockedDecrement
InterlockedIncrement
CreateEventW
WaitForSingleObjectEx
GetSystemTimeAsFileTime
CreateSemaphoreA
CreateEventA
CloseHandle
WaitForSingleObject
ReleaseSemaphore
SetEvent
ResumeThread
SuspendThread
SetThreadPriority
CreateThread
FindResourceA
GetVersionExA
GetFullPathNameW
LocalAlloc
GlobalUnlock
GlobalLock
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
DecodePointer
RaiseException
SetLastError
IsDebuggerPresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FindFirstFileA
FindNextFileA
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
TlsSetValue
LockResource
GlobalAlloc
GlobalFree
GetVersionExW
FreeResource

user32

SetWindowPos
GetDlgItem
GetSystemMetrics
UpdateWindow
ShowScrollBar
GetClientRect
GetWindowRect
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
TranslateMessage
DispatchMessageW
PeekMessageW
PostQuitMessage
RegisterClassW
UnregisterClassW
IsWindow
GetWindowPlacement
SetWindowPlacement
OpenClipboard
CloseClipboard
GetClipboardData
GetKeyState
MoveWindow
ReleaseCapture
TranslateAcceleratorW
GetDC
BeginPaint
EndPaint
AdjustWindowRectEx
MessageBoxA
ScreenToClient
GetDesktopWindow
LoadCursorW
LoadIconW
EnumDisplaySettingsW
ShowWindow
CreateWindowExW
DestroyWindow
RegisterClassExW
DefWindowProcW
SetCapture
PostMessageW

gdi32

GetDeviceCaps
SetPixelFormat
SwapBuffers
ChoosePixelFormat
GetStockObject

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

OleSetContainedObject
CoGetClassObject
OleInitialize

oleaut32

VariantInit
VariantClear
SysAllocString

shlwapi

PathAppendW
PathRemoveFileSpecW

ws2_32

gethostname
recvfrom
getsockname
WSACleanup
WSAStartup
setsockopt
ioctlsocket
sendto
bind
socket
gethostbyname
getsockopt
inet_ntoa
inet_addr
htonl
htons
closesocket
ntohs

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 460KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86dfb489d6d597c6e04a3575b92ad2be

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

93:9c:e4:91:60:7b:7f:c3:77:b3:61:6b:1e:b0:ed:77Certificate

Extended Key Usages

Key Usages

28:20:75:f0:e4:12:a8:cc:6e:ac:31:a3:6b:de:51:a8:07:6b:6b:c4Signer

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

version

winmm

opengl32

glew32

libtiff

zlib1

pthreadvce2

libxml2

steam_api

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 460KB - Virtual size: 460KB

.data Size: 42KB - Virtual size: 232KB

.rsrc Size: 362KB - Virtual size: 362KB

.reloc Size: 87KB - Virtual size: 87KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

93:9c:e4:91:60:7b:7f:c3:77:b3:61:6b:1e:b0:ed:77
Certificate

28:20:75:f0:e4:12:a8:cc:6e:ac:31:a3:6b:de:51:a8:07:6b:6b:c4
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 460KB - Virtual size: 460KB

.data
Size: 42KB - Virtual size: 232KB

.rsrc
Size: 362KB - Virtual size: 362KB

.reloc
Size: 87KB - Virtual size: 87KB