2024-06-30_cfe3862ebe8ac1c7c12c577c4cabb71e_bkransomware

General

Target

2024-06-30_cfe3862ebe8ac1c7c12c577c4cabb71e_bkransomware
Size

647KB
MD5

cfe3862ebe8ac1c7c12c577c4cabb71e
SHA1

8b1fa8eaa8b1bcbebf3a4e2bb5d852a0e6dee5eb
SHA256

f8d8f6d9c186aebf0f62c8daaf24c94b1a258a8b9c5a8999b6c8761643b1028c
SHA512

269cd928517f03590168a6b5298b537b3831fc1fea80b599ada6815750a43371630d0a7731b35dbceae6027c032edfb4e71dd7cfcb9f2fa8d5fccb1013c73672
SSDEEP

12288:w70a50DudXezE09Si/ckGHt6pshsPSGkYl2XIQCb+Lk1TWbPXQnAN5L:HgXe4i7ojhsP5Lgrk1TWb4AN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-30_cfe3862ebe8ac1c7c12c577c4cabb71e_bkransomware

Files

2024-06-30_cfe3862ebe8ac1c7c12c577c4cabb71e_bkransomware
.exe windows:5 windows x86 arch:x86

d501f2751c2e9bb69c98f00278004f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA

kernel32

GetCurrentProcessId
HeapSize
InterlockedIncrement
WaitForSingleObject
ExpandEnvironmentStringsA
InitializeCriticalSection
LeaveCriticalSection
CreateProcessA
EnterCriticalSection
GetSystemInfo
WaitForMultipleObjects
SetEnvironmentVariableA
GetModuleFileNameA
DeleteCriticalSection
CloseHandle
CreateThread
GetLastError
HeapFree
GetCommandLineA
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
RtlUnwind
ReadFile
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
HeapAlloc
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
WideCharToMultiByte
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
SetEndOfFile
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
LCMapStringW
HeapReAlloc
CreateFileW
WriteConsoleW

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d501f2751c2e9bb69c98f00278004f67

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 572KB - Virtual size: 576KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 572KB - Virtual size: 576KB