2024-06-29_ea2416b99034e93951bd0a4a03d1b186_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-29_ea2416b99034e93951bd0a4a03d1b186_bkransomware
Size

8.2MB
MD5

ea2416b99034e93951bd0a4a03d1b186
SHA1

2c321bd8d7e6d1c1cd7ea715f443de9f1b4734b6
SHA256

7d377a253d4a9f305e728b31ba6588d3dc5c6f39bc5b07d3b5dac7124b723b45
SHA512

3fd1bfbb492fe6c8a0463420703354332605c0536f5a633d7039374378347f933de376a3a6f149c99d3aa6c764b5f1e15bcb8492a4c772c37b9e4c879d8300c8
SSDEEP

196608:vouHSSL6/1swK/UBpfpZMDJJtqxO5OG7Em/xyqyM/:vouHp2NsFcjZ2v4sTYm/xsM/

Score

1^/10

Malware Config

Signatures

Files

2024-06-29_ea2416b99034e93951bd0a4a03d1b186_bkransomware
.exe windows:5 windows x86 arch:x86

b75544ebdb554c1d2cab767e4433a329

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:9a:c7:2e:44:60:cf:4f:cf:20:97:e0:6f:a2:7d:6c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

24/06/2017, 23:59

Subject

CN=北京贞观雨科技有限公司,O=北京贞观雨科技有限公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:04:04:f5:3e:06:84:0b:e9:b8:21:04:bd:53:6b:ed:2a:bf:c7:9e
Signer

Actual PE Digest

10:04:04:f5:3e:06:84:0b:e9:b8:21:04:bd:53:6b:ed:2a:bf:c7:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace\tutor\win\pdb\TutorSetup.pdb

Imports

kernel32

SetFileTime
GetTempPathW
GetSystemDirectoryW
GetWindowsDirectoryW
lstrlenW
MoveFileW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
GetFileInformationByHandle
GetFileSize
SetEndOfFile
SetFilePointer
CompareFileTime
FileTimeToSystemTime
GetProcAddress
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetCurrentThreadId
FlushInstructionCache
GetFileAttributesW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetVersion
GetVersionExW
GetModuleHandleA
GetModuleHandleW
MoveFileExW
VerSetConditionMask
GetTickCount
VerifyVersionInfoW
GetLocalTime
Sleep
GetDiskFreeSpaceExW
GetDriveTypeW
CreateMutexW
lstrcmpiW
FreeResource
GlobalAlloc
GlobalFree
WritePrivateProfileStringW
SetFileAttributesW
RemoveDirectoryW
GetTempFileNameW
GetShortPathNameW
WriteConsoleW
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
FatalAppExitA
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
CreateSemaphoreW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetFileType
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCurrentThread
ExitThread
CreateThread
RtlUnwind
EncodePointer
GetCommandLineW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetFullPathNameW
DeleteFileW
CreateFileW
CreateDirectoryW
SearchPathW
GetCurrentDirectoryW
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
WriteFile
ReadFile
GetStdHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
LocalFree
DecodePointer

user32

BeginPaint
EndPaint
InvalidateRect
GetClientRect
CreateWindowExW
LoadCursorW
DrawEdge
DrawFrameControl
GetMessageW
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
CharNextW
wsprintfW
MoveWindow
GetClassInfoExW
RegisterClassExW
CharToOemW
CharUpperW
UnregisterClassW
SetWindowLongW
GetParent
FrameRect
ChildWindowFromPoint
MapWindowPoints
ScreenToClient
MessageBoxW
RedrawWindow
SetForegroundWindow
SetFocus
PostQuitMessage
SystemParametersInfoW
IsDialogMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
PostMessageW
PostThreadMessageW
DefWindowProcW
CallWindowProcW
IsWindow
GetWindowRgn
GetWindowLongW
PtInRect
OffsetRect
InflateRect
CopyRect
FillRect
DrawFocusRect
GetSysColor
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetDC
UpdateWindow
DrawTextW
GetMenu
GetSystemMetrics
IsWindowEnabled
EnableWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetDlgCtrlID
GetDlgItem
CreateDialogParamW
SetWindowPos
ShowWindow
DestroyWindow

gdi32

CreateSolidBrush
DeleteObject
GetCurrentObject
PtInRegion
SelectObject
SetTextColor
CreateFontIndirectW
CreateRectRgn
CreateFontW
DeleteDC
SetBkMode
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
CreateDIBSection
GetObjectW
CreateBrushIndirect
SetBkColor
GetTextMetricsW

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
GetUserNameW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ord165
ShellExecuteExW
SHBrowseForFolderW

ole32

CoInitializeEx
CoUninitialize
CoCreateGuid
CoInitializeSecurity
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize

oleaut32

VariantCopy
SysAllocStringByteLen
VariantInit
VarUI4FromStr
CreateErrorInfo
SysFreeString
VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
SysAllocString

gdiplus

GdipFree
GdipCreateBitmapFromStream
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipDisposeImage
GdipAlloc

shlwapi

StrStrIW
PathStripPathW
PathIsRootW
StrCmpW
SHSetValueW
SHDeleteKeyW
PathAppendW
ord176
SHGetValueW
PathRemoveFileSpecW
PathRemoveBackslashW
PathCombineW
PathFileExistsW
PathIsPrefixW

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_Add
ImageList_Create
_TrackMouseEvent
ImageList_GetIconSize
ImageList_DrawIndirect
ImageList_Draw

msimg32

AlphaBlend

psapi

GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupIterateCabinetW

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b75544ebdb554c1d2cab767e4433a329

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

09:9a:c7:2e:44:60:cf:4f:cf:20:97:e0:6f:a2:7d:6cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

10:04:04:f5:3e:06:84:0b:e9:b8:21:04:bd:53:6b:ed:2a:bf:c7:9eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

shlwapi

comctl32

msimg32

psapi

version

setupapi

Sections

.text Size: 366KB - Virtual size: 365KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 7.7MB - Virtual size: 7.7MB

.reloc Size: 18KB - Virtual size: 17KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

09:9a:c7:2e:44:60:cf:4f:cf:20:97:e0:6f:a2:7d:6c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

10:04:04:f5:3e:06:84:0b:e9:b8:21:04:bd:53:6b:ed:2a:bf:c7:9e
Signer

.text
Size: 366KB - Virtual size: 365KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 7.7MB - Virtual size: 7.7MB

.reloc
Size: 18KB - Virtual size: 17KB