2024-06-29_4326883d65648aa49da7900980593f8e_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-29_4326883d65648aa49da7900980593f8e_bkransomware
Size

2.4MB
MD5

4326883d65648aa49da7900980593f8e
SHA1

0227372580bb82ff0ce20263968767ec849d4b7c
SHA256

d8c43df03e943d37211a0aacddb843967efee3f4b6d8e20325667a6abeed2e79
SHA512

d848c8dd2c0c095232d08084dca8892df63a9c3da7f738996839d43622413ea5c9a800c22a5f2cc5761771e3fbd2f34de05cf265abca9cf228ad8d9c26ae5f02
SSDEEP

49152:rmQ+OhaHZKdbYyMADeOVU5Mm1av1rtPjCGLgiLi5f9AB84D+eFKC8/Y9Xqbf7YJ6:KHOhaHZKdbYhOV3W9ABVD+eFKC8/Eqbc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-29_4326883d65648aa49da7900980593f8e_bkransomware

Files

2024-06-29_4326883d65648aa49da7900980593f8e_bkransomware
.exe windows:5 windows x86 arch:x86

d7c5909f10fefe2cd5b9a50d544cf314

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\vim\src\vim.pdb

Imports

kernel32

GetModuleHandleA
GetCurrentProcessId
LocalFree
GlobalSize
GlobalAlloc
GlobalFree
GetFullPathNameW
GetCommandLineW
GetComputerNameA
GetFullPathNameA
GetTempFileNameW
FillConsoleOutputCharacterA
SearchPathW
WriteConsoleOutputCharacterW
WriteConsoleOutputCharacterA
SetErrorMode
CreateProcessW
SetConsoleTextAttribute
GetNumberOfConsoleMouseButtons
GetCurrentProcess
ReadConsoleOutputAttribute
Process32First
SetHandleInformation
WaitForSingleObject
SetConsoleScreenBufferSize
GetComputerNameW
BackupSeek
GenerateConsoleCtrlEvent
ReadConsoleOutputA
WriteFile
OpenProcess
GetConsoleMode
AssignProcessToJobObject
FreeConsole
GetConsoleWindow
WriteConsoleOutputA
GetFileAttributesA
GetExitCodeProcess
SetConsoleMode
SetConsoleCursorPosition
GetFileAttributesW
CreateProcessA
TerminateProcess
CreateJobObjectA
GetLargestConsoleWindowSize
SetCurrentDirectoryA
SetConsoleTitleW
GetCurrentDirectoryW
BackupRead
AttachConsole
PeekConsoleInputW
MoveFileW
SearchPathA
SetFileAttributesA
LoadLibraryA
Process32Next
GetProcessId
GetConsoleScreenBufferInfo
GetFileType
MoveFileA
SetConsoleCtrlHandler
GlobalMemoryStatusEx
SetCurrentDirectoryW
SetConsoleWindowInfo
WaitForMultipleObjects
CreatePipe
GetModuleFileNameA
SetConsoleCursorInfo
GetConsoleTitleW
FillConsoleOutputAttribute
GetCurrentDirectoryA
CreateToolhelp32Snapshot
GetConsoleCursorInfo
WriteConsoleOutputAttribute
ScrollConsoleScreenBufferA
GetVersionExA
ReadConsoleInputW
TerminateJobObject
CloseHandle
DeleteFileW
GetFileInformationByHandle
ResumeThread
SetFileAttributesW
GetStartupInfoA
PeekNamedPipe
ReadFile
GetSystemInfo
GlobalUnlock
SetConsoleTitleA
CreateFileW
MulDiv
Sleep
FormatMessageA
GetConsoleTitleA
IsBadReadPtr
GlobalLock
VirtualQuery
CreateFileA
OutputDebugStringW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetLocaleInfoA
FindNextFileW
FindNextFileA
FindClose
FindFirstFileA
GetTickCount
FindFirstFileW
IsValidCodePage
GetProcAddress
IsDBCSLeadByteEx
GetShortPathNameA
GetLastError
GetACP
FreeLibrary
GetCPInfo
DeleteFileA
GetTempPathA
GetTempFileNameA
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
QueryPerformanceCounter
GetLongPathNameA
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
WriteConsoleW
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEndOfFile
MoveFileExW
HeapSize
LoadLibraryExW
FlushFileBuffers
GetTimeZoneInformation
GetModuleFileNameW
GetProcessHeap
FatalAppExitA
CreateSemaphoreW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
GetCurrentThread
SetLastError
GetOEMCP
GetStartupInfoW
DeleteCriticalSection
SetEnvironmentVariableA
DuplicateHandle
ReadConsoleW
GetCommandLineA
GetStringTypeW
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesExW
GetModuleHandleW
SetStdHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
SetEnvironmentVariableW
VirtualProtect
VirtualAlloc
AreFileApisANSI
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
SetFilePointerEx
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
HeapFree
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException

advapi32

OpenProcessToken
GetNamedSecurityInfoA
AdjustTokenPrivileges
SetNamedSecurityInfoA
GetUserNameW
GetAclInformation
LookupPrivilegeValueA
SetNamedSecurityInfoW
GetAce
GetNamedSecurityInfoW
GetUserNameA

shell32

ExtractIconA
ShellExecuteW
CommandLineToArgvW
ShellExecuteA

gdi32

SelectObject
StartDocA
EnumFontFamiliesA
DeleteObject
GetTextMetricsA
SetTextAlign
TextOutW
EndDoc
TextOutA
SetBkMode
CreateDCA
SetBkColor
CreateFontIndirectA
GetDeviceCaps
DeleteDC
SetTextColor
StartPage
GetTextExtentPoint32W
EndPage
GetNearestColor
SetAbortProc

comdlg32

CommDlgExtendedError
PrintDlgA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

user32

MapVirtualKeyA
DispatchMessageW
RegisterClassA
CopyRect
SetDlgItemTextA
GetDlgItemTextA
FindWindowA
MessageBeep
GetSystemMetrics
ToUnicode
CloseClipboard
IsClipboardFormatAvailable
RegisterClipboardFormatA
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
DestroyWindow
GetClassNameA
GetSystemMenu
GetWindowRect
CreateDialogParamA
SendDlgItemMessageA
GetWindowDC
MsgWaitForMultipleObjects
SetForegroundWindow
GetParent
wsprintfA
SendMessageA
EnumWindows
TranslateMessage
SetDlgItemInt
IsDialogMessageW
OffsetRect
GetWindowTextA
CharUpperBuffA
BringWindowToTop
PeekMessageW
CreateWindowExA
ReleaseDC
EnableMenuItem
DefWindowProcA
CharLowerBuffA
GetDesktopWindow
SetWindowPos
IsWindow
SystemParametersInfoA
SetWindowTextA
LoadImageA
SetDlgItemTextW
EnableWindow

wsock32

WSAStartup
send
gethostbyname
closesocket
__WSAFDIsSet
socket
recv
select
WSAGetLastError
connect
inet_ntoa
htons

Exports

Exports

boot_VIM

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 241KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7c5909f10fefe2cd5b9a50d544cf314

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

gdi32

comdlg32

ole32

user32

wsock32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 241KB - Virtual size: 292KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 145KB - Virtual size: 145KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 241KB - Virtual size: 292KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 145KB - Virtual size: 145KB