2024-08-06_0240eb83b15f7529570dae3f3a8b9319_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-06_0240eb83b15f7529570dae3f3a8b9319_bkransomware
Size

131KB
MD5

0240eb83b15f7529570dae3f3a8b9319
SHA1

aedb73f4df3bb01cfeabf95fefe83de9e42d5916
SHA256

ecf05cdc447df6ddc8c5cbdc2d6ede77c959b4760860a31cfcff6259192c0839
SHA512

1f79d1cb49a9696ea5d547c4e7c7668b8952e3d7ce34d250a3a17fc7f72ce672909758f72d0af458ff13d59aabd84acacacdd245a5655e6807643f31bc3c3628
SSDEEP

3072:WtCpunf2CZJF7ybPm5an9NjedM/gQZZHSFR1xW:2vnOCZH7BAjCM/goZHuo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-06_0240eb83b15f7529570dae3f3a8b9319_bkransomware

Files

2024-08-06_0240eb83b15f7529570dae3f3a8b9319_bkransomware
.exe windows:5 windows x86 arch:x86

a87affeadcc9557b7720b2c69c73510e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ntleas.pdb

Imports

kernel32

CreateProcessW
WideCharToMultiByte
TerminateProcess
lstrlenW
GetLastError
LocalAlloc
CreateMutexA
CloseHandle
LocalFree
GetCommandLineW
ResumeThread
SuspendThread
WriteProcessMemory
GetWindowsDirectoryW
OpenEventW
WaitForDebugEvent
lstrcatW
ContinueDebugEvent
lstrcpyW
ExitProcess
GetThreadContext
FindFirstFileW
SetThreadContext
lstrlenA
MapViewOfFile
UnmapViewOfFile
HeapAlloc
HeapFree
WaitForSingleObject
GetProcessHeap
CreateRemoteThread
LoadLibraryW
Sleep
ReadProcessMemory
CreateEventA
ReadFile
GetModuleFileNameW
CreateFileW
GetBinaryTypeW
FlushInstructionCache
GetCurrentDirectoryW
SetLastError
GetProcAddress
VirtualAllocEx
FindClose
CreateFileMappingA
SetCurrentDirectoryW
GetModuleHandleA
lstrcpyA

user32

GetForegroundWindow
MessageBoxA
wsprintfW

shell32

CommandLineToArgvW
FindExecutableW

shlwapi

AssocQueryStringW

comdlg32

GetOpenFileNameW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a87affeadcc9557b7720b2c69c73510e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

shlwapi

comdlg32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 24B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 300B