2024-08-23_ef1b065b4df8fdca8bfa80c5d9374109_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-23_ef1b065b4df8fdca8bfa80c5d9374109_bkransomware
Size

2.6MB
MD5

ef1b065b4df8fdca8bfa80c5d9374109
SHA1

cef59a88ad9c351cf7050896fd3ba223729687fc
SHA256

757bd8b45a671c2e48ba8b40e6fb649f52470e62d9a4de563afb0ff6f65bf226
SHA512

a2617dfc5da521c271e7e7df1a735c5381152f1c72a0b952c7273bc8ad382725ba2de29d2150fa1b39f959d3b5b04c4326eaab4467c174e82795b9a35bc92100
SSDEEP

49152:LSosdfFo2HnB7MOl0C3VwznNDJ/ZzfjMF3VmcUgcoalGSz8wU6mTZ4bvq:LQzh9hFANhRfuwe1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-23_ef1b065b4df8fdca8bfa80c5d9374109_bkransomware

Files

2024-08-23_ef1b065b4df8fdca8bfa80c5d9374109_bkransomware
.exe windows:5 windows x86 arch:x86

de3c279aedb802c82c08a2f9a2c942a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\kuaiwan\build\Release\Kuaiwan.pdb

Imports

kernel32

GetExitCodeThread
Module32NextW
ReadDirectoryChangesW
GetLogicalDrives
ResetEvent
GetProcessHeap
HeapFree
SetErrorMode
LocalAlloc
GlobalMemoryStatusEx
GetSystemDirectoryW
GlobalMemoryStatus
SetProcessWorkingSetSize
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
FileTimeToLocalFileTime
GetFullPathNameW
GetFullPathNameA
CreateFileA
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
GetSystemTimeAsFileTime
FormatMessageA
FormatMessageW
GetFileAttributesA
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
GetTempPathA
AreFileApisANSI
CopyFileW
GetCommandLineW
EncodePointer
HeapAlloc
ExitThread
IsDebuggerPresent
InterlockedIncrement
CreateRemoteThread
WaitForMultipleObjects
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
HeapSize
RtlUnwind
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CompareStringW
LCMapStringW
SetStdHandle
WriteConsoleW
GetExitCodeProcess
CreateProcessA
SetEnvironmentVariableA
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
lstrlenA
OutputDebugStringW
WriteProcessMemory
GetDiskFreeSpaceExW
FileTimeToSystemTime
GetVolumeInformationW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetProfileIntW
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
ResumeThread
SuspendThread
OpenThread
Thread32Next
Thread32First
lstrcatW
SetFilePointer
FlushFileBuffers
GlobalAddAtomW
DeviceIoControl
SizeofResource
LoadLibraryExW
lstrcmpiW
DecodePointer
SetUnhandledExceptionFilter
OpenEventW
WriteFile
HeapReAlloc
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
DebugBreak
CreateThread
GetPrivateProfileSectionW
GetPrivateProfileStringW
LocalFree
SetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetLogicalDriveStringsW
GetDriveTypeW
GetFileAttributesW
ReadFile
VirtualQuery
GetTickCount
CreateProcessW
lstrcpyW
GetSystemInfo
GetModuleHandleW
GetVersionExW
FindFirstFileA
DeleteFileA
FindFirstFileW
FindNextFileW
DeleteFileW
FindClose
RemoveDirectoryW
lstrcmpW
MulDiv
FindResourceW
LoadResource
LockResource
GlobalFree
GlobalHandle
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemTime
lstrcatA
GetFileSize
GetCurrentThreadId
RaiseException
InitializeCriticalSectionAndSpinCount
GetLastError
FlushInstructionCache
GetCurrentProcess
CreateFileW
MultiByteToWideChar
CreateDirectoryW
GetFileAttributesExW
GetLocalTime
WideCharToMultiByte
CreateEventW
FreeLibrary
GetModuleFileNameW
LeaveCriticalSection
TerminateThread
EnterCriticalSection
WaitForSingleObject
SetEvent
Sleep
TerminateProcess
OpenProcess
GetCurrentProcessId
Process32FirstW
lstrlenW
InterlockedDecrement
CreateToolhelp32Snapshot
Module32FirstW
Process32NextW
CloseHandle
GetProcAddress
LoadLibraryW
DeleteCriticalSection
IsProcessorFeaturePresent
InitializeCriticalSection

user32

GetMenuStringW
GetMenuItemID
GetKeyState
DrawIconEx
GetIconInfo
CreateIconIndirect
CreateMenu
AppendMenuW
CreatePopupMenu
GetMenuItemCount
IsMenu
SetParent
ModifyMenuW
PrintWindow
EnumChildWindows
DestroyMenu
GetSubMenu
wsprintfW
TrackPopupMenu
IsDialogMessageW
MessageBoxW
LoadStringW
GetMenuState
LoadMenuW
GetCaretPos
IsClipboardFormatAvailable
GetClipboardData
CharNextW
SetTimer
KillTimer
IsWindow
SendMessageW
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
UnregisterClassW
GetActiveWindow
EnableMenuItem
SetLayeredWindowAttributes
OffsetRect
SetCursorPos
GetWindowDC
EnumWindows
PeekMessageW
PostThreadMessageW
DeleteMenu
EqualRect
ExitWindowsEx
PostQuitMessage
CopyRect
SystemParametersInfoW
LoadIconW
SetCursor
PtInRect
LoadImageW
TrackMouseEvent
SetRectEmpty
SetWindowRgn
DestroyIcon
UpdateWindow
GetCapture
PrivateExtractIconsW
RegisterHotKey
UnregisterHotKey
EnableWindow
MapDialogRect
SetWindowContextHelpId
EndDialog
DispatchMessageW
TranslateMessage
GetMessageW
UpdateLayeredWindow
GetWindowThreadProcessId
SetMenuItemInfoW
GetMenuItemInfoW
GetSystemMetrics
GetForegroundWindow
WindowFromPoint
GetCursorPos
FindWindowW
SetActiveWindow
IsWindowVisible
CharUpperW
WaitForInputIdle
FindWindowExW
CharLowerW
RegisterDeviceNotificationW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetWindowRect
SetForegroundWindow
ShowWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
GetClassNameW
GetSysColor
SetWindowPos
RedrawWindow
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
wsprintfA
PostMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
DialogBoxIndirectParamW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
GetClientRect
FillRect
DrawTextW
InflateRect
IntersectRect
SetRect
ReleaseCapture
SetCapture
MoveWindow
DestroyCursor

advapi32

CryptReleaseContext
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW
RegSaveKeyExW
RegRestoreKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetFileSecurityW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegDeleteValueW

ole32

CoSetProxyBlanket
StringFromCLSID
CoTaskMemRealloc
CoCreateGuid
CoUninitialize
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleUninitialize
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2

shell32

DragAcceptFiles
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
DragQueryFileW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathA
ShellExecuteW
SHGetSpecialFolderPathW

oleaut32

SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
OleCreateFontIndirect
SysAllocStringLen
VarUI4FromStr
VariantChangeType
SysAllocString
VariantInit
GetErrorInfo
SysFreeString

shlwapi

PathIsDirectoryW
PathFileExistsW

comctl32

ord17
ord16
_TrackMouseEvent
InitCommonControlsEx

gdi32

BitBlt
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreateDIBSection
CreateRectRgn
RealizePalette
SelectPalette
GetDIBits
CreateDCW
CombineRgn
CreateFontIndirectW
GetTextExtentPoint32W
SetDIBits
SetBkMode
SetTextColor
CreatePen
DeleteDC
LineTo
Polygon
Rectangle
Ellipse
CreateBitmap
CreatePatternBrush
SetViewportOrgEx
UnrealizeObject
SetROP2
SetMapMode
SetWindowOrgEx
PatBlt
SetBkColor
ExtTextOutW
GetClipBox
SelectClipRgn
CreateRectRgnIndirect
SetRectRgn
GetPixel
CreateRoundRectRgn
GetStockObject
MoveToEx
GetDeviceCaps
GetObjectW

msimg32

AlphaBlend

ws2_32

ntohl
ntohs
gethostbyname
WSAGetLastError
htonl
recv
send
closesocket
connect
socket
WSACleanup
WSAStartup
htons
sendto
__WSAFDIsSet
ioctlsocket
recvfrom
select

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

psapi

GetProcessMemoryInfo

gdiplus

GdipCreateHBITMAPFromBitmap
GdipGetImageWidth
GdipGetImageHeight
GdipBitmapGetPixel
GdipCreateFromHWND
GdipImageSelectActiveFrame
GdipSetSolidFillColor
GdipDrawImageRectRectI
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipCreateBitmapFromHBITMAP
GdipDrawImageRectI
GdipGetGenericFontFamilySansSerif
GdipTranslateWorldTransform
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipSetStringFormatTrimming
GdipGetDC
GdipReleaseDC
GdipCreateBitmapFromHICON
GdipMeasureString
GdipCreatePath
GdipDeletePath
GdipStartPathFigure
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipFillPath
GdipDrawPath
GdipSetPenDashStyle
GdipDrawImagePointsRectI
GdipAlloc
GdipFree
GdipSetPenColor
GdipLoadImageFromFile
GdipCloneImage
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipDisposeImage
GdipCreateFontFamilyFromName
GdipDrawRectangleI
GdipDrawString
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI

tinyxml

?StreamIn@TiXmlElement@@MAEXPAV?$basic_istream@DU?$char_traits@D@std@@@std@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?Accept@TiXmlElement@@UBE_NPAVTiXmlVisitor@@@Z
?Clone@TiXmlElement@@UBEPAVTiXmlNode@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToElement@TiXmlElement@@UBEPBV1@XZ
?ToElement@TiXmlElement@@UAEPAV1@XZ
?ToDocument@TiXmlNode@@UBEPBVTiXmlDocument@@XZ
?ToDocument@TiXmlNode@@UAEPAVTiXmlDocument@@XZ
?Parse@TiXmlElement@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Print@TiXmlElement@@UBEXPAU_iobuf@@H@Z
?SaveFile@TiXmlDocument@@QBE_NPBD@Z
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?LoadFile@TiXmlDocument@@QAE_NPBDW4TiXmlEncoding@@@Z
??1TiXmlDocument@@UAE@XZ
??0TiXmlDocument@@QAE@XZ
?CopyTo@TiXmlElement@@QBEXPAV1@@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?SetAttribute@TiXmlElement@@QAEXPBDH@Z
??1TiXmlElement@@UAE@XZ
??0TiXmlElement@@QAE@PBD@Z
?RemoveChild@TiXmlNode@@QAE_NPAV1@@Z
?InsertBeforeChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z
?LinkEndChild@TiXmlNode@@QAEPAV1@PAV1@@Z
?Value@TiXmlNode@@QBEPBDXZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?SetAttribute@TiXmlElement@@QAEXPBD0@Z
?GetText@TiXmlElement@@QBEPBDXZ

http

Net_SendHttpGet
?GetProgressRate@CDownloader@@QAEMXZ
?IsFinished@CDownloader@@QAE_NXZ
?GetDownloadState@CDownloader@@QAEHXZ
?GetDownloadURL@NetTool@@SA_NPB_WPAPAXPAJJH@Z
?SetURL@CDownloader@@QAEXPB_W00@Z
?Download@CDownloader@@QAEXXZ
?WaitThread@CDownloader@@QAEXXZ
?Abort@CDownloader@@QAEXXZ
?DownloadURL@NetTool@@SA_NPB_W0J@Z
?HttpSend@NetTool@@SA_NPBDPADH@Z
uploadStatsFile
?GetThis@CSingleHostCGI@@SAPAV1@XZ
SetDocsParam
?ConnectHost@CConnectHost@@SAXPAD@Z
?GetConnectHostStats@CConnectHost@@SAHK@Z
?SetChangeHost@CSingleHostCGI@@QAEXPAD0@Z
PostDocs
?StartChangeHost@CSingleHostCGI@@QAE_NPADI@Z
?IsStartChangeHost@CSingleHostCGI@@QAE_NXZ
?PostForm@NetTool@@SAHPB_W0PADJ@Z
?GetAddrFromHTTP@NetTool@@SAHVCString@WTL@@AAIAAG@Z
??1CDownloader@@QAE@XZ
?SetURL@CDownloader@@QAEXPB_W0000@Z
?PostForm@NetTool@@SA_NPB_W0PAPAXPAJJ@Z
SEH_Net_PostFileByData
?Clear@CDownloader@@QAEXXZ
?GetLastTime@CDownloader@@QAE?AVCString@WTL@@XZ
??0CDownloader@@QAE@PB_W@Z

dbghelp

MiniDumpWriteDump

wininet

FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

winmm

PlaySoundW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 490KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de3c279aedb802c82c08a2f9a2c942a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

gdi32

msimg32

ws2_32

version

comdlg32

psapi

gdiplus

tinyxml

http

dbghelp

wininet

winmm

setupapi

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 490KB - Virtual size: 490KB

.data Size: 31KB - Virtual size: 69KB

.rsrc Size: 167KB - Virtual size: 167KB

.reloc Size: 127KB - Virtual size: 127KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 490KB - Virtual size: 490KB

.data
Size: 31KB - Virtual size: 69KB

.rsrc
Size: 167KB - Virtual size: 167KB

.reloc
Size: 127KB - Virtual size: 127KB