2024-06-14_7ec5b81706267b170c3f8b0c635a7251_bkransomware

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-14_7ec5b81706267b170c3f8b0c635a7251_bkransomware
Size

1.4MB
MD5

7ec5b81706267b170c3f8b0c635a7251
SHA1

806944a9f82491d70d03c1e190697dd5595d4228
SHA256

61569f15035c17be1f930a0e73cd03b4f6a6d93aa6220a3677c33ca81ad48ca8
SHA512

5618fb92c0d13edf62b2f58cd7ee99ccd192bf459cf9d43324cdfe2f5238c2333649bc812e7829a09d235b7265f3619ac4226fffe421c9b75325f754a167ce71
SSDEEP

24576:1j8wGs0sn7zYrSJDZ5FFEVuS+/eO7TMsSK7w:t8g7zYrSJHEcf/eO7Tf7w

Score

1^/10

Malware Config

Signatures

Files

2024-06-14_7ec5b81706267b170c3f8b0c635a7251_bkransomware
.exe windows:5 windows x86 arch:x86

79451de743fb8705864cb6b079e6f091

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2e:05:2a:99:04:3a:cb:6d:3e:dc:cc:c2:ff:6a:b8:e8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10-06-2014 00:00

Not After

09-06-2016 23:59

Subject

CN=LumaPix Inc.,O=LumaPix Inc.,POSTALCODE=J4W 1M2,STREET=2220 Lapiniere Suite 203,L=Brossard,ST=QC,C=CA,2.5.4.18=#13074a345720314d32

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\Utils\FFProc\Release\FFProc.pdb

Imports

vcomp120

_vcomp_enter_critsect
_vcomp_fork
_vcomp_for_static_simple_init
_vcomp_for_static_end
omp_set_num_threads
_vcomp_leave_critsect

kernel32

GetOEMCP
GetCPInfo
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
HeapQueryInformation
VirtualQuery
LoadLibraryExW
GetStringTypeW
GetLocaleInfoW
CompareStringW
LCMapStringW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
OutputDebugStringA
GetModuleHandleA
GlobalAlloc
GlobalFree
lstrcmpA
SuspendThread
ResumeThread
GetVersionExW
GlobalDeleteAtom
lstrcmpW
CompareStringA
GetPrivateProfileIntW
GetACP
WritePrivateProfileStringW
GlobalAddAtomW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
GetFullPathNameW
GetVolumeInformationW
LockFile
UnlockFile
DuplicateHandle
LoadLibraryA
GetSystemDirectoryW
GlobalFindAtomW
InitializeCriticalSection
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
GetCurrentDirectoryW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SetErrorMode
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameW
GetStartupInfoW
GetFileType
GetStdHandle
GetCurrentThread
SetLastError
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
EncodePointer
GetCommandLineW
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedExchangeAdd
MoveFileW
FlushViewOfFile
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEndOfFile
InterlockedDecrement
InterlockedIncrement
RaiseException
HeapSize
lstrlenA
CreateThread
ExitThread
HeapReAlloc
DecodePointer
SetFilePointer
SetEvent
MapViewOfFileEx
OutputDebugStringW
CreateFileMappingW
CreateMutexW
UnmapViewOfFile
CreateDirectoryW
GetDriveTypeW
FormatMessageW
DeviceIoControl
GetProcessHeap
GetTempPathA
HeapFree
HeapAlloc
LocalFree
GlobalUnlock
GlobalLock
GlobalSize
FreeLibrary
WideCharToMultiByte
DeleteFileW
SetFileAttributesW
GetModuleHandleW
GetFileSize
MultiByteToWideChar
CreateNamedPipeW
CreateFileW
FindResourceW
LoadLibraryW
CreateEventW
ConnectNamedPipe
GetTickCount
GetSystemInfo
CloseHandle
ReadFile
WriteFile
SizeofResource
LoadResource
Sleep
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
SetThreadPriority
GetCurrentThreadId
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
SetProcessWorkingSetSize
GetProcAddress
LockResource
GetPrivateProfileStringW

user32

DrawTextW
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
ClientToScreen
LoadCursorW
GetSysColorBrush
GetDC
SetWindowTextW
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
LoadIconW
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetClientRect
RemovePropW
GetPropW
SetPropW
DrawTextExW
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
GetDlgItem
SetWindowPos
IsWindow
GetClassInfoExW
GetClassInfoW
CallWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetWindow
GetWindowTextW
GetSystemMetrics
CharUpperW
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongW
IsWindowEnabled
EnableWindow
SetCursor
PostQuitMessage
PostMessageW
CallNextHookEx
SetWindowsHookExW
ValidateRect
GetKeyState
GrayStringW
TabbedTextOutW
DestroyMenu
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
SendMessageW
UnhookWindowsHookEx
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetParent
UnregisterClassW
FindWindowW
EqualRect
IsRectEmpty
OffsetRect
CopyRect
GetCursorPos
MessageBoxW
GetWindowRect
ReleaseDC
GetWindowDC
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetMapMode
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
SetWindowExtEx
BitBlt
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CreateDIBSection

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW

shlwapi

PathIsURLW
PathIsUNCW
ord12
PathFileExistsW
PathFindExtensionW
PathAppendW
PathFindFileNameW
PathStripToRootW
PathIsDirectoryW

ole32

StgOpenStorageEx
CoUninitialize
CoCreateInstance
StgCreateStorageEx
StgIsStorageFile
StgOpenStorageOnILockBytes
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CLSIDFromString
CoInitialize

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType

gdiplus

GdipDrawImageI
GdipGraphicsClear
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipRemovePropertyItem
GdipGetImageThumbnail
GdipSetPropertyItem
GdipGetAllPropertyItems
GdipGetPropertySize
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertyIdList
GdipGetPropertyCount
GdiplusStartup
GdiplusShutdown
GdipCreatePen1
GdipDeletePen
GdipSetPenColor
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipCreateBitmapFromGdiDib
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipDeleteGraphics
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawImageRectRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipGetImageType
GdipImageRotateFlip

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79451de743fb8705864cb6b079e6f091

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2e:05:2a:99:04:3a:cb:6d:3e:dc:cc:c2:ff:6a:b8:e8Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vcomp120

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

gdiplus

oleacc

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 293KB - Virtual size: 292KB

.data Size: 35KB - Virtual size: 89KB

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 34KB - Virtual size: 33KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2e:05:2a:99:04:3a:cb:6d:3e:dc:cc:c2:ff:6a:b8:e8
Certificate

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 293KB - Virtual size: 292KB

.data
Size: 35KB - Virtual size: 89KB

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 34KB - Virtual size: 33KB