2024-06-16_c2370ba89f70aa2e9081d41ba84c1a78_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_c2370ba89f70aa2e9081d41ba84c1a78_bkransomware
Size

3.5MB
MD5

c2370ba89f70aa2e9081d41ba84c1a78
SHA1

1081459b31912bd9f561cb26b77260ab9e785cb8
SHA256

78a9f8ea9f1b07480381904a403a7906cd29d83ff65774a3a3f9cf9782c20ab3
SHA512

5848347957ce1fec65bc5ed3e865d52cb89ed2fe93cbcd68015149e983588c9d634f9374492f283af58c64ae057e8a5410079a0706aee38ae557ddafcf95cd11
SSDEEP

98304:rkRAscGyE38Ney3MZU3pNgmB5ykcr32LUD3lOYpzPbh:rkRA7GL38Nb5AZd8YpzP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-16_c2370ba89f70aa2e9081d41ba84c1a78_bkransomware

Files

2024-06-16_c2370ba89f70aa2e9081d41ba84c1a78_bkransomware
.exe windows:5 windows x86 arch:x86

6fc3721f899db117167c49d09c8a9b7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetLastError
SetLastError
Sleep
LoadResource
SizeofResource
CloseHandle
GetTickCount
OpenProcess
GetCurrentProcessId
GlobalAlloc
GlobalFree
LocalFree
WaitForSingleObject
MulDiv
EnumResourceNamesW
IsValidLocale
GetUserDefaultLCID
SetErrorMode
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetFileSize
WriteFile
ReadFile
SetEndOfFile
SetFilePointer
FindClose
DecodePointer
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetVersion
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
DeviceIoControl
GetLocalTime
ResetEvent
GetCurrentThread
GetCurrentThreadId
CreateIoCompletionPort
GetQueuedCompletionStatus
FlushFileBuffers
ClearCommError
SetupComm
EscapeCommFunction
SetCommState
SetCommTimeouts
TerminateProcess
GetExitCodeProcess
GetExitCodeThread
SetEvent
ReleaseMutex
GetCommandLineW
GetProcessTimes
MoveFileExW
CompareStringA
InterlockedExchange
GetModuleHandleA
HeapAlloc
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
FlushInstructionCache
VirtualQuery
TlsGetValue
TlsAlloc
SystemTimeToFileTime
SetFileTime
TlsSetValue
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
ResumeThread
SuspendThread
SetThreadPriority
lstrcmpA
SetEnvironmentVariableA
GetConsoleCP
GetTimeZoneInformation
PeekNamedPipe
GetFileInformationByHandle
GetOEMCP
GetACP
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
GetStdHandle
HeapQueryInformation
GetModuleHandleExW
ExitProcess
VirtualAlloc
GetSystemInfo
ExitThread
GetThreadLocale
CreateThread
SetStdHandle
GetFileType
GetConsoleMode
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
VirtualProtect
VerifyVersionInfoW
VerSetConditionMask
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
LocalAlloc
FreeLibrary
GetModuleFileNameA
LockResource
LoadLibraryExA
GlobalSize
GlobalLock
GlobalUnlock
OutputDebugStringA
EncodePointer
GlobalDeleteAtom
LockFile
UnlockFile
DuplicateHandle

msimg32

AlphaBlend
TransparentBlt

uxtheme

DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemePartSize
IsAppThemed
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme

ws2_32

accept
bind
closesocket
connect
getpeername
htonl
htons
ntohs
recv
recvfrom
select
WSAAsyncSelect
WSASetLastError
socket
sendto
send

gdiplus

GdiplusShutdown
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

shlwapi

StrFormatKBSizeW
PathRemoveFileSpecW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fc3721f899db117167c49d09c8a9b7b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msimg32

uxtheme

ws2_32

gdiplus

imm32

oleacc

shlwapi

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 566KB - Virtual size: 566KB

.data Size: 32KB - Virtual size: 385KB

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 181KB - Virtual size: 181KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 566KB - Virtual size: 566KB

.data
Size: 32KB - Virtual size: 385KB

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 181KB - Virtual size: 181KB