2024-06-28_f38bbddba39940b6990bb4f7d220763e_bkransomware_floxif

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-28_f38bbddba39940b6990bb4f7d220763e_bkransomware_floxif
Size

583KB
MD5

f38bbddba39940b6990bb4f7d220763e
SHA1

12815c8721ce22653c71ea92232859ed1cef7d66
SHA256

4ef6ec4359e4cc12c4a50c71c8402566e7cd918ed7c9e0a562bbca61a0495889
SHA512

146ee1248ac088969f051a49a54a538cf055dacfde0db08dfb20cfc4aa3294402695ab9b14b70723328cd3ac8930f63622f019ed203d9b0b220b4ec84ef443b7
SSDEEP

12288:tVBag6SooCo1IK6GmO14clBMFbK5zqDgp+8NBjvrEH7K:tVkgOFo1IKZ1dlBQL+JrEH7K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-28_f38bbddba39940b6990bb4f7d220763e_bkransomware_floxif

Files

2024-06-28_f38bbddba39940b6990bb4f7d220763e_bkransomware_floxif
.exe windows:6 windows x86 arch:x86

25df3164ead07fee2a699b3b3f11ec05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\7139\VSS60\projects\ole server\service\LcSvrPas\URelease\LcSvrPas.pdb

Imports

kernel32

FindNextFileW
IsDebuggerPresent
OutputDebugStringW
TlsSetValue
TlsGetValue
FindFirstFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
EnumSystemLocalesW
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
FreeLibrary
GetCurrentThreadId
GetCurrentThread
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetCommandLineW
lstrlenA
DeleteFileW
Sleep
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
lstrlenW
FormatMessageW
LocalFree
LocalAlloc
GetCurrentProcess
GetModuleHandleW
GetLastError
CloseHandle
GetLocaleInfoW
GetProcAddress
CreateFileW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetConsoleMode
TlsAlloc
GetConsoleCP
SetConsoleCtrlHandler
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FatalAppExitA
TerminateProcess
CreateEventW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetStartupInfoW
GetFileType
GetStdHandle
GetProcessHeap
AreFileApisANSI
HeapReAlloc
HeapSize
CreateSemaphoreW
GetTickCount
WideCharToMultiByte
RtlUnwind
EncodePointer
HeapFree
HeapAlloc
IsProcessorFeaturePresent
SetLastError
ExitProcess
GetModuleHandleExW
TlsFree

user32

LoadStringW
UnregisterClassW
MessageBoxW
CharNextW
GetMessageW
DispatchMessageW
PostThreadMessageW

advapi32

OpenSCManagerW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
OpenThreadToken
ReportEventW
RegisterEventSourceW
DeregisterEventSource
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

ole32

CoCreateInstanceEx
CoUninitialize
CLSIDFromString
OleRun
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoRevokeClassObject
CoInitializeSecurity
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CLSIDFromProgID
CoRegisterClassObject

oleaut32

UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
CreateErrorInfo
GetErrorInfo
SetErrorInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25df3164ead07fee2a699b3b3f11ec05

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

version

Sections

.text Size: 356KB - Virtual size: 355KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 9KB - Virtual size: 84KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 9KB - Virtual size: 84KB

.rsrc
Size: 7KB - Virtual size: 6KB