2024-06-29_a7996df29baa915b7483e59fc60fe69b_bkransomware_floxif

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-29_a7996df29baa915b7483e59fc60fe69b_bkransomware_floxif
Size

6.8MB
MD5

a7996df29baa915b7483e59fc60fe69b
SHA1

d902c8bc7ad8522f7debadb34696286c723c1270
SHA256

4066e125977940a4604f4e85d6b0d74e8bdf7b1bb2e4bf6a16370ab7348628d0
SHA512

66669d861a79b9132ec1ce7d04c1dce7e7e9fba3e2a1438d1f9313f1f50b846d105708bb28715a46ee5a68f0cb35a1d36a067018ab1f5ab3d0ef995d42792461
SSDEEP

98304:rlGnqRJdmVZM4BPoI1rFB7nAgBM4GvMImhWeapNddHmjgEfuZlwZqUj:xGnAdmzBM4loeaxdREfslwZqW

Score

1^/10

Malware Config

Signatures

Files

2024-06-29_a7996df29baa915b7483e59fc60fe69b_bkransomware_floxif
.exe windows:5 windows x86 arch:x86

388eeb3b4c9ca1b7f664736a8a74e42a

Code Sign

01:86:6c:08:fa:8c:7b:1a:79:e1:c3:1a:d6:78:46:9a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-01-2020 00:00

Not After

23-12-2022 12:00

Subject

SERIALNUMBER=CHE-113.666.835,CN=Acronis International GmbH,O=Acronis International GmbH,L=Schaffhausen,C=CH,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130c53636861666668617573656e,1.3.6.1.4.1.311.60.2.1.3=#13024348

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:75:98:b1:d3:7f:b9:57:c7:55:76:9d:ee:f2:ae:8f:8d:a9:1d:5c:14:e6:76:77:d1:b2:6c:20:b0:13:72:a5
Signer

Actual PE Digest

2c:75:98:b1:d3:7f:b9:57:c7:55:76:9d:ee:f2:ae:8f:8d:a9:1d:5c:14:e6:76:77:d1:b2:6c:20:b0:13:72:a5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins_agent\workspace\ati-main-win\1923\exe\vs_s\release\multi\standard\atih_uninstaller_standard.pdb

Imports

gdiplus

GdipLoadImageFromStream
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangleI
GdipNewPrivateFontCollection
GdipDeletePrivateFontCollection
GdipPrivateAddMemoryFont
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipSetClipRectI
GdipResetClip
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRectI
GdiplusStartup
GdiplusShutdown
GdipDrawImagePointRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetEmHeight
GdipGetCellDescent
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily

msi

ord111
ord173
ord8
ord141
ord78
ord153
ord151
ord28
ord74
ord80
ord32
ord159
ord160
ord166
ord158
ord17
ord121
ord103
ord114
ord137
ord150
ord219
ord120
ord20
ord92
ord26
ord205
ord181
ord88
ord169
ord70
ord125
ord118
ord115
ord123
ord171
ord48

advapi32

WriteEncryptedFileRaw
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashA
CryptEnumProvidersA
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
RegQueryValueExW
EncryptFileW
DecryptFileW
GetSecurityDescriptorOwner
SetFileSecurityW
GetFileSecurityW
SetThreadToken
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
DuplicateTokenEx
RegOpenKeyExA
RegQueryValueExA
RegEnumValueW
RegQueryInfoKeyA
RegSetKeySecurity
SetSecurityInfo
InitiateSystemShutdownA
ChangeServiceConfig2W
ControlService
EnumDependentServicesW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatus
StartServiceW
GetTokenInformation
IsValidSid
AllocateAndInitializeSid
FreeSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount

kernel32

GetModuleHandleW
CreateMutexW
ExpandEnvironmentStringsW
GetFileSize
WriteFile
ReadFile
CloseHandle
CreateFileW
RemoveDirectoryW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
MultiByteToWideChar
SetErrorMode
GetVersion
LocalFree
FormatMessageA
FormatMessageW
GetModuleHandleA
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
WaitForSingleObject
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
InitializeCriticalSection
GlobalMemoryStatus
GlobalMemoryStatusEx
GetCurrentProcessId
GetSystemInfo
LoadLibraryA
CopyFileW
GetCurrentDirectoryW
SuspendThread
ResumeThread
DuplicateHandle
GetFileAttributesW
GetExitCodeProcess
GetWindowsDirectoryW
LoadLibraryW
GetTempPathW
DeleteFileW
MoveFileExW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersionExA
GetStdHandle
WriteConsoleW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetThreadLocale
GetLogicalDrives
FindClose
GetDriveTypeA
GetProcessWorkingSetSize
SetProcessWorkingSetSize
LockFileEx
UnlockFileEx
FlushFileBuffers
DeviceIoControl
SetEndOfFile
SetFilePointer
SetFileTime
GetFileInformationByHandle
GetDriveTypeW
GetFileType
GetDiskFreeSpaceExW
CreateDirectoryW
SetFileAttributesW
GetCompressedFileSizeW
FindFirstFileW
FindNextFileW
MoveFileW
CreateHardLinkW
GetVolumeInformationW
FindFirstChangeNotificationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
CompareStringW
FindNextChangeNotification
FindCloseChangeNotification
ExitThread
FindResourceExW
EnumResourceNamesW
EnumResourceLanguagesW
QueryDosDeviceA
GetSystemDefaultLangID
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetFileTime
BackupRead
BackupSeek
BackupWrite
GetFileAttributesExW
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetTickCount
GetLogicalProcessorInformation
GetSystemDefaultUILanguage
GetModuleFileNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateThread
OutputDebugStringA
HeapSize
FindResourceW
CreateDirectoryA
GetFileAttributesA
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
GetTempFileNameW
GetShortPathNameW
GetUserDefaultLCID
GetEnvironmentVariableW
GetSystemDirectoryW
CreateMutexA
GetLocaleInfoA
GetUserDefaultUILanguage
DeleteFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
HeapValidate
HeapCreate
WideCharToMultiByte
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
UnmapViewOfFile
MapViewOfFile
HeapCompact
GetFullPathNameA
GetFullPathNameW
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VerSetConditionMask
DefineDosDeviceW
VerifyVersionInfoW
UnhandledExceptionFilter
PeekNamedPipe
FileTimeToSystemTime
GetConsoleMode
ReadConsoleW
ExitProcess
GetModuleHandleExW
GetEnvironmentStringsW
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
ReadConsoleInputA
SetUnhandledExceptionFilter
CreateEventW
CreateSemaphoreW
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetStringTypeW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
SignalObjectAndWait
SwitchToThread
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
CreateTimerQueue
VirtualAlloc
VirtualFree
VirtualProtect
GetThreadTimes
FreeLibraryAndExitThread
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableA
lstrlenA
LCMapStringA
CreateSemaphoreA
DebugBreak
SleepEx
MoveFileExA
GetEnvironmentVariableA
InterlockedExchange
LoadLibraryExA
SizeofResource
LoadResource
LockResource
MulDiv
Sleep
GetVersionExW
GetStartupInfoW
CreateProcessW
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
SetConsoleMode
SetEnvironmentVariableW
FlushConsoleInputBuffer
GetProcessHeap
DecodePointer
SetStdHandle
SetFilePointerEx
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
EncodePointer
CreateFileA
GetCommandLineW
FreeEnvironmentStringsW
GetDiskFreeSpaceW
LocalAlloc

user32

DialogBoxParamW
SetWindowPos
GetActiveWindow
SetCapture
SendMessageW
EndDialog
IsWindowVisible
UnregisterClassW
PostMessageW
ShowWindow
ReleaseCapture
SetTimer
KillTimer
UpdateWindow
SwitchToThisWindow
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetWindowRect
GetWindowLongW
SetWindowLongW
GetDesktopWindow
FillRect
GetDC
ReleaseDC
GetUserObjectInformationW
MessageBoxA
DefWindowProcW
wvsprintfW
wsprintfW
GetUserObjectInformationA
GetProcessWindowStation
SendNotifyMessageW
GetWindowThreadProcessId
GetShellWindow
FindWindowA
PostMessageA
CreateWindowExA
RegisterClassExA
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
CharUpperBuffW
IsCharAlphaNumericW
RegisterClassExW
EnableWindow
CallWindowProcW
GetWindowTextLengthW
GetWindowTextW
GetParent
SetCursor
GetClassInfoExW
IsWindowEnabled
MessageBoxW
CharNextW
LoadImageW
LoadIconW
LoadCursorW
GetSystemMetrics
IsIconic
UpdateLayeredWindow
DestroyWindow
CreateWindowExW

gdi32

TextOutW
GetObjectW
GetStockObject
GetTextExtentPoint32W
DPtoLP
GetDeviceCaps
CreateFontIndirectW
SetViewportOrgEx
SetTextColor
SetBkMode
SelectObject
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

comctl32

InitCommonControlsEx

ws2_32

ioctlsocket
htonl
htons
inet_addr
getsockopt
getsockname
getpeername
recv
sendto
socket
WSAGetLastError
connect
bind
WSACleanup
WSAStartup
getservbyname
closesocket
ntohs
setsockopt
WSASetLastError
WSAIoctl
WSASend
accept
listen
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
gethostname
ntohl
shutdown
WSARecv
gethostbyname
send

shell32

ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
ord68
SHGetFolderPathW
SHGetSpecialFolderPathW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection3W
WNetGetUniversalNameW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree

oleaut32

SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SysAllocString
VarBstrCat
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
VariantChangeType
VariantClear
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString

rpcrt4

RpcStringFreeA
RpcRaiseException
NdrPointerMarshall
NdrPointerUnmarshall
NdrPointerBufferSize
NdrConvert
NdrClientInitializeNew
NdrServerInitializeNew
NdrGetBuffer
NdrSendReceive
NdrFreeBuffer
NdrFullPointerXlatInit
NdrFullPointerXlatFree
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcBindingFree
UuidFromStringA
UuidToStringA
UuidCreate

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

PathAppendW
PathAddBackslashW

powrprof

CallNtPowerInformation

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

GCAddLink
GCAddMember
GCAddObject
GCAddObjectDebug
GCAttach
GCCaptureHook
GCCleanup
GCConstructorHook
GCCreateEvent
GCDestructorHook
GCDetach
GCMemberRefAlloc
GCMemberRefFree
GCRefObjectAlloc
GCRefObjectAllocDebug
GCRefObjectFree
GCRefObjectFreeDebug
GCReleaseEvent
GCReleaseHook
GCReleaseLink
GCReleaseMember
GCReleaseObject
GCResetLink
GCResetMember
GCResolveMember
GCReuseObject
GCShowBlocks
GCTrace

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 243KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 503KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

388eeb3b4c9ca1b7f664736a8a74e42a

Code Sign

01:86:6c:08:fa:8c:7b:1a:79:e1:c3:1a:d6:78:46:9aCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

2c:75:98:b1:d3:7f:b9:57:c7:55:76:9d:ee:f2:ae:8f:8d:a9:1d:5c:14:e6:76:77:d1:b2:6c:20:b0:13:72:a5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

msi

advapi32

kernel32

user32

gdi32

comctl32

ws2_32

shell32

comdlg32

mpr

ole32

oleaut32

rpcrt4

version

shlwapi

powrprof

crypt32

userenv

Exports

Exports

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 243KB - Virtual size: 404KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 503KB - Virtual size: 502KB

.reloc Size: 271KB - Virtual size: 270KB

01:86:6c:08:fa:8c:7b:1a:79:e1:c3:1a:d6:78:46:9a
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

2c:75:98:b1:d3:7f:b9:57:c7:55:76:9d:ee:f2:ae:8f:8d:a9:1d:5c:14:e6:76:77:d1:b2:6c:20:b0:13:72:a5
Signer

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 243KB - Virtual size: 404KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 503KB - Virtual size: 502KB

.reloc
Size: 271KB - Virtual size: 270KB