2024-08-21_7d1161760bba3bc450e706ef17466825_bkransomware_virut

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-21_7d1161760bba3bc450e706ef17466825_bkransomware_virut
Size

2.8MB
MD5

7d1161760bba3bc450e706ef17466825
SHA1

b82da8f77a70902525bab95950c92abb1474fe99
SHA256

aa712d33ca728b5acb0c3a79817a2ef024a6519a2b2967b09dfdad86665a3658
SHA512

6ecbe63d8555af91735af3892596b403b31a4652f97d53e187c6f5747465c18ac8a3ad13a46ba02ea19326c0698fea278983c56e78cba530d6d95ba76475a6d1
SSDEEP

6144:B/nvHlZ7k3PNp7ODvtMJfDVChJWXDot0:B/vHlZ7gr7Mvt6fDVCgDo

Score

1^/10

Malware Config

Signatures

Files

2024-08-21_7d1161760bba3bc450e706ef17466825_bkransomware_virut
.exe windows:6 windows x86 arch:x86

c40a4ef085f433a57301e6785a981d23

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35
Certificate

Issuer

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Not Before

19/06/2014, 18:09

Not After

03/06/2017, 18:09

Subject

CN=Intel Corporation - pGFX,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:2c:ff:88:00:01:00:00:00:10
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

08/02/2013, 22:21

Not After

08/02/2018, 22:31

Subject

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

01/02/2013, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1e:35:5b:af:1a:55:76:8d:0b:f1:e6:ce:b8:5a:a3:ce:f0:3f:cf:76
Signer

Actual PE Digest

1e:35:5b:af:1a:55:76:8d:0b:f1:e6:ce:b8:5a:a3:ce:f0:3f:cf:76

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
GetCurrentProcess
CreateThread
GetCurrentThreadId
FlushInstructionCache
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
MultiByteToWideChar
IsDebuggerPresent
OutputDebugStringW
HeapAlloc
HeapFree
GetProcessHeap
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
Sleep
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
HeapSize
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetStartupInfoW
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
EncodePointer
RtlUnwind
LocalFree
WideCharToMultiByte
CreateEventW
CreateMutexW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
SetLastError
lstrlenA
GetLastError
RaiseException
CloseHandle
DecodePointer
GetCommandLineW

user32

PostMessageW
CreatePopupMenu
DestroyMenu
GetMenuItemCount
InsertMenuW
AppendMenuW
SetForegroundWindow
LoadImageW
LoadIconW
FindWindowExW
GetWindowLongW
GetCursorPos
GetWindowRect
GetClientRect
SetWindowTextW
EndPaint
BeginPaint
SetMenuDefaultItem
TrackPopupMenuEx
GetSubMenu
GetSystemMetrics
KillTimer
SetTimer
GetDlgItem
CreateDialogParamW
IsWindowVisible
ShowWindow
DestroyWindow
CallWindowProcW
PostQuitMessage
DefWindowProcW
SendMessageW
RegisterWindowMessageW
wsprintfW
LoadCursorW
GetDesktopWindow
SetWindowLongW
CharNextW
CharUpperW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowW
MessageBoxW

advapi32

RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey

ole32

CoCreateInstance
OleRun
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

shell32

Shell_NotifyIconW

oleaut32

VariantClear
GetErrorInfo
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayGetVartype
VarBstrCat
VarBstrCmp
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi

gdi32

DeleteDC
CreateCompatibleDC
BitBlt
SelectObject
DeleteObject

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c40a4ef085f433a57301e6785a981d23

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35Certificate

Extended Key Usages

Key Usages

61:2c:ff:88:00:01:00:00:00:10Certificate

Key Usages

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88Certificate

Extended Key Usages

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

1e:35:5b:af:1a:55:76:8d:0b:f1:e6:ce:b8:5a:a3:ce:f0:3f:cf:76Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

gdi32

Sections

.text Size: 126KB - Virtual size: 125KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 73KB - Virtual size: 91KB

.rsrc Size: 128KB - Virtual size: 127KB

Size: 2.4MB - Virtual size: 2.4MB

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35
Certificate

61:2c:ff:88:00:01:00:00:00:10
Certificate

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

1e:35:5b:af:1a:55:76:8d:0b:f1:e6:ce:b8:5a:a3:ce:f0:3f:cf:76
Signer

.text
Size: 126KB - Virtual size: 125KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 73KB - Virtual size: 91KB

.rsrc
Size: 128KB - Virtual size: 127KB