2024-06-28_ff19309a1fca4bf8bf0a7425ba2cd46a_bkransomware_floxif

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-28_ff19309a1fca4bf8bf0a7425ba2cd46a_bkransomware_floxif
Size

583KB
MD5

ff19309a1fca4bf8bf0a7425ba2cd46a
SHA1

98d33fc7bc0c110016eeef9a7e15b3a3669eb13a
SHA256

6d3972cf214bb044595e66980f38769d9ef6e5420ad85721eba96eacfbb2861f
SHA512

fba46a4e9a47a2c10cd1b245d506076f6db29f95bd2df7df227cbb580a29e21eb9f93e3abbbe0ade022de8043359145f182d1b229035a8d6706b16070a3a0fcf
SSDEEP

12288:tVBag6Soo6Mo18KOmO14clBMFbK5zqDgp+8NBjvrEH7N:tVkgOKo18Ka1dlBQL+JrEH7N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-28_ff19309a1fca4bf8bf0a7425ba2cd46a_bkransomware_floxif

Files

2024-06-28_ff19309a1fca4bf8bf0a7425ba2cd46a_bkransomware_floxif
.exe windows:6 windows x86 arch:x86

25df3164ead07fee2a699b3b3f11ec05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\7139\VSS60\projects\ole server\service\LcSvrPas\URelease\LcSvrPas.pdb

Imports

kernel32

FindNextFileW
IsDebuggerPresent
OutputDebugStringW
TlsSetValue
TlsGetValue
FindFirstFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
EnumSystemLocalesW
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
FreeLibrary
GetCurrentThreadId
GetCurrentThread
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetCommandLineW
lstrlenA
DeleteFileW
Sleep
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
lstrlenW
FormatMessageW
LocalFree
LocalAlloc
GetCurrentProcess
GetModuleHandleW
GetLastError
CloseHandle
GetLocaleInfoW
GetProcAddress
CreateFileW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetConsoleMode
TlsAlloc
GetConsoleCP
SetConsoleCtrlHandler
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FatalAppExitA
TerminateProcess
CreateEventW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetStartupInfoW
GetFileType
GetStdHandle
GetProcessHeap
AreFileApisANSI
HeapReAlloc
HeapSize
CreateSemaphoreW
GetTickCount
WideCharToMultiByte
RtlUnwind
EncodePointer
HeapFree
HeapAlloc
IsProcessorFeaturePresent
SetLastError
ExitProcess
GetModuleHandleExW
TlsFree

user32

LoadStringW
UnregisterClassW
MessageBoxW
CharNextW
GetMessageW
DispatchMessageW
PostThreadMessageW

advapi32

OpenSCManagerW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
OpenThreadToken
ReportEventW
RegisterEventSourceW
DeregisterEventSource
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

ole32

CoCreateInstanceEx
CoUninitialize
CLSIDFromString
OleRun
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoRevokeClassObject
CoInitializeSecurity
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CLSIDFromProgID
CoRegisterClassObject

oleaut32

UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
CreateErrorInfo
GetErrorInfo
SetErrorInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25df3164ead07fee2a699b3b3f11ec05

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

version

Sections

.text Size: 356KB - Virtual size: 355KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 9KB - Virtual size: 84KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 9KB - Virtual size: 84KB

.rsrc
Size: 7KB - Virtual size: 6KB