2024-06-28_0cb1a0e26dacc2c91f1d7e2c2575dc9b_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-28_0cb1a0e26dacc2c91f1d7e2c2575dc9b_bkransomware
Size

1018KB
MD5

0cb1a0e26dacc2c91f1d7e2c2575dc9b
SHA1

dffe4ed565ef3b06253dd1a23f9f1183f176544f
SHA256

0d75988cc1b85909d67c5c8e3cc1a40798fd82b0eb7395211f84f758bfa9e93a
SHA512

33f9aa6ea4d62acf9ddf51e42d335d22f52dba8fa34b9bc857ea99f0eff2731de56f5dd34136422f660283bdd53fe67ada727acbff978f751ab0f73016588c16
SSDEEP

24576:BfnKgckwfw3hu5sQKxsWiUlh2xg60NwJiAf:hAxw39M8h2xg60NwJiAf

Score

1^/10

Malware Config

Signatures

Files

2024-06-28_0cb1a0e26dacc2c91f1d7e2c2575dc9b_bkransomware
.exe windows:5 windows x86 arch:x86

1fbceca5f45bd97de11f6f2571fe21be

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c5:cd:47:56:b4:d7:5a:ce:9e:32:3d:6e:37:fc:a2:01
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/10/2014, 00:00

Not After

16/10/2017, 23:59

Subject

CN=Intellisoft LLC,O=Intellisoft LLC,POSTALCODE=85032,STREET=4124 E Meadow Dr,L=Phoenix,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:e6:db:09:a9:a2:32:8c:f6:91:e0:4c:ad:99:12:b0:ae:cb:f3:1d
Signer

Actual PE Digest

c2:e6:db:09:a9:a2:32:8c:f6:91:e0:4c:ad:99:12:b0:ae:cb:f3:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessImageFileNameW

kernel32

GetModuleFileNameW
CompareStringW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrlenA
ReadFile
QueryPerformanceFrequency
CreateThread
SetThreadPriority
GetOverlappedResult
ResumeThread
ResetEvent
WaitForMultipleObjects
GetCurrentDirectoryW
DebugBreak
OutputDebugStringW
FindFirstFileW
CreateMutexW
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
LoadLibraryExW
LoadLibraryW
LocalFree
SetEnvironmentVariableA
WriteConsoleW
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
VirtualProtect
UnregisterWaitEx
ReleaseSemaphore
DuplicateHandle
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetTimeZoneInformation
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
lstrcpyW
GetStdHandle
ReadConsoleW
GetConsoleMode
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetTickCount
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetCommandLineW
GetFileAttributesExW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
SetEvent
QueryDepthSList
InterlockedFlushSList
CreateTimerQueue
RtlUnwind
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetStringTypeW
EncodePointer
lstrcmpiW
SizeofResource
WaitForSingleObject
InterlockedIncrement
DecodePointer
FormatMessageW
LocalAlloc
GetVersionExW
lstrcpynW
GetFileAttributesW
FindResourceW
GetModuleHandleW
GetNativeSystemInfo
MulDiv
LoadResource
GetCurrentProcessId
OpenProcess
GetProcAddress
LockResource
InterlockedDecrement
CreateFileW
CreateEventW
DisconnectNamedPipe
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
SetFilePointer
SetEndOfFile
WriteFile
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
lstrlenW
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetStringTypeExA
GetUserDefaultLCID
LCMapStringW
LCMapStringA
LoadLibraryA
FreeLibrary
Sleep
InterlockedCompareExchange
InterlockedExchange
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetFileSize
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetFileType

user32

RedrawWindow
mouse_event
keybd_event
FrameRect
DrawFrameControl
IsChild
FindWindowExW
MoveWindow
PostThreadMessageW
RegisterWindowMessageW
InsertMenuItemW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetScrollPos
ShowScrollBar
EnableScrollBar
SetScrollInfo
GetScrollInfo
RealGetWindowClassW
TrackMouseEvent
RegisterClassW
GetClassInfoW
SetParent
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadStringA
LoadStringW
SendMessageW
PostMessageW
CallWindowProcW
UnregisterClassW
LoadMenuW
DestroyMenu
GetSubMenu
TrackPopupMenu
SetWindowTextW
GetWindowTextLengthW
MonitorFromPoint
IsDialogMessageW
DrawIconEx
DestroyIcon
LoadBitmapW
CheckMenuRadioItem
GetClassNameW
PtInRect
OffsetRect
InflateRect
CopyRect
SetRectEmpty
FillRect
GetWindowPlacement
SetWindowPlacement
DrawFocusRect
GetSysColor
ScreenToClient
GetCursorPos
SetCursorPos
EndPaint
BeginPaint
GetWindowDC
UpdateWindow
DrawStateW
DrawTextW
SetMenuDefaultItem
TrackPopupMenuEx
RemoveMenu
GetMenuItemCount
CreatePopupMenu
GetSystemMetrics
TranslateAcceleratorW
LoadAcceleratorsW
ReleaseCapture
SetCapture
GetCapture
GetDlgCtrlID
IsWindowVisible
IsWindow
PostQuitMessage
DefWindowProcW
GetMessagePos
GetMessageW
DrawEdge
CharNextW
LoadImageW
LoadCursorW
SetRect
SetCursor
InvalidateRect
ReleaseDC
GetDC
SetMenuItemInfoW
GetMenuItemInfoW
AppendMenuW
GetSystemMenu
SetMenu
GetMenu
IsWindowEnabled
EnableWindow
SetTimer
GetFocus
CreateDialogParamW
ShowWindow
DestroyWindow
IsMenu
CreateWindowExW
GetClassInfoExW
RegisterClassExW
MessageBoxW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetWindow
MapWindowPoints
MessageBeep
GetWindowRect
GetClientRect
GetWindowTextW
GetKeyState
GetActiveWindow
SetFocus
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
PeekMessageW
DispatchMessageW
TranslateMessage
GetParent
SetWindowLongW
GetWindowLongW
ClientToScreen
EnableMenuItem
SetWindowPos
SetScrollPos

gdi32

CreateSolidBrush
SetWindowOrgEx
LPtoDP
CreateFontW
CreateFontIndirectW
DeleteDC
DeleteObject
GetStockObject
GetClipBox
GetCurrentObject
LineTo
PatBlt
Rectangle
SetBkColor
SetBkMode
SetTextColor
CreateDIBSection
MoveToEx
ExtTextOutW
GetBkColor
GetTextColor
GetTextExtentPoint32W
SelectObject
GetObjectW
CreateBitmap
CreateCompatibleDC
CreatePen
GetTextExtentPointW
DPtoLP
BitBlt
CreateCompatibleBitmap
GetTextMetricsW
CreatePatternBrush
CreateRectRgnIndirect
SelectClipRgn

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

InitializeSecurityDescriptor
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
SetKernelObjectSecurity
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
RegSetValueExW

shell32

DragFinish
DragAcceptFiles
SHGetFolderPathW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW
DragQueryFileW
DragQueryPoint
ord165

ole32

CoFreeUnusedLibrariesEx
CoGetMalloc
CLSIDFromProgID
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
OleRun
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantTimeToSystemTime
VariantClear
VariantChangeType
VarUI4FromStr
SystemTimeToVariantTime
VariantInit
GetErrorInfo

shlwapi

ColorHLSToRGB
ColorRGBToHLS

comctl32

ImageList_LoadImageW
CreateStatusWindowW
InitCommonControlsEx
_TrackMouseEvent
ImageList_Draw
ImageList_Destroy

msimg32

AlphaBlend
GradientFill

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fbceca5f45bd97de11f6f2571fe21be

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

c5:cd:47:56:b4:d7:5a:ce:9e:32:3d:6e:37:fc:a2:01Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

c2:e6:db:09:a9:a2:32:8c:f6:91:e0:4c:ad:99:12:b0:ae:cb:f3:1dSigner

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

Sections

.text Size: 718KB - Virtual size: 718KB

.rdata Size: 154KB - Virtual size: 153KB

.data Size: 35KB - Virtual size: 44KB

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 42KB - Virtual size: 42KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

c5:cd:47:56:b4:d7:5a:ce:9e:32:3d:6e:37:fc:a2:01
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

c2:e6:db:09:a9:a2:32:8c:f6:91:e0:4c:ad:99:12:b0:ae:cb:f3:1d
Signer

.text
Size: 718KB - Virtual size: 718KB

.rdata
Size: 154KB - Virtual size: 153KB

.data
Size: 35KB - Virtual size: 44KB

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 42KB - Virtual size: 42KB