2024-06-13_32fd7929f276bb65ecc04806b18f7163_bkransomware_wapomi

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-13_32fd7929f276bb65ecc04806b18f7163_bkransomware_wapomi
Size

3.2MB
MD5

32fd7929f276bb65ecc04806b18f7163
SHA1

f17f363224e7e1daac3beeb513b79cfc510de49f
SHA256

d82001a87dd4a5d9c2397cf6caf0e4b8345bfcba07de7f38368b42ff2a496f68
SHA512

24b9adc42d697402c63d8306f9f777a16051d0119f77dd36daaab7e9d2b47ae57748540f0c44ecf733df4712b182aac760371445041e53a31a13075b7057f46e
SSDEEP

98304:mKjFnM2TdO8BexqyhO1z+y4IGbxiGpYyd53V:mMxM+7yM1UQGGydJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-13_32fd7929f276bb65ecc04806b18f7163_bkransomware_wapomi

Files

2024-06-13_32fd7929f276bb65ecc04806b18f7163_bkransomware_wapomi
.exe windows:5 windows x86 arch:x86

570a7030bc5105e160ef32c9f3d2a8bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\win_work\ZXWebup\Release\ZXWebup.pdb

Imports

kernel32

TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
SetErrorMode
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetCommandLineW
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetTimeZoneInformation
ExitThread
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapQueryInformation
GetStdHandle
GetFileType
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
IsValidCodePage
GetCPInfo
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
TlsAlloc
ReadConsoleW
OutputDebugStringW
LCMapStringW
SetEnvironmentVariableA
WriteConsoleW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
VirtualProtect
VirtualFree
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
GlobalFindAtomW
GetSystemDirectoryW
EncodePointer
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
FreeResource
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GetVersionExW
GetCurrentThread
SetThreadPriority
CreateEventW
SetEvent
GetFileAttributesExW
FileTimeToLocalFileTime
GetCurrentProcessId
LoadLibraryExW
GetCurrentProcess
DuplicateHandle
GetVolumeInformationW
FlushFileBuffers
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleW
OutputDebugStringA
MultiByteToWideChar
FreeLibrary
SetLastError
GetVersionExA
LoadLibraryA
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
LoadLibraryW
LocalFileTimeToFileTime
SetFileTime
GetFileTime
SetEndOfFile
ReadFile
WriteFile
GetFileSize
QueryPerformanceCounter
InitializeCriticalSection
CreateThread
GetOEMCP
GetACP
GetComputerNameW
FormatMessageA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
CompareFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetSystemTime
MoveFileExW
MoveFileW
CopyFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CreateFileW
GetFullPathNameW
CreateDirectoryW
GetCurrentDirectoryW
GetCurrentDirectoryA
GetModuleHandleA
FindClose
SetFilePointer
GetProcAddress
DeleteCriticalSection
DecodePointer
EnterCriticalSection
HeapSize
GetLastError
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
Sleep
GetModuleFileNameW
CloseHandle
CreateProcessW
FindResourceW
LoadResource
LockResource
SetFilePointerEx
SizeofResource

user32

MonitorFromWindow
WinHelpW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetWindowTextW
RemovePropW
GetPropW
SetPropW
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
SetWindowPos
CreateWindowExW
GetClassInfoExW
PostMessageW
GetMonitorInfoW
EnableWindow
LoadIconW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
SetCursor
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
CopyRect
ReleaseDC
GetDC
GetDesktopWindow
SetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
PostQuitMessage
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
SetWindowTextW
IsDialogMessageW
DrawTextW
PeekMessageW
DispatchMessageW
ShowWindow
UnregisterClassW
SendMessageW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendDlgItemMessageA
GetParent
GetSubMenu
GetMenuItemID
GetMenuItemCount
CharUpperW
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetWindowThreadProcessId
GetLastActivePopup
UnhookWindowsHookEx
GetMessageW
TranslateMessage
DrawTextExW
GrayStringW
TabbedTextOutW
BeginPaint
EndPaint
ClientToScreen
LoadCursorW
RealChildWindowFromPoint
SetTimer
KillTimer
InvalidateRect
DestroyMenu
RegisterWindowMessageW
GetSysColorBrush

gdi32

SetMapMode
SelectObject
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteObject
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
DeleteDC

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

CryptGetUserKey
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
CryptHashData
CryptImportKey
CryptExportKey
CryptDeriveKey
CryptEnumProvidersA
CryptGetProvParam
RegOpenKeyW
CryptDestroyKey
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptSetHashParam
CryptAcquireContextW
RegSetValueExW
RegQueryValueExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
GetUserNameA
RegCloseKey
RegEnumValueA
RegOpenKeyExA

shell32

ShellExecuteW
ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

ole32

CoTaskMemFree
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocString
SysFreeString

ws2_32

inet_addr
inet_ntoa
ntohs
recv
select
send
setsockopt
shutdown
socket
gethostbyname
WSAStartup
WSAGetLastError
getsockname
htons
__WSAFDIsSet
bind
closesocket
connect
ioctlsocket
getsockopt

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 775KB - Virtual size: 775KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 250KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

��i�u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

570a7030bc5105e160ef32c9f3d2a8bd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

oleacc

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 775KB - Virtual size: 775KB

.data Size: 250KB - Virtual size: 290KB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 96KB - Virtual size: 95KB

��i�u� Size: 16KB - Virtual size: 20KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 775KB - Virtual size: 775KB

.data
Size: 250KB - Virtual size: 290KB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 96KB - Virtual size: 95KB

��i�u�
Size: 16KB - Virtual size: 20KB