2024-08-19_e9e9d1b488fe471dd25c9b0c626795cb_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-19_e9e9d1b488fe471dd25c9b0c626795cb_bkransomware
Size

2.9MB
MD5

e9e9d1b488fe471dd25c9b0c626795cb
SHA1

4b51f6cf4063825883805b32d20923b66b8e009d
SHA256

e3d80b44d86c0664888a2bc79f3b3abcc9be68a45881c705e109f0b2f2572a20
SHA512

d99fd87adf2ce6d0d4c164d729130d93854c0f722b6cfe89ba3dcf61f77014bc71456f49941b2f7beccde7fa5a26088884f4472c1eb19a67b84e0c6cc6de23f3
SSDEEP

49152:cSTiL0JMBjHShm0YSXx6dfuEKCjZGgn0yQTliLSh1OZqvjEWnAMwxrOed29:c5RBjHShPYA6dfRKCNXWTliC1OZqvYWf

Score

1^/10

Malware Config

Signatures

Files

2024-08-19_e9e9d1b488fe471dd25c9b0c626795cb_bkransomware
.exe windows:5 windows x86 arch:x86

508a6cb402f41a2c5e6299c6ef3602bd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:bd:b0:ab:ec:41:73
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

27/12/2012, 22:04

Not After

28/02/2014, 10:04

Subject

CN=临桂零与壹软件有限公司,O=临桂零与壹软件有限公司,L=临桂县,ST=广西壮族自治区,C=CN,1.2.840.113549.1.9.1=#0c107866706c617940676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

8d:1e:ea:2b:27:fc:84:47:41:ee:2b:da:59:9a:a3:e9:c8:99:0a:cb
Signer

Actual PE Digest

8d:1e:ea:2b:27:fc:84:47:41:ee:2b:da:59:9a:a3:e9:c8:99:0a:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

yyxf_play

yyxf_D7
yyxf_D6
yyxf_D5
yyxf_D4
yyxf_D3
yyxf_D2
yyxf_C9
yyxf_C8
yyxf_C6
yyxf_C5
yyxf_C2
yyxf_B9
yyxf_D8
yyxf_B5
yyxf_B4
yyxf_B3
yyxf_B2
yyxf_B1
yyxf_A9
yyxf_A8
yyxf_A7
yyxf_A5
yyxf_A3
yyxf_A1
yyxf_E7
yyxf_C4
yyxf_B8
yyxf_D9
yyxf_C3
yyxf_G1
yyxf_F8
yyxf_B7
yyxf_E1
yyxf_E2
yyxf_E3
yyxf_E4
yyxf_E6
yyxf_E9
yyxf_F1
yyxf_G3
yyxf_G4
yyxf_G6
yyxf_G7
yyxf_G8
yyxf_G9
yyxf_H2
yyxf_H3
yyxf_H4
yyxf_F7
yyxf_G5
yyxf_C1
yyxf_E8
yyxf_G2
yyxf_F4
yyxf_H5
yyxf_F3
yyxf_F6
yyxf_B6
yyxf_A6
yyxf_A4
yyxf_F9
yyxf_H1

winmm

PlaySoundW
waveOutSetVolume

psapi

GetModuleFileNameExW

kernel32

InitializeCriticalSection
GlobalGetAtomNameW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
CompareStringW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SetErrorMode
GetCurrentDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetTempFileNameW
GetTempPathW
GetProfileIntW
SearchPathW
VirtualProtect
FindResourceExW
GetCommandLineW
RtlUnwind
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetStdHandle
GetFileType
ExitProcess
GetModuleHandleExW
CompareStringA
HeapQueryInformation
GetSystemInfo
VirtualAlloc
VirtualQuery
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
GetCurrentThread
ResumeThread
ReleaseMutex
IsDebuggerPresent
DecodePointer
LockResource
FreeLibrary
GetProcAddress
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SetThreadPriority
GetThreadLocale
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameW
FlushFileBuffers
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalFindAtomW
GlobalAddAtomW
SizeofResource
LoadLibraryW
FindResourceW
lstrcmpW
GlobalDeleteAtom
GetVersionExW
GetCurrentThreadId
Sleep
LoadLibraryExW
FreeResource
EncodePointer
GetCurrentProcessId
LoadLibraryA
GetModuleHandleA
OutputDebugStringA
lstrcmpA
CopyFileW
MulDiv
GlobalFree
GlobalSize
GetSystemDirectoryW
RemoveDirectoryW
SetLastError
GetLocaleInfoW
GetACP
lstrcpyW
SetCurrentDirectoryW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
ExitThread
CreateThread
CreateProcessW
WaitForSingleObject
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileW
FindClose
GetVolumeInformationW
GetDriveTypeW
GlobalAlloc
SetSystemPowerState
lstrcpynW
SetThreadExecutionState
GetCurrentProcess
GetFileSize
GetWindowsDirectoryW
CreateMutexW
lstrcmpiW
FormatMessageW
FileTimeToSystemTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LocalFree
GlobalMemoryStatus
GlobalUnlock
GlobalLock
GetTickCount
GetStringTypeExW
WideCharToMultiByte
MultiByteToWideChar
WaitNamedPipeW
DeleteFileW
GetFileAttributesW
CreateFileW
CreateDirectoryW
GetModuleHandleW
GetModuleFileNameW
lstrlenW
SetNamedPipeHandleState
CloseHandle
ReadFile

user32

SetWindowContextHelpId
MapDialogRect
LoadAcceleratorsW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetDialogBaseUnits
GetSysColorBrush
RealChildWindowFromPoint
CopyImage
PostThreadMessageW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetParent
DrawFocusRect
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetMenuDefaultItem
LockWindowUpdate
EnumDisplayMonitors
DrawStateW
DrawFrameControl
UpdateLayeredWindow
MonitorFromPoint
TrackMouseEvent
GetComboBoxInfo
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
SetClassLongW
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
CharUpperBuffW
FrameRect
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
DestroyCursor
DrawIcon
RegisterClipboardFormatW
ShowOwnedPopups
PostQuitMessage
GetDesktopWindow
GetNextDlgTabItem
EndDialog
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
SendDlgItemMessageA
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
TranslateAcceleratorW
GetActiveWindow
TranslateMessage
GetMessageW
IsDialogMessageW
SetWindowTextW
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassLongW
EqualRect
MapWindowPoints
GetWindowTextLengthW
GetWindowTextW
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetMessageTime
GetMessagePos
DispatchMessageW
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxW
IsWindowEnabled
MapVirtualKeyW
GetKeyNameTextW
FillRect
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
InsertMenuW
GetMenuState
GetMenuStringW
CharNextW
IntersectRect
ShowScrollBar
GetAncestor
WindowFromPoint
DestroyIcon
EmptyClipboard
SetClipboardData
GetWindowRgn
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
LoadIconW
ChildWindowFromPoint
ClipCursor
ShowCursor
DeleteMenu
RemoveMenu
EnableMenuItem
GetFocus
IsMenu
ExitWindowsEx
PeekMessageW
RegisterWindowMessageW
SetLayeredWindowAttributes
LoadCursorW
SetCursor
DrawEdge
IsRectEmpty
ClientToScreen
RedrawWindow
KillTimer
SetTimer
InflateRect
ScreenToClient
InvalidateRect
TrackPopupMenuEx
ReleaseCapture
SetCapture
GetIconInfo
CreateIconIndirect
FindWindowW
SetForegroundWindow
UpdateWindow
BringWindowToTop
IsWindow
GetParent
EnableWindow
GetClipboardData
CloseClipboard
OpenClipboard
GetMonitorInfoW
SystemParametersInfoW
DrawIconEx
UnionRect
SetRect
SetWindowRgn
GetSystemMenu
GetSystemMetrics
GetAsyncKeyState
CharUpperW
IsZoomed
IsIconic
SetWindowPos
LoadImageW
GetWindow
AppendMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
LoadMenuW
CharLowerW
PostMessageW
SetRectEmpty
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
CopyRect
GetCursorPos
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropW
GetPropW
SetPropW
ReleaseDC
GetDC
WindowFromDC
GetForegroundWindow
SetMenuItemInfoW
GetMenuItemInfoW
ModifyMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
IsWindowVisible
CallWindowProcW
SendMessageW
LoadBitmapW
GetSysColor
UnregisterClassW
SetCursorPos
CreateDialogIndirectParamW

gdi32

GetDeviceCaps
CreateHatchBrush
CreatePatternBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
CreateDCW
CopyMetaFileW
GetTextMetricsW
CreateEllipticRgn
PtInRegion
CreateRectRgn
RoundRect
CreatePen
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetTextAlign
CreateBitmap
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
PatBlt
GetMapMode
SetRectRgn
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
SetDIBColorTable
Ellipse
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
OffsetRgn
FrameRgn
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
ExtTextOutW
StretchBlt
SetDIBits
GetDIBits
CreateRoundRectRgn
CreateRectRgnIndirect
CreateEllipticRgnIndirect
CombineRgn
RemoveFontResourceW
CreateSolidBrush
AddFontResourceW
GetTextExtentPoint32W
GetObjectW
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateFontW
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueW
RegDeleteValueW
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryValueExW

shell32

SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHAppBarMessage
Shell_NotifyIconW
SHAddToRecentDocs
DragFinish
SHGetFileInfoW
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ord680
ShellExecuteW
ShellExecuteExW
DragQueryFileW
ExtractIconExW

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Draw
ImageList_DrawEx
ImageList_AddMasked
ImageList_BeginDrag
ImageList_DragShowNolock
_TrackMouseEvent
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove

shlwapi

PathFileExistsW
PathRemoveFileSpecW
StrFormatKBSizeW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW

uxtheme

CloseThemeData
GetWindowTheme
GetThemeSysColor
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground
DrawThemeText
GetThemeColor
GetCurrentThemeName
OpenThemeData

ole32

OleDuplicateData
CoInitialize
CoUninitialize
CoCreateGuid
CoRevokeClassObject
OleInitialize
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoInitializeEx
CoGetClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
DoDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
RevokeDragDrop
RegisterDragDrop
CoCreateInstance
CoFreeUnusedLibrariesEx
CoFreeUnusedLibraries
ReleaseStgMedium
CreateStreamOnHGlobal

oleaut32

VarBstrFromDate
VariantCopy
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocString
SysStringLen
LoadTypeLi
RegisterTypeLi
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy

oledlg

OleUIBusyW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdiplusShutdown

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

508a6cb402f41a2c5e6299c6ef3602bd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:9d:f8:8eCertificate

Key Usages

04:bd:b0:ab:ec:41:73Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

01Certificate

Key Usages

8d:1e:ea:2b:27:fc:84:47:41:ee:2b:da:59:9a:a3:e9:c8:99:0a:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

yyxf_play

winmm

psapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

oleacc

gdiplus

imm32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 456KB - Virtual size: 455KB

.data Size: 26KB - Virtual size: 219KB

.rsrc Size: 417KB - Virtual size: 417KB

.reloc Size: 163KB - Virtual size: 162KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:9d:f8:8e
Certificate

04:bd:b0:ab:ec:41:73
Certificate

3d
Certificate

01
Certificate

8d:1e:ea:2b:27:fc:84:47:41:ee:2b:da:59:9a:a3:e9:c8:99:0a:cb
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 456KB - Virtual size: 455KB

.data
Size: 26KB - Virtual size: 219KB

.rsrc
Size: 417KB - Virtual size: 417KB

.reloc
Size: 163KB - Virtual size: 162KB