2024-06-19_3ada8f58eb44b31ef09feb08af6fe8a3_bkransomware

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-19_3ada8f58eb44b31ef09feb08af6fe8a3_bkransomware
Size

16.8MB
MD5

3ada8f58eb44b31ef09feb08af6fe8a3
SHA1

c1bfe2956df9f22a818937658c0732cfac2468c1
SHA256

57bd66dbb38a3837e2c761597f04ff20029ca657d09d8f1d84035788f47d2837
SHA512

d285a2bbcfda18524d0ed4a102099f3c3e77bbf227035573d3a5081a03e904a2e20b8872fd9c8512ba62929f03322e68782634538ee16c5474ae3ca3b46e6135
SSDEEP

393216:/0005W5DRPiFGpBEI5hM4gkhiCJfsmalAQtSCE:/0pW5FKcpbM4jsmr5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-19_3ada8f58eb44b31ef09feb08af6fe8a3_bkransomware

Files

2024-06-19_3ada8f58eb44b31ef09feb08af6fe8a3_bkransomware
.exe windows:5 windows x86 arch:x86

0635d92be67657dd53857b8bac923f13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\530\exe\vs\release\multi\standard\baas_web_installer_windows_enterprise.pdb

Imports

dbghelp

ImageNtHeader

gdiplus

GdipSetSmoothingMode
GdipGetFontSize
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangleI
GdipCreateFontFamilyFromName
GdipCreatePen1
GdipDeletePen
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDrawRectangleI
GdipDrawImagePointRectI
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatAlign
GdipGetStringFormatAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatLineAlign
GdipGetEmHeight
GdipGetCellDescent
GdipGetFamily
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDrawLineI
GdipLoadImageFromStream
GdipFillPath
GdipDrawPath
GdipGetSmoothingMode
GdipGetFontStyle
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipResetClip
GdipSetClipRect
GdipResetWorldTransform
GdipSetWorldTransform
GdipFillRegion
GdipDeleteRegion
GdipCreateRegionHrgn
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipSetImageAttributesRemapTable
GdipCreateStringFormat
GdiplusStartup
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily

advapi32

SetNamedSecurityInfoW
ConvertSecurityDescriptorToStringSecurityDescriptorW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
GetInheritanceSourceW
FreeInheritedFromArray
StartServiceW
QueryServiceStatusEx
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
DeleteService
CreateServiceW
ControlService
ChangeServiceConfig2W
ChangeServiceConfigW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
EqualSid
AllocateAndInitializeSid
FreeSid
LogonUserW
CheckTokenMembership
RegOpenKeyExA
InitiateSystemShutdownW
OpenProcessToken
OpenThreadToken
GetTokenInformation
AdjustTokenPrivileges
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueA
GetFileSecurityW
GetExplicitEntriesFromAclW
GetUserNameA
GetUserNameW
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegEnumValueW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegQueryInfoKeyA
RegSetKeySecurity
SetSecurityInfo
CloseServiceHandle
CreateProcessAsUserW
CreateProcessWithLogonW
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser
EncryptFileW
DecryptFileW
GetSecurityDescriptorOwner
SetFileSecurityW
OpenEncryptedFileRawW
ReadEncryptedFileRaw
WriteEncryptedFileRaw
CloseEncryptedFileRaw
SetThreadToken

kernel32

GetEnvironmentVariableW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
LoadResource
SizeofResource
lstrcmpiW
LoadLibraryA
LoadLibraryExW
GetModuleFileNameW
FindResourceW
MultiByteToWideChar
LocalFree
FormatMessageW
FlushInstructionCache
GetCurrentProcess
SetLastError
SetThreadExecutionState
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetSystemDirectoryW
CreateFileW
SetErrorMode
LoadLibraryExA
GetVersion
GetShortPathNameA
GetSystemInfo
CreateProcessA
GetWindowsDirectoryA
RemoveDirectoryA
RemoveDirectoryW
DeleteFileA
DeleteFileW
MoveFileA
MoveFileW
MoveFileExW
GetComputerNameExW
GetVersionExA
LocalAlloc
GetCurrentThread
GetShortPathNameW
FormatMessageA
GetLogicalDriveStringsA
GetLogicalDriveStringsW
LoadLibraryW
GetModuleFileNameA
CreateProcessW
GetStartupInfoA
GetStartupInfoW
GetEnvironmentVariableA
SetEnvironmentVariableA
SetEnvironmentVariableW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
OutputDebugStringA
OutputDebugStringW
GetDriveTypeA
GetDriveTypeW
GetSystemDirectoryA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateDirectoryA
CreateDirectoryW
GetFullPathNameA
Sleep
CreateFileA
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
GetFileAttributesW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
CopyFileA
CopyFileW
GetComputerNameA
GetComputerNameW
SetComputerNameA
SetComputerNameW
WideCharToMultiByte
GetLocaleInfoA
GetLocaleInfoW
GetTimeFormatA
GetTimeFormatW
GetDateFormatA
GetDateFormatW
GetNumberFormatA
GetNumberFormatW
WriteConsoleA
WriteConsoleW
GetConsoleOutputCP
GetLogicalDrives
GetDiskFreeSpaceExW
GetProcessTimes
OpenProcess
TerminateProcess
GetExitCodeProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
WaitForSingleObject
GetFileType
GetStdHandle
DuplicateHandle
SetHandleInformation
CompareFileTime
CreatePipe
CreateToolhelp32Snapshot
Process32First
Process32Next
WriteFile
ReadFile
IsDebuggerPresent
DebugBreak
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
InitializeCriticalSection
SetThreadPriority
GetThreadPriority
TerminateThread
GetCurrentProcessId
GetTickCount
LCMapStringA
LCMapStringW
GetFileInformationByHandle
DeviceIoControl
GetProcessWorkingSetSize
SetProcessWorkingSetSize
LockFileEx
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileTime
GetDiskFreeSpaceW
CreateHardLinkW
GetVolumeInformationW
FindFirstChangeNotificationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
CompareStringW
FindNextChangeNotification
FindCloseChangeNotification
GetFileTime
BackupRead
BackupSeek
BackupWrite
GetFileAttributesExW
LockResource
ExitThread
FindResourceExW
EnumResourceNamesW
EnumResourceLanguagesW
QueryDosDeviceA
GetSystemDefaultLangID
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLongPathNameW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateThread
CancelIo
GetLocalTime
SystemTimeToFileTime
FindClose
FileTimeToLocalFileTime
GetUserDefaultUILanguage
AreFileApisANSI
GetSystemTime
GetDiskFreeSpaceA
CreateFileMappingA
HeapValidate
HeapCreate
GetVersionExW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
HeapCompact
CreateMutexW
GetFileSize
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VerifyVersionInfoA
MulDiv
GlobalFree
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
GetModuleHandleA
GlobalUnlock
GlobalLock
GlobalAlloc
ResumeThread
RegisterWaitForSingleObject
UnregisterWait
GetCPInfo
ExitProcess
GetModuleHandleExW
SetFilePointerEx
SetStdHandle
PeekNamedPipe
FileTimeToSystemTime
GetConsoleMode
ReadConsoleW
GetACP
GetConsoleCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
CreateSemaphoreW
IsValidCodePage
GetOEMCP
GetThreadTimes
FreeLibraryAndExitThread
ReleaseSemaphore
InitializeSListHead
UnregisterWaitEx
VirtualAlloc
VirtualFree
VirtualProtect
GetStringTypeW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
lstrlenA
SuspendThread
VerifyVersionInfoW
GetModuleHandleW
GetProcAddress
VerSetConditionMask
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
CreateSemaphoreA
GetThreadLocale
QueryPerformanceFrequency
SleepEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
IsProcessorFeaturePresent
CreateTimerQueue
RtlUnwind
EncodePointer
GetCommandLineW
GetFullPathNameW

user32

PeekMessageA
DispatchMessageW
DispatchMessageA
wsprintfW
GetUserObjectInformationA
GetProcessWindowStation
GetDesktopWindow
SwitchToThisWindow
GetActiveWindow
GetDlgCtrlID
IsWindowVisible
EnableWindow
ReleaseDC
GetDC
GetSystemMetrics
DialogBoxParamW
SetWindowTextW
IsWindow
CharNextW
DestroyWindow
GetClassNameA
SetParent
GetWindowRect
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
SetWindowLongA
SetFocus
GetDlgItem
EndDialog
SetWindowPos
ShowWindow
PeekMessageW
MessageBoxExW
KillTimer
SetTimer
EnumWindows
GetWindowTextLengthW
GetWindowTextW
SetForegroundWindow
SendMessageA
SendNotifyMessageA
SendNotifyMessageW
PostMessageA
DefWindowProcA
RegisterClassExA
CreateDialogIndirectParamA
CreateDialogIndirectParamW
RegisterClipboardFormatA
RegisterClipboardFormatW
GetClipboardFormatNameA
GetClipboardFormatNameW
VkKeyScanA
VkKeyScanW
VkKeyScanExA
keybd_event
LoadImageW
LoadIconW
LoadCursorW
WinHelpA
GetWindowLongW
CreateWindowExW
RegisterClassExW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SendMessageW
DefWindowProcW
UnregisterClassW
wvsprintfW
IsCharAlphaNumericW
VkKeyScanExW
WinHelpW
SystemParametersInfoA
FillRect
ScreenToClient
GetCursorPos
SetCursor
CallWindowProcW
IntersectRect
RedrawWindow
AppendMenuA
AppendMenuW
ModifyMenuA
ModifyMenuW
SetWindowTextA
PostMessageW
GetWindowLongA
GetClassInfoExW
UpdateLayeredWindow
GetScrollInfo
SetWindowRgn
IsWindowEnabled
CreateWindowExA
TranslateMessage
GetMessageA
CharUpperBuffW
MessageBoxA
GetFocus
SystemParametersInfoW
SetWindowLongW

gdi32

SetViewportOrgEx
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsW
GetDeviceCaps
CreateRectRgn
CreateSolidBrush
SetTextColor
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetObjectW
TextOutW
CreateRoundRectRgn
CreateFontIndirectA
CreateFontIndirectW
EnumFontFamiliesExA
EnumFontFamiliesExW
DPtoLP
GetTextMetricsA
BitBlt

comctl32

InitCommonControlsEx

ws2_32

ntohl
gethostbyname
gethostname
WSAIoctl
WSASetLastError
WSAEventSelect
WSAEnumNetworkEvents
WSAStartup
WSACleanup
bind
closesocket
ioctlsocket
htonl
htons
inet_addr
recv
sendto
socket
WSAGetLastError
WSAGetOverlappedResult
getpeername
getsockname
ntohs
setsockopt
getaddrinfo
freeaddrinfo
getnameinfo
__WSAFDIsSet
connect
select
shutdown
WSARecv
WSASend
WSACloseEvent
WSACreateEvent
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
send
accept
getsockopt
listen
recvfrom

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteA
ShellExecuteW
ShellExecuteExA
SHGetFolderPathA
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetPathFromIDListA
SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteExW

comdlg32

GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW

ole32

CreateStreamOnHGlobal
CoSetProxyBlanket
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CoInitializeEx
OleRun
ReleaseStgMedium
CoInitializeSecurity

oleaut32

SafeArrayGetDim
VarBstrCat
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
VariantClear
VariantInit
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

PathCanonicalizeW
PathGetCharTypeW
PathGetDriveNumberW
PathIsDirectoryW
PathAppendW
PathSearchAndQualifyW

Exports

Exports

Settings_Deinitialize
Settings_Enumerate
Settings_Get
Settings_Initialize
Settings_Initialize_MultiFile
Settings_Initialize_Override
Settings_Initialize_Override_And_MultiFile
Settings_Register_Modification_Callback
Settings_Set_To_Override
Settings_Set_To_Registry
Settings_Unregister_Modification_Callback

Sections

.text
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 391KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 552KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 539KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0635d92be67657dd53857b8bac923f13

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

gdiplus

advapi32

kernel32

user32

gdi32

comctl32

ws2_32

shell32

comdlg32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 8.4MB - Virtual size: 8.4MB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 391KB - Virtual size: 619KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 552KB - Virtual size: 551KB

.reloc Size: 539KB - Virtual size: 538KB

.text
Size: 8.4MB - Virtual size: 8.4MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 391KB - Virtual size: 619KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 552KB - Virtual size: 551KB

.reloc
Size: 539KB - Virtual size: 538KB