2024-06-16_014c6c1209c9d83ffcb01f6b8e48faf5_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_014c6c1209c9d83ffcb01f6b8e48faf5_bkransomware
Size

14.2MB
MD5

014c6c1209c9d83ffcb01f6b8e48faf5
SHA1

f7bc32d3cc8eb59e55399c5641b82d151b5e069f
SHA256

aba30dc59d4dc9b895a8a09a85208403ba64d080b4ac5af2adac04d320820b7b
SHA512

907a258a99ca959518b6e546f500a736184b1d702e243cb436ba2106a6f97498d243fc035c18ea1c1e8b598fa4abccb5fab1cf403f4118afcdd4a8bb8306bb7e
SSDEEP

393216:NirRP7wov/gcR3mClt6IsqMhsuZN8M7plQmAfn:NilDlBmClcId9+pS

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-16_014c6c1209c9d83ffcb01f6b8e48faf5_bkransomware

Files

2024-06-16_014c6c1209c9d83ffcb01f6b8e48faf5_bkransomware
.exe windows:5 windows x86 arch:x86

2ed96fa9b3e9ad43d81d60a80ea45af2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\GOMAudio\project\bin\pdb\GOMAU.pdb

Imports

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

powrprof

SetSuspendState

kernel32

GetCurrentThread
GetVersion
LocalAlloc
GetPrivateProfileSectionNamesW
CompareStringW
IsDBCSLeadByteEx
GetNumberFormatW
GetUserDefaultLangID
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateThread
lstrcpynA
SetUnhandledExceptionFilter
VirtualQuery
IsBadWritePtr
SetThreadPriority
lstrcatW
RemoveDirectoryW
CreateEventW
SetEvent
ResetEvent
WaitForMultipleObjects
lstrcmpiW
LoadLibraryExW
WinExec
GetLogicalDrives
GetLocalTime
HeapAlloc
HeapFree
GetProcessHeap
GetWindowsDirectoryW
GetVersionExA
CreateFileA
SetEndOfFile
GetFileAttributesA
GetACP
IsDBCSLeadByte
lstrlenA
InterlockedIncrement
InterlockedDecrement
IsBadStringPtrW
IsBadReadPtr
GetSystemInfo
InterlockedExchange
InterlockedExchangeAdd
DeleteTimerQueueEx
GetCPInfo
FlushFileBuffers
GetStdHandle
GetFileType
FindFirstFileA
FindNextFileA
GetDriveTypeA
CreateDirectoryA
SetFileAttributesA
GetDiskFreeSpaceA
GetModuleHandleA
LocalFileTimeToFileTime
MoveFileA
VerifyVersionInfoW
GetCurrentProcessId
LoadLibraryExA
DeviceIoControl
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
OutputDebugStringW
VirtualFree
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
SetStdHandle
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetTimeFormatW
GetDateFormatW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleExW
ExitProcess
MoveFileExW
AreFileApisANSI
HeapSize
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
ResumeThread
GetFileAttributesExW
HeapReAlloc
ExitThread
RtlUnwind
GetStringTypeW
EncodePointer
GetSystemTimeAsFileTime
GetExitCodeThread
DuplicateHandle
GetTempPathW
SetFilePointer
GetVolumeInformationW
GetLongPathNameW
Sleep
SetFileAttributesW
DeleteFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpynW
CloseHandle
WriteFile
GetCurrentDirectoryW
GetCommandLineW
InitializeSListHead
GetFileInformationByHandle
WaitForSingleObjectEx
lstrlenW
GetDriveTypeW
WideCharToMultiByte
SystemTimeToFileTime
CopyFileW
FormatMessageW
LocalFree
SizeofResource
GetProcAddress
FreeResource
FreeLibrary
GetNativeSystemInfo
GetVersionExW
GetSystemTime
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
FindNextFileW
FindFirstFileW
FindClose
GetSystemDefaultLangID
SetFileTime
GetFileTime
GetFileAttributesW
ReadFile
GetFileSize
FileTimeToSystemTime
FileTimeToLocalFileTime
TerminateThread
GetDiskFreeSpaceExW
FindResourceW
lstrcmpW
MulDiv
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
LockResource
LoadResource
GetModuleFileNameW
GetModuleHandleW
FlushInstructionCache
GetCurrentThreadId
GetCurrentProcess
IsDebuggerPresent
SetLastError
SetDllDirectoryW
LoadLibraryW
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
GetTickCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VerSetConditionMask
lstrcpyW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DecodePointer
QueryDepthSList
UnregisterWaitEx
CreateFileW
CreateDirectoryW
VirtualAlloc
MultiByteToWideChar
WriteConsoleW
CreateProcessA
SetEnvironmentVariableA

user32

EnableMenuItem
CheckMenuItem
DestroyMenu
CreatePopupMenu
GetSystemMenu
GetMenuStringW
TranslateAcceleratorW
LoadAcceleratorsW
IsMenu
PostQuitMessage
GetSubMenu
GetMenuItemCount
AppendMenuW
ModifyMenuW
RemoveMenu
UnregisterClassW
PostMessageW
DefWindowProcW
RegisterClassW
GetClassInfoW
CreateWindowExW
IsWindow
SetWindowPos
SetFocus
UpdateWindow
DeleteMenu
GetClientRect
GetWindowRect
LoadCursorW
RegisterWindowMessageW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
ShowWindow
TrackPopupMenu
InsertMenuItemW
GetCursor
CheckMenuRadioItem
LoadBitmapW
WindowFromPoint
GetCursorInfo
RegisterHotKey
UnregisterHotKey
SetWindowRgn
InflateRect
CharUpperW
CharToOemBuffA
OemToCharBuffA
CharUpperA
OemToCharA
CharLowerA
GetTopWindow
LoadCursorFromFileW
CreateIconFromResource
LookupIconIdFromDirectory
SetParent
GetClassLongW
SetClassLongW
IsRectEmpty
SystemParametersInfoA
GetSystemMetrics
RemovePropW
SetPropW
GetPropW
GetSysColorBrush
SetLastErrorEx
AnimateWindow
AdjustWindowRectEx
ShowScrollBar
GetComboBoxInfo
GetWindowDC
DrawIcon
DrawIconEx
CharToOemA
LoadMenuW
MonitorFromPoint
SetWindowTextW
SendMessageTimeoutW
ExitWindowsEx
UnionRect
SetRectEmpty
GetCursorPos
PostThreadMessageW
wvsprintfW
SendDlgItemMessageW
SystemParametersInfoW
DestroyIcon
EnumWindows
EqualRect
CopyRect
SetForegroundWindow
GetForegroundWindow
IsClipboardFormatAvailable
GetClipboardData
BringWindowToTop
GetWindowPlacement
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
IsDialogMessageW
UnhookWindowsHookEx
FindWindowExW
IntersectRect
SetActiveWindow
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CallNextHookEx
SetWindowsHookExW
GetDlgItemTextA
SetDlgItemTextA
CreateDialogIndirectParamW
FindWindowW
RegisterWindowMessageA
wsprintfW
LoadStringW
LoadIconW
IsIconic
IsWindowVisible
UpdateLayeredWindow
SetLayeredWindowAttributes
SetCapture
ReleaseCapture
BeginPaint
EndPaint
InvalidateRect
RedrawWindow
SetCursor
SetRect
PtInRect
GetWindowLongW
SetWindowLongW
SendMessageW
IsChild
DestroyWindow
MoveWindow
DialogBoxIndirectParamW
EndDialog
GetDlgItem
CharNextW
GetActiveWindow
GetFocus
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDC
ReleaseDC
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowContextHelpId
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetDesktopWindow
GetParent
GetClassNameW
GetWindow
MapDialogRect
SetDlgItemInt
GetDlgItemInt
GetMessageW
SetDlgItemTextW
EnableWindow
MessageBoxW
SendMessageA
GetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
GetDlgCtrlID
GetKeyState
SetTimer
KillTimer
IsWindowEnabled
DrawTextW
MapWindowPoints
OffsetRect
CopyIcon
DestroyCursor
MonitorFromRect
MonitorFromWindow
GetMonitorInfoW
EnumChildWindows
LoadImageW

advapi32

RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
RegCreateKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegQueryValueW
LookupPrivilegeValueA
SetFileSecurityW
SetFileSecurityA
AdjustTokenPrivileges
RegCloseKey

ole32

CreateStreamOnHGlobal
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoFreeLibrary
CoLoadLibrary
OleSetContainedObject
OleCreate
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoGetObject
CoCreateGuid
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree

shell32

SHCreateDirectoryExW
SHAppBarMessage
DragFinish
DragQueryPoint
Shell_NotifyIconW
SHFileOperationW
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW
DragAcceptFiles
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderPathW

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VarBstrCmp
UnRegisterTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
AssocQueryStringW

gdi32

CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
GetObjectW
CreatePen
Rectangle
CreateDIBSection
SetBkMode
SetTextColor
CreateFontIndirectW
GetTextExtentPointW
GetTextExtentPoint32W
SetBkColor
GetTextMetricsW
CreateCompatibleDC
GetClipBox
CreateFontW
RestoreDC
SaveDC
StretchBlt
Polygon
SetStretchBltMode
EnumFontFamiliesExW
GetStretchBltMode
CreateRectRgn
SelectClipRgn
CreateRectRgnIndirect
CombineRgn
CreateEllipticRgn
CreateRoundRectRgn
OffsetRgn
CreatePatternBrush
StretchDIBits
GetObjectA
ExtTextOutW
BitBlt
CreateCompatibleBitmap

urlmon

UrlMkGetSessionOption
CreateURLMonikerEx
CreateAsyncBindCtx
RegisterBindStatusCallback
IsAsyncMoniker
UrlMkSetSessionOption

winmm

mciSendCommandW
timeKillEvent
timeSetEvent
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetID
mixerGetLineInfoW
waveOutGetNumDevs
mixerClose
mixerOpen
mixerGetDevCapsW
mixerGetNumDevs

gdiplus

GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipGetTextRenderingHint
GdipGetFontHeight
GdipCreateRegion
GdipSetStringFormatLineAlign
GdipFillRectangle
GdipGetLogFontW
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatFlags
GdipDrawLineI
GdipGetClip
GdipCombineRegionRectI
GdipSetEmpty
GdiplusStartup
GdipDrawRectangleI
GdipGetImageRawFormat
GdipCreatePen1
GdipImageRotateFlip
GdipCreateBitmapFromResource
GdipSetClipRegion
GdipBitmapLockBits
GdipGetPropertySize
GdipSaveImageToFile
GdipCreateHBITMAPFromBitmap
GdipGetImageEncoders
GdipBitmapGetPixel
GdipCreateImageAttributes
GdipCombineRegionRegion
GdipGetRegionHRgn
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImagePointRectI
GdipSetPixelOffsetMode
GdipReleaseDC
GdipSetClipRectI
GdipFillRegion
GdipGraphicsClear
GdipSetInterpolationMode
GdipGetAllPropertyItems
GdipCreateBitmapFromFile
GdipGetImageEncodersSize
GdipDisposeImageAttributes
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipCreateRegionRectI
GdipDrawImageRectI
GdipDrawImageI
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromStream
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipCloneBitmapAreaI
GdipDeletePen
GdiplusShutdown
GdipMeasureString
GdipSetStringFormatMeasurableCharacterRanges
GdipMeasureCharacterRanges
GdipResetClip
GdipCreateRegionRect
GdipDeleteRegion

iphlpapi

GetAdaptersInfo

wininet

InternetSetCookieW
InternetGetCookieW
InternetCrackUrlW
InternetCanonicalizeUrlW
HttpEndRequestW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionW
HttpQueryInfoW
InternetQueryOptionW
InternetOpenW
HttpSendRequestExW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetWriteFile
InternetConnectW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

crypt32

CertGetNameStringW

ws2_32

inet_addr
gethostbyaddr
gethostbyname
__WSAFDIsSet
closesocket
connect
htons
recv
select
send
shutdown
WSAGetLastError
WSAStartup
WSACleanup
ioctlsocket
socket

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

msimg32

AlphaBlend
TransparentBlt

comctl32

ImageList_Add
_TrackMouseEvent
ImageList_Remove
InitCommonControlsEx
ImageList_Create
ImageList_Destroy
ImageList_Draw
ImageList_AddMasked

imm32

ImmGetContext
ImmSetConversionStatus
ImmReleaseContext

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 650KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared_G
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ed96fa9b3e9ad43d81d60a80ea45af2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

comdlg32

powrprof

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

urlmon

winmm

gdiplus

iphlpapi

wininet

wintrust

crypt32

ws2_32

wtsapi32

msimg32

comctl32

imm32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 650KB - Virtual size: 650KB

.data Size: 72KB - Virtual size: 175KB

Shared_G Size: 512B - Virtual size: 12B

.rsrc Size: 10.3MB - Virtual size: 10.3MB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 650KB - Virtual size: 650KB

.data
Size: 72KB - Virtual size: 175KB

Shared_G
Size: 512B - Virtual size: 12B

.rsrc
Size: 10.3MB - Virtual size: 10.3MB