2024-06-15_0fc1e596f54598bab7be71594f5abbc9_bkransomware

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-15_0fc1e596f54598bab7be71594f5abbc9_bkransomware
Size

387KB
MD5

0fc1e596f54598bab7be71594f5abbc9
SHA1

78c011a1cc0182b9dfebabd94e5869a21528d96c
SHA256

6a0a728fae8969107329a8cb8cfd28b05d713808f1b2bee33adcc6ca0025cc25
SHA512

423af59c61da176957a88d36fe133dd3329d36f413018ac5a15257d957c456c6b9fbf234acec49c7f8d7149fd8c3721cf9aca5d705e90d5e8ab7d76ef7b608b5
SSDEEP

6144:0A6zNkhDO/56odjg2ZK93jaPY777zRUPgaG0lwAD9gRsAOIRsAO/:N6zNkheNbZK93F773RUPk0lwDsQsJ

Score

1^/10

Malware Config

Signatures

Files

2024-06-15_0fc1e596f54598bab7be71594f5abbc9_bkransomware
.exe windows:6 windows x86 arch:x86

d9db03999971b47a712e83f3bd3bd796

Code Sign

7f:7a:98:21:56:28:d3:ac:30:a9:ea:87:35:c1:ba:22
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03/03/2017, 00:00

Not After

01/04/2020, 23:59

Subject

CN=MAGIX Software GmbH,O=MAGIX Software GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:7a:98:21:56:28:d3:ac:30:a9:ea:87:35:c1:ba:22
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03/03/2017, 00:00

Not After

01/04/2020, 23:59

Subject

CN=MAGIX Software GmbH,O=MAGIX Software GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:7d:51:c1:26:29:9e:cb:d6:07:c2:08:89:93:0d:4a:85:4e:e5:bb:48:39:7a:83:b9:02:7f:eb:e9:9b:11:a4
Signer

Actual PE Digest

15:7d:51:c1:26:29:9e:cb:d6:07:c2:08:89:93:0d:4a:85:4e:e5:bb:48:39:7a:83:b9:02:7f:eb:e9:9b:11:a4

Digest Algorithm

sha256

PE Digest Matches

true

0c:39:af:e8:83:13:10:07:86:28:c9:0f:72:fa:da:6d:43:1a:00:9f
Signer

Actual PE Digest

0c:39:af:e8:83:13:10:07:86:28:c9:0f:72:fa:da:6d:43:1a:00:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
ntohl
htons
htonl

kernel32

GetModuleHandleExW
SetEnvironmentVariableW
GetFullPathNameA
GetDriveTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
ReadFile
GetTempPathA
GetLastError
HeapFree
HeapAlloc
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
MultiByteToWideChar
EncodePointer
DecodePointer
DeleteCriticalSection
ExitProcess
GetCurrentDirectoryW
AreFileApisANSI
WideCharToMultiByte
CloseHandle
GetStdHandle
GetFileType
GetConsoleMode
ReadConsoleW
SetFilePointerEx
WriteFile
GetConsoleCP
SetStdHandle
GetCurrentProcessId
GetProcessHeap
GetModuleFileNameW
GetTimeZoneInformation
GetSystemTimeAsFileTime
RaiseException
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
CompareStringW
LCMapStringW
FlushFileBuffers
HeapReAlloc
LoadLibraryExW
WriteConsoleW
CreateFileW
OutputDebugStringW
HeapSize
SetEndOfFile
SetEnvironmentVariableA

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9db03999971b47a712e83f3bd3bd796

Code Sign

7f:7a:98:21:56:28:d3:ac:30:a9:ea:87:35:c1:ba:22Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

7f:7a:98:21:56:28:d3:ac:30:a9:ea:87:35:c1:ba:22Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

15:7d:51:c1:26:29:9e:cb:d6:07:c2:08:89:93:0d:4a:85:4e:e5:bb:48:39:7a:83:b9:02:7f:eb:e9:9b:11:a4Signer

0c:39:af:e8:83:13:10:07:86:28:c9:0f:72:fa:da:6d:43:1a:00:9fSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 258KB - Virtual size: 258KB

.rdata Size: 107KB - Virtual size: 106KB

.data Size: 5KB - Virtual size: 581KB

_RDATA Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

7f:7a:98:21:56:28:d3:ac:30:a9:ea:87:35:c1:ba:22
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

7f:7a:98:21:56:28:d3:ac:30:a9:ea:87:35:c1:ba:22
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

15:7d:51:c1:26:29:9e:cb:d6:07:c2:08:89:93:0d:4a:85:4e:e5:bb:48:39:7a:83:b9:02:7f:eb:e9:9b:11:a4
Signer

0c:39:af:e8:83:13:10:07:86:28:c9:0f:72:fa:da:6d:43:1a:00:9f
Signer

.text
Size: 258KB - Virtual size: 258KB

.rdata
Size: 107KB - Virtual size: 106KB

.data
Size: 5KB - Virtual size: 581KB

_RDATA
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B