2024-07-04_a84cae939f13abe4a4af90b9e75b0ae2_bkransomware_vidar

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-04_a84cae939f13abe4a4af90b9e75b0ae2_bkransomware_vidar
Size

3.0MB
MD5

a84cae939f13abe4a4af90b9e75b0ae2
SHA1

5540e8f93fb8d31c32c503a8b39fa5526d8c7987
SHA256

aedcd3fefda07783c79f6f14a8fbb739d2bcf1ee6ef745d8ed1009d89ef61797
SHA512

d60279e0ff4287bbbcde240a3f75622b77225efbe243c0aeb3aa6a25e5fef6622fea14e2d8b704d92d0c2c2aaf6a64bbf1c121c5fe9cdb01470735038dcf9dce
SSDEEP

49152:crHL2/q8+nz17RbXBGAaqkFLCVlKMdPngMaSiGGTBHfkOToCoeoo:crHq+nRlbXoJqAclKMdPn2GGTBHfkOT2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-04_a84cae939f13abe4a4af90b9e75b0ae2_bkransomware_vidar

Files

2024-07-04_a84cae939f13abe4a4af90b9e75b0ae2_bkransomware_vidar
.exe windows:5 windows x86 arch:x86

a473b3170280430d69d1f06fc2e01702

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\trunk\Cameyo\Release\Packager.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetSetOptionW
HttpQueryInfoW
InternetCloseHandle

kernel32

RtlUnwind
HeapQueryInformation
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
VirtualQuery
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesW
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
VirtualAlloc
GetModuleHandleExW
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
HeapDestroy
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
GetFileSize
SetFilePointer
SetEndOfFile
FindResourceW
LoadResource
FindFirstFileExW
OutputDebugStringW
WideCharToMultiByte
CopyFileW
SizeofResource
CreateFileW
FindClose
CreateFileMappingW
LockResource
GetCurrentThreadId
CloseHandle
DeleteFileW
GetSystemTime
SetFileAttributesW
MultiByteToWideChar
CreateDirectoryW
GetTickCount
FileTimeToSystemTime
GetCurrentProcessId
ExitThread
GetUserDefaultLCID
SearchPathW
GetProfileIntW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
SetErrorMode
GetFileTime
FileTimeToLocalFileTime
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsAlloc
GlobalGetAtomNameW
GlobalFlags
lstrcmpiW
DuplicateHandle
GetVolumeInformationW
SetThreadPriority
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
GlobalSize
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
GetModuleHandleA
EncodePointer
CompareFileTime
DeleteFileA
AreFileApisANSI
GetTempPathA
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetDiskFreeSpaceA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapValidate
HeapCreate
GetFileAttributesA
ExitProcess
FormatMessageW
GetSystemTimeAsFileTime
UnlockFileEx
WriteFile
GetFileAttributesW
MoveFileW
RemoveDirectoryW
LockFile
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
SetFilePointerEx
CreateFileA
GetFullPathNameA
GetFullPathNameW
QueryDosDeviceW
GetLogicalDrives
VirtualProtect
GetWindowsDirectoryW
LocalFileTimeToFileTime
GetCurrentDirectoryW
FindResourceExW
GetFileSizeEx
FlushViewOfFile
TlsGetValue
ExpandEnvironmentStringsW
UpdateResourceW
SetNamedPipeHandleState
GetSystemInfo
LocalAlloc
GetCommandLineW
GetLocalTime
EnterCriticalSection
GetLongPathNameW
GetTempPathW
GetModuleFileNameW
GetExitCodeProcess
LeaveCriticalSection
GetVersionExW
LoadLibraryW
GetSystemDirectoryW
InitializeCriticalSection
WaitNamedPipeW
FormatMessageA
GetComputerNameW
SystemTimeToFileTime
GetEnvironmentVariableW
FlushFileBuffers
UnmapViewOfFile
MapViewOfFile
FreeEnvironmentStringsW
SetFileTime
GetEnvironmentStringsW
SetEnvironmentVariableW
GetDriveTypeW
ReleaseMutex
FindNextFileW
BeginUpdateResourceW
GetProcAddress
OpenMutexW
ReadFile
TerminateProcess
OpenProcess
WaitForSingleObjectEx
GetCurrentProcess
EndUpdateResourceW
LoadLibraryExW
FreeLibrary
FindFirstFileW
CreateMutexW
EnumResourceNamesW
FreeResource
ResumeThread
ResetEvent
GlobalUnlock
MulDiv
GlobalAlloc
GlobalLock
CreateThread
LocalFree
OpenFileMappingW
SetCurrentDirectoryW
CreateEventW
GlobalFree
SetLastError
Sleep
GetModuleHandleW
SetEvent
WaitForSingleObject
CreateProcessW

user32

SetCursorPos
CopyAcceleratorTableW
DestroyAcceleratorTable
GetKeyboardState
ToUnicodeEx
SetParent
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
PostThreadMessageW
GetSystemMenu
IsZoomed
GetComboBoxInfo
TrackMouseEvent
GetKeyNameTextW
MonitorFromPoint
UpdateLayeredWindow
IsMenu
UnionRect
SetWindowRgn
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
MessageBeep
GetIconInfo
DrawIconEx
LoadImageW
IsRectEmpty
OffsetRect
SetRectEmpty
DrawFocusRect
GetNextDlgGroupItem
WindowFromPoint
ReleaseCapture
SetCapture
KillTimer
SetTimer
DeleteMenu
CopyImage
GetMenuItemInfoW
DestroyMenu
IntersectRect
InflateRect
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
CharUpperW
GetCursorPos
SetCursor
ShowOwnedPopups
PostQuitMessage
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SendDlgItemMessageA
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
LockWindowUpdate
CheckDlgButton
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
MapWindowPoints
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetSubMenu
LoadMenuW
ScreenToClient
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
SendInput
wvsprintfW
SetForegroundWindow
IsWindowVisible
PrintWindow
DestroyIcon
EndPaint
ClientToScreen
BeginPaint
AdjustWindowRectEx
GetDlgCtrlID
MoveWindow
SetClassLongW
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
FrameRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
GetDesktopWindow
CreateMenu
MapDialogRect
DestroyCursor
GetWindowRgn
GetTopWindow
EnumWindows
GetWindow
wsprintfW
FillRect
GetDC
SetRect
ReleaseDC
GetSysColor
CopyRect
GetMessageW
FindWindowW
UnhookWinEvent
ExitWindowsEx
WaitMessage
TranslateMessage
SetWinEventHook
GetWindowTextW
PeekMessageW
GetClassNameW
ShowWindow
IsWindow
GetWindowThreadProcessId
DispatchMessageW
MessageBoxW
IsIconic
PostMessageW
DrawIcon
GetClientRect
LoadIconW
SystemParametersInfoW
SetWindowPos
GetSystemMetrics
SendMessageW
GetWindowRect
UnregisterClassW
GetParent
InvalidateRect
UpdateWindow
EnableWindow
RemoveMenu
CreateAcceleratorTableW

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
CreateDCW
CombineRgn
CreateFontIndirectW
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
SetDIBColorTable
CreateEllipticRgn
Ellipse
MoveToEx
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
GetTextColor
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
GetDIBits
GetObjectW
CreateFontW
GetTextExtentPointA
GetTextMetricsA
BitBlt
GetStockObject
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
CreateDIBSection
DeleteDC
GetDeviceCaps

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegQueryValueW
IsTextUnicode
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSaveKeyExW
ConvertSidToStringSidW
GetSecurityInfo
RegSetValueExA
GetSidIdentifierAuthority
RegCreateKeyExW
AdjustTokenPrivileges
RegEnumKeyExW
GetLengthSid
RegSetKeySecurity
FreeSid
SetEntriesInAclW
SetSecurityDescriptorOwner
AllocateAndInitializeSid
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegEnumKeyW
GetTokenInformation
GetUserNameW
GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegCreateKeyW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW

shell32

DragFinish
ShellExecuteExW
CommandLineToArgvW
ExtractAssociatedIconW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHAppBarMessage
SHBrowseForFolderW
SHChangeNotify
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

SHDeleteKeyW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

GetWindowTheme
GetThemeSysColor
GetThemePartSize
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
DrawThemeText

ole32

CoInitializeEx
CoDisconnectObject
CoInitialize
CoCreateInstance
CoUninitialize
DoDragDrop
OleDuplicateData
GetHGlobalFromStream
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
StringFromCLSID
CreateStreamOnHGlobal
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium

oleaut32

OleCreatePictureIndirect
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
SysStringLen
SystemTimeToVariantTime
VarBstrFromDate
VariantCopy
LoadTypeLi
VariantTimeToSystemTime
SysAllocString
OleLoadPicture
SysFreeString

crypt32

CryptProtectData
CryptUnprotectData

gdiplus

GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdiplusStartup
GdipCloneImage
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncodersSize
GdipAlloc
GdipCreateBitmapFromScan0
GdipFree
GdiplusShutdown
GdipSetInterpolationMode
GdipDrawImageRectI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

msi

ord173
ord217

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 522KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a473b3170280430d69d1f06fc2e01702

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wininet

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

crypt32

gdiplus

oleacc

imm32

winmm

msi

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 522KB - Virtual size: 521KB

.data Size: 30KB - Virtual size: 64KB

.rsrc Size: 178KB - Virtual size: 178KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 522KB - Virtual size: 521KB

.data
Size: 30KB - Virtual size: 64KB

.rsrc
Size: 178KB - Virtual size: 178KB