2024-06-11_d5725c96ad6b615a96932a7ca66c9700_bkransomware_metamorfo

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-11_d5725c96ad6b615a96932a7ca66c9700_bkransomware_metamorfo
Size

3.1MB
MD5

d5725c96ad6b615a96932a7ca66c9700
SHA1

dc535ea71f37587f07c66d51ea347507deb8aed5
SHA256

5803a6a93a262deb81505ad3ab545c6386d7554c27d6a1672a02445fbf8e5678
SHA512

b0208763e666196349521bc0b6bb67f520971d30c3fbb81924d6ecd442c4888a52c130111d0e3009ee4592fffd9a2fa569309166a453fc861c0e67d517a6784f
SSDEEP

6144:rE4i1rgXyG/+vQn3OEF2SeCz/MTcPZKqXXDYJDO9AOoAOgTlW8g5RS8WL2u8p:4c37F2S7MTiZKRpO9iK3YRLp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-11_d5725c96ad6b615a96932a7ca66c9700_bkransomware_metamorfo

Files

2024-06-11_d5725c96ad6b615a96932a7ca66c9700_bkransomware_metamorfo
.exe windows:5 windows x86 arch:x86

ad4cea75ac1ff62db948f35ed531cd17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\development\sources\orakuin\Release\orakuin.pdb

Imports

libeksd

WidgetSetEnabled
WidgetSetBackgroundColor
WidgetSetVisible
WidgetSetValue
WidgetGetVisible
Initialize
FileDownloadViaHTTP
WidgetSetDefinition
ImageConvertHSVtoRGB
ImageBltBitmap
WidgetFree
FilePutValueToSetting
FileGetSaveFilePath
WidgetSetDropdownItem
WidgetGetEnabled
FileGetOpenFilePath
FileGetValueFromSetting
WidgetGetValue
DatabaseGetDefinition
WidgetDestroy
WidgetValidValue
DatabaseNormalize
WidgetFocus
WidgetCreate
MessageShow
WidgetSetDropdownHeight
WidgetGetDefinition

liborakuin

HookUnsetMouseHook
HookSetKeyboardHook
HookUnsetKeyboardHook
HookSetMouseHook

kernel32

GetModuleFileNameW
WriteFile
GetModuleFileNameA
GetProcessHeap
AreFileApisANSI
CreateMutexW
HeapAlloc
HeapFree
WaitForSingleObject
GetTickCount
OpenMutexW
GetLastError
GetCurrentDirectoryW
SetCurrentDirectoryW
ReleaseMutex
CloseHandle
HeapReAlloc
MulDiv
GetMailslotInfo
ReadFile
CreateMailslotW
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
GetModuleHandleW
HeapDestroy
HeapCreate
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
QueryPerformanceCounter
GetStdHandle
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
DecodePointer
EncodePointer
GetCommandLineA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
RaiseException
ReadConsoleW
SetStdHandle
FlushFileBuffers
LoadLibraryExW
OutputDebugStringW
WriteConsoleW
LCMapStringW
CreateFileW
HeapSize
SetEndOfFile
GetFileType

user32

GetDesktopWindow
TranslateMessage
GetMessageW
TranslateAcceleratorW
GetActiveWindow
GetSystemMetrics
DispatchMessageW
UpdateLayeredWindow
SetTimer
PostQuitMessage
TrackPopupMenu
FillRect
LoadImageW
KillTimer
SetForegroundWindow
DrawTextExW
InsertMenuItemW
GetKeyboardLayout
GetAsyncKeyState
EnableMenuItem
MapVirtualKeyExW
SetWindowLongW
GetCursorPos
SetLayeredWindowAttributes
CreatePopupMenu
DestroyMenu
CheckMenuItem
ToUnicodeEx
SetCursor
GetParent
LoadCursorW
GetDC
InvalidateRect
GetWindowLongW
ReleaseDC
LoadStringW
SendMessageW
UpdateWindow
CallWindowProcW
DefWindowProcW

gdi32

SetTextColor
DeleteDC
Polygon
CreateDIBSection
CreateFontIndirectW
GetDeviceCaps
SetBkColor
CreateCompatibleDC
Pie
Ellipse
GetObjectW
RoundRect
DeleteObject
SelectObject
Rectangle
CreatePen
CreateSolidBrush
BitBlt
PatBlt
CreateFontW
CreateCompatibleBitmap
EnumFontFamiliesExW

comdlg32

ChooseColorW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

CommandLineToArgvW
Shell_NotifyIconW

Sections

.text
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad4cea75ac1ff62db948f35ed531cd17

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libeksd

liborakuin

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 342KB - Virtual size: 341KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 31KB - Virtual size: 2.4MB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 342KB - Virtual size: 341KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 31KB - Virtual size: 2.4MB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 32KB - Virtual size: 32KB