2024-08-07_028240b927072b38cc4d4a536ea0c0c8_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-07_028240b927072b38cc4d4a536ea0c0c8_bkransomware
Size

3.1MB
MD5

028240b927072b38cc4d4a536ea0c0c8
SHA1

859e203f43d22379dde90ed4b20db61136694f0e
SHA256

699e30844f7feeaca00b7ba91140fc986b72a08c59cdfb4ab572e59b8c394c33
SHA512

397474295769966a7cbf8659696a3bbac8d19c2672497817a40422afe46b9d179d3cca79c79bd2ea448d30716652d6420b8dd7baebb676e3003f0255b0bbeb9e
SSDEEP

49152:c3HIURss0z2Sp4eUcYoz9W8XAPIgKrpZ8V0xTYGyO53EpM:c4URs5hO8hEpM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-07_028240b927072b38cc4d4a536ea0c0c8_bkransomware

Files

2024-08-07_028240b927072b38cc4d4a536ea0c0c8_bkransomware
.exe windows:6 windows x86 arch:x86

5dc47437211a7428c8380515da1be4e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\src\emf2ras\Release_Win32\emf2ras.pdb

Imports

shlwapi

PathAppendA
PathAddBackslashA
PathRemoveFileSpecA

kernel32

GetDriveTypeA
GetProcessTimes
lstrcmpW
FindNextFileW
FindFirstFileW
SetEvent
GetVersionExA
OpenProcess
GetCurrentThread
GetCurrentProcess
GetProcessHeap
HeapFree
HeapAlloc
GlobalUnlock
GlobalLock
GlobalReAlloc
WriteConsoleW
HeapSize
OutputDebugStringW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
SetEnvironmentVariableW
GetFullPathNameA
WideCharToMultiByte
GetEnvironmentVariableA
LocalAlloc
GetStdHandle
GetShortPathNameA
SetFilePointer
GetFileAttributesA
GetDiskFreeSpaceExA
FindNextFileA
FindFirstFileA
FindClose
GetCurrentDirectoryA
GetPrivateProfileStringA
ExpandEnvironmentStringsA
MultiByteToWideChar
GetProcAddress
MoveFileA
GetPrivateProfileIntA
GetStartupInfoA
LoadLibraryA
FreeLibrary
GlobalMemoryStatusEx
CopyFileA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
PeekNamedPipe
CreateFileA
IsProcessorFeaturePresent
FormatMessageA
WaitForMultipleObjects
LocalFree
CreateProcessA
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
Sleep
WaitForSingleObject
CreatePipe
SetHandleInformation
CloseHandle
SetEnvironmentVariableA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
SetEndOfFile
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
RaiseException
GetConsoleCP
LoadLibraryExW
OutputDebugStringA
WriteFile
ReadFile
GlobalFree
GlobalAlloc
DeleteFileA
GetModuleHandleA
SetLastError
GetLastError
VirtualAlloc
VirtualFree
CreateEventA
ResetEvent
GetTickCount
SetConsoleCtrlHandler
FatalAppExitA
CreateSemaphoreW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
DeleteCriticalSection
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
GetCurrentThreadId
GetCPInfo
IsDebuggerPresent
GetTimeZoneInformation
GetOEMCP
GetACP
IsValidCodePage
DuplicateHandle
DeleteFileW
GetFileAttributesExW
MoveFileExW
GetDriveTypeW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
CreateFileW
GetLocalTime
GetEnvironmentVariableW
RtlUnwind
FileTimeToSystemTime
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
GetCommandLineA
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
ResumeThread
ExitThread
CreateThread
SetFilePointerEx
Beep
GetSystemTimeAsFileTime
AreFileApisANSI
GetModuleHandleExW
DecodePointer
EncodePointer
GetVolumeInformationA
ExitProcess
GetSystemDirectoryA
CreateDirectoryA
FreeEnvironmentStringsA
lstrlenA
GetEnvironmentStrings
GetVersion
GetWindowsDirectoryA
SetErrorMode
ReleaseMutex
CreateMutexA
GetCommandLineW

user32

MoveWindow
DestroyWindow
DialogBoxParamA
BeginPaint
EndPaint
GetClientRect
MessageBoxA
GetParent
FindWindowA
GetWindowThreadProcessId
GetWindow
CreateWindowExA
GetDC
ReleaseDC
FillRect
GetDesktopWindow
GetMessageA
CreateDialogIndirectParamA
wsprintfA
ShowWindow
SetFocus
GetFocus
GetDlgItemTextA
GetDlgItemTextW
SetDlgItemTextA
MessageBeep
GetWindowLongA
SendMessageA
GetWindowRect
EnableWindow
DialogBoxIndirectParamA
GetDlgItem
SetWindowTextA
EndDialog
GetActiveWindow
TranslateMessage
DispatchMessageA
PostMessageA
DefWindowProcA
PostQuitMessage
RegisterClassExA
CreatePopupMenu
TrackPopupMenu
GetSystemMetrics
ScreenToClient
InsertMenuItemA
LoadIconA
SetForegroundWindow
LoadCursorA

gdi32

PlayEnhMetaFile
GetObjectType
SetICMProfileA
SetICMMode
GdiFlush
CreateDIBSection
GetEnhMetaFileA
EnumEnhMetaFile
DeleteEnhMetaFile
SetBrushOrgEx
Rectangle
GetStockObject
CreateCompatibleDC
EndPage
StartPage
EndDoc
StartDocA
SetWorldTransform
PlayEnhMetaFileRecord
StretchDIBits
SetMapMode
SetGraphicsMode
SelectClipRgn
SaveDC
RestoreDC
GetDeviceCaps
DeleteObject
DeleteDC
CreateRectRgn
CreateDCA
StretchBlt
GetWorldTransform
GetEnhMetaFileDescriptionA
GetEnhMetaFileHeader
RectVisible
CombineTransform
LPtoDP
SetStretchBltMode
GetObjectA
SelectObject
GetCurrentObject

winspool.drv

GetPrinterDriverA
EnumPrintersA
GetPrinterA
EndDocPrinter
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterA
DeviceCapabilitiesA
ClosePrinter
DocumentPropertiesA
OpenPrinterA

comdlg32

GetOpenFileNameA
PrintDlgA

advapi32

RegQueryInfoKeyA
RegCreateKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameA
RegEnumKeyExA
GetUserNameW
RegSetValueExW
RegQueryValueExW
RegEnumValueA
RegDeleteValueA
RegSetValueExA

shell32

Shell_NotifyIconA
SHAppBarMessage

ws2_32

ntohl
gethostname
WSAStartup
inet_ntoa
getpeername
WSASetLastError
htonl
getservbyname
htons
inet_addr
WSAGetLastError
gethostbyname
gethostbyaddr
getservbyport
ntohs
getsockname
getsockopt
__WSAFDIsSet
select
connect
socket
getprotobyname
closesocket
recv
send
ioctlsocket
setsockopt
WSACleanup

img_fmt

ord1

comctl32

ord17

netapi32

Netbios

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCreateMetafileFromFile
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipEnumerateMetafileSrcRectDestPoint
GdipDrawImagePointsRectI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits

ole32

CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

SysAllocStringLen
VariantInit
SysStringLen
SysAllocString
SysFreeString
VariantClear

Exports

Exports

_aes_dec_blk@12
_aes_dec_key@12
_aes_enc_blk@12
_aes_enc_key@12
sdi_export_to_DC

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textidx
Size: 1017KB - Virtual size: 1017KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 533KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_dir
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 512B - Virtual size: 257B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 158KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5dc47437211a7428c8380515da1be4e1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ws2_32

img_fmt

comctl32

netapi32

gdiplus

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.textidx Size: 1017KB - Virtual size: 1017KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 533KB - Virtual size: 1.3MB

.idata Size: 11KB - Virtual size: 11KB

.fnp_dir Size: 512B - Virtual size: 376B

.fnp_mar Size: 512B - Virtual size: 257B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 158KB - Virtual size: 160KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.textidx
Size: 1017KB - Virtual size: 1017KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 533KB - Virtual size: 1.3MB

.idata
Size: 11KB - Virtual size: 11KB

.fnp_dir
Size: 512B - Virtual size: 376B

.fnp_mar
Size: 512B - Virtual size: 257B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 158KB - Virtual size: 160KB