2024-08-02_28b09e841121881401222a0b9d40ad7d_bkransomware_hijackloader_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-02_28b09e841121881401222a0b9d40ad7d_bkransomware_hijackloader_revil
Size

4.4MB
MD5

28b09e841121881401222a0b9d40ad7d
SHA1

3d2f400297cc3ea358163126d3f25e57a046c4d6
SHA256

3b13296be8fe3983a6cac466231d721641ed45686b0d9550fe785f97c913b6d1
SHA512

6a2d4f929a376b8931b697ba6af0475a9a7e0f1c05ef147c9f71446b6750d9f6a89593b1149029f50acb9395e39c9a9220631d442fc0271e46df1aae3fb9a740
SSDEEP

98304:Lr9427aT/oc2+rYsnMQJMhUjRdZym+FX0:aX2+r/MQJZRbyX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-02_28b09e841121881401222a0b9d40ad7d_bkransomware_hijackloader_revil

Files

2024-08-02_28b09e841121881401222a0b9d40ad7d_bkransomware_hijackloader_revil
.exe windows:6 windows x86 arch:x86

12f273eea63c9ac95308781a4a77d9f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Orchestra\std\17.0\bld\src\test\Win32\Release\driver_web_installer.pdb

Imports

kernel32

FindClose
SetFilePointerEx
SwitchToThread
Sleep
GetSystemTimeAsFileTime
GetModuleFileNameW
GetCurrentDirectoryW
GetNativeSystemInfo
VerSetConditionMask
GetCurrentThread
GetLocaleInfoW
GetVersionExW
GetTimeZoneInformation
CreateFileW
GetUserDefaultUILanguage
FindResourceW
LoadResource
SizeofResource
LockResource
lstrlenA
GetUserDefaultLCID
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
FindFirstFileW
SystemTimeToFileTime
SetFileTime
CopyFileW
FileTimeToSystemTime
ReadFile
RemoveDirectoryW
FindNextFileW
DeleteFileW
FreeLibrary
LoadLibraryExW
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetCPInfo
GetCommandLineA
HeapReAlloc
RaiseException
CreateTimerQueue
IsProcessorFeaturePresent
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
VirtualAlloc
VirtualProtect
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
GetStartupInfoW
CreateSemaphoreW
ExitThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
IsDebuggerPresent
GetProcessHeap
GetStdHandle
HeapSize
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
VirtualFree
GetThreadTimes
FreeLibraryAndExitThread
InitializeSListHead
UnregisterWaitEx
IsValidCodePage
GetACP
GetOEMCP
LoadLibraryW
SetConsoleCtrlHandler
ReadConsoleW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
DeviceIoControl
VirtualQuery
OutputDebugStringW
InitializeCriticalSection
TlsSetValue
FormatMessageW
LeaveCriticalSection
GetLastError
DuplicateHandle
SetEndOfFile
EnterCriticalSection
GetProcAddress
SetLastError
GetFileSizeEx
GetModuleHandleA
WriteFile
ReleaseSemaphore
GetSystemInfo
FormatMessageA
GetTickCount
SetFileAttributesW
CreateDirectoryW
LocalFree
GetCurrentProcessId
LocalAlloc
TerminateProcess
OpenProcess
GetCurrentProcess
CreateProcessW
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetSystemDirectoryW
GetModuleHandleW
GetCurrentThreadId
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
GetLocalTime
FileTimeToLocalFileTime
lstrcpynW
lstrcmpW
GetVersion
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
SwitchToFiber
DeleteFiber
CreateFiber
InterlockedCompareExchange
InterlockedExchangeAdd
SetConsoleMode
ReadConsoleA
GetEnvironmentVariableW
VerifyVersionInfoA
WaitForMultipleObjects
PeekNamedPipe
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
LoadLibraryA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
InitializeCriticalSectionEx
DeleteCriticalSection
TlsAlloc
TlsFree
GlobalFree
TlsGetValue

user32

MessageBoxW
SendMessageW
GetDC
EndDialog
GetUserObjectInformationW
GetProcessWindowStation
ShowWindow
LoadCursorW
SetTimer
GetClientRect
EnableWindow
DefWindowProcW
CallWindowProcW
GetWindowTextLengthW
GetWindowTextW
EndPaint
GetWindowRect
IsMenu
LoadImageW
PostMessageW
DialogBoxIndirectParamW
ReleaseDC
SetWindowTextW
MapWindowPoints
SetDlgItemTextW
GetSystemMetrics
DestroyWindow
TranslateAcceleratorW
GetMessageW
UnregisterClassW
GetParent
GetClassInfoW
UnhookWindowsHookEx
SetWindowsHookExW
CreateWindowExW
WindowFromDC
CreateDialogParamW
EnumChildWindows
SetWindowPos
GetDesktopWindow
SetWindowLongW
GetDlgItem
GetClassNameW
SystemParametersInfoW
GetWindowLongW
InvalidateRect
IntersectRect
CreateDialogIndirectParamW
IsDialogMessageW
GetUpdateRect
BeginPaint
CallNextHookEx
PostQuitMessage
DispatchMessageW
DestroyMenu
RegisterClassW
IsWindow
PeekMessageW
TranslateMessage
DialogBoxParamW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdi32

BitBlt
SetBkColor
CreateBitmap
DeleteObject
GetObjectW
DeleteDC
SaveDC
GetStockObject
RestoreDC
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
LookupAccountSidW
CopySid
SetNamedSecurityInfoW
BuildTrusteeWithSidW
InitializeAcl
AllocateAndInitializeSid
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptReleaseContext
CryptSetKeyParam
CryptDeriveKey
CryptAcquireContextW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
SetEntriesInAclW
FreeSid
AddAce
GetLengthSid
InitializeSecurityDescriptor
CreateWellKnownSid
RegCloseKey
GetSecurityDescriptorDacl
EqualSid
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountNameW
GetUserNameW
OpenThreadToken

shell32

SHGetFolderPathW

comctl32

ord17

winhttp

WinHttpCloseHandle
WinHttpCrackUrl
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser

bcrypt

BCryptGenRandom

wldap32

ord143
ord217
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord301
ord200

ws2_32

WSAEventSelect
WSAEnumNetworkEvents
WSAResetEvent
WSACloseEvent
WSASetEvent
WSAWaitForMultipleEvents
closesocket
shutdown
getnameinfo
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
WSACreateEvent
send

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 675KB - Virtual size: 674KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12f273eea63c9ac95308781a4a77d9f8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

version

gdi32

advapi32

shell32

comctl32

winhttp

bcrypt

wldap32

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 687KB - Virtual size: 686KB

.data Size: 85KB - Virtual size: 121KB

.rsrc Size: 675KB - Virtual size: 674KB

.reloc Size: 147KB - Virtual size: 147KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 687KB - Virtual size: 686KB

.data
Size: 85KB - Virtual size: 121KB

.rsrc
Size: 675KB - Virtual size: 674KB

.reloc
Size: 147KB - Virtual size: 147KB

.zero
Size: 4KB - Virtual size: 3KB