2024-06-28_e4ebd2286a04451384dcb9199fa6ac33_bkransomware

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-28_e4ebd2286a04451384dcb9199fa6ac33_bkransomware
Size

1.4MB
MD5

e4ebd2286a04451384dcb9199fa6ac33
SHA1

84f0170aecde8146139b56b6fb56ae7c0b4ba1f9
SHA256

8359ca4add8c59b527bb0666aff482079b1cb371c67bc75a0b561c879f3a7c2f
SHA512

116cef2d69dfbd52ea53147e7ad10b67cf5053bc0e97e75994750e92219e70f45c5d2111cf24a57d03d4dbae6cd0e0fc0dc6b031592e33e2fe9c1a3dd641e963
SSDEEP

24576:h5Uihs+ss7z/OGW2uDIESmVxw+B3TyJ7eTMsjS4:/UhGz/OGBEXHB3KeTe4

Score

1^/10

Malware Config

Signatures

Files

2024-06-28_e4ebd2286a04451384dcb9199fa6ac33_bkransomware
.exe windows:5 windows x86 arch:x86

e78e693629e3926e9cfd0b9b8e2c8600

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2e:05:2a:99:04:3a:cb:6d:3e:dc:cc:c2:ff:6a:b8:e8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/06/2014, 00:00

Not After

09/06/2016, 23:59

Subject

CN=LumaPix Inc.,O=LumaPix Inc.,POSTALCODE=J4W 1M2,STREET=2220 Lapiniere Suite 203,L=Brossard,ST=QC,C=CA,2.5.4.18=#13074a345720314d32

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\Utils\FFProc\Release\FFProc.pdb

Imports

vcomp120

_vcomp_enter_critsect
_vcomp_fork
_vcomp_for_static_simple_init
_vcomp_for_static_end
omp_set_num_threads
_vcomp_leave_critsect

kernel32

GetOEMCP
GetCPInfo
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
HeapQueryInformation
VirtualQuery
LoadLibraryExW
GetStringTypeW
GetLocaleInfoW
CompareStringW
LCMapStringW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
OutputDebugStringA
GetModuleHandleA
GlobalAlloc
GlobalFree
SuspendThread
ResumeThread
GetVersionExW
GlobalDeleteAtom
lstrcmpA
lstrcmpW
CompareStringA
GetPrivateProfileIntW
GetACP
WritePrivateProfileStringW
GlobalAddAtomW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
GetFullPathNameW
GetVolumeInformationW
LockFile
UnlockFile
DuplicateHandle
LoadLibraryA
GetSystemDirectoryW
GlobalFindAtomW
InitializeCriticalSection
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
GetCurrentDirectoryW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SetErrorMode
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameW
GetStartupInfoW
GetFileType
GetStdHandle
GetCurrentThread
SetLastError
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
EncodePointer
GetCommandLineW
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedExchangeAdd
MoveFileW
FlushViewOfFile
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEndOfFile
InterlockedDecrement
InterlockedIncrement
RaiseException
HeapSize
lstrlenA
CreateThread
ExitThread
HeapReAlloc
DecodePointer
SetFilePointer
SetEvent
MapViewOfFileEx
OutputDebugStringW
CreateFileMappingW
CreateMutexW
UnmapViewOfFile
CreateDirectoryW
GetDriveTypeW
FormatMessageW
DeviceIoControl
GetProcessHeap
GetTempPathA
HeapFree
HeapAlloc
LocalFree
GlobalUnlock
GlobalLock
GlobalSize
FreeLibrary
WideCharToMultiByte
DeleteFileW
SetFileAttributesW
GetModuleHandleW
GetFileSize
MultiByteToWideChar
CreateNamedPipeW
CreateFileW
FindResourceW
LoadLibraryW
CreateEventW
ConnectNamedPipe
GetTickCount
GetSystemInfo
CloseHandle
ReadFile
WriteFile
SizeofResource
LoadResource
Sleep
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
SetThreadPriority
GetCurrentThreadId
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
SetProcessWorkingSetSize
GetProcAddress
LockResource
GetPrivateProfileStringW

user32

DrawTextW
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
ClientToScreen
LoadCursorW
GetSysColorBrush
GetDC
SetWindowTextW
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
LoadIconW
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetClientRect
RemovePropW
GetPropW
SetPropW
DrawTextExW
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
GetDlgItem
SetWindowPos
IsWindow
GetClassInfoExW
GetClassInfoW
CallWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetWindow
GetWindowTextW
GetSystemMetrics
CharUpperW
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongW
IsWindowEnabled
EnableWindow
SetCursor
PostQuitMessage
PostMessageW
CallNextHookEx
SetWindowsHookExW
ValidateRect
GetKeyState
GrayStringW
TabbedTextOutW
DestroyMenu
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
SendMessageW
UnhookWindowsHookEx
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetParent
UnregisterClassW
FindWindowW
EqualRect
IsRectEmpty
OffsetRect
CopyRect
GetCursorPos
MessageBoxW
GetWindowRect
ReleaseDC
GetWindowDC
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetMapMode
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
SetWindowExtEx
BitBlt
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CreateDIBSection

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW

shlwapi

PathIsURLW
PathIsUNCW
ord12
PathFileExistsW
PathFindExtensionW
PathAppendW
PathFindFileNameW
PathStripToRootW
PathIsDirectoryW

ole32

StgOpenStorageEx
CoUninitialize
CoCreateInstance
StgCreateStorageEx
StgIsStorageFile
StgOpenStorageOnILockBytes
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CLSIDFromString
CoInitialize

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType

gdiplus

GdipDrawImageI
GdipGraphicsClear
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageThumbnail
GdipBitmapSetResolution
GdipSetPropertyItem
GdipGetAllPropertyItems
GdipGetPropertySize
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertyIdList
GdipGetPropertyCount
GdipImageRotateFlip
GdiplusStartup
GdiplusShutdown
GdipCreatePen1
GdipDeletePen
GdipSetPenColor
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipCreateBitmapFromGdiDib
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipDeleteGraphics
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawImageRectRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipGetImageType

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e78e693629e3926e9cfd0b9b8e2c8600

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2e:05:2a:99:04:3a:cb:6d:3e:dc:cc:c2:ff:6a:b8:e8Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vcomp120

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

gdiplus

oleacc

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 292KB - Virtual size: 292KB

.data Size: 35KB - Virtual size: 89KB

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 34KB - Virtual size: 33KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2e:05:2a:99:04:3a:cb:6d:3e:dc:cc:c2:ff:6a:b8:e8
Certificate

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 292KB - Virtual size: 292KB

.data
Size: 35KB - Virtual size: 89KB

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 34KB - Virtual size: 33KB