2024-08-23_b71be006e9faeaf0cd4f93fc7f46d80f_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-23_b71be006e9faeaf0cd4f93fc7f46d80f_bkransomware
Size

2.5MB
MD5

b71be006e9faeaf0cd4f93fc7f46d80f
SHA1

33d031c342097a58c2d29f98b21d41849be3abc4
SHA256

9a20e23b59e898f25d43d4442549b51223a7475fe03c55cab7d77bf906e455d8
SHA512

51fb779eea2cb85ac9978b32d093ab15b8cba25e8bf5245d87c84e28a46fa3b09eff51a67f46620b930f259bc56783f103137a77120a2d9e6f563dc7be14759f
SSDEEP

49152:yv1JJ8y5vbtL2tLr8xmN3Aek03noj45wlDTAWWhipXq:g82V2VreUJF3noxDRo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-23_b71be006e9faeaf0cd4f93fc7f46d80f_bkransomware

Files

2024-08-23_b71be006e9faeaf0cd4f93fc7f46d80f_bkransomware
.exe windows:5 windows x86 arch:x86

b94efb677626b2c8928781538018e316

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\obj-firefox\toolkit\components\maintenanceservice\maintenanceservice.pdb

Imports

kernel32

SetStdHandle
WriteConsoleW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WriteFile
GetPrivateProfileStringW
GetDriveTypeW
GetProcAddress
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
LoadLibraryExW
FreeLibrary
DeleteFileW
SetLastError
MultiByteToWideChar
GetModuleFileNameW
GetFileAttributesW
CopyFileW
CreateFileW
ReadFile
CreateProcessW
GetFileSize
CreateThread
CloseHandle
lstrcmpiW
CreateEventW
Sleep
SetEvent
LCMapStringW
WaitForSingleObject
CreateDirectoryW
GetLastError
MoveFileExW
LocalFree
LocalAlloc
CompareStringW
HeapReAlloc
OutputDebugStringW
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
GetConsoleMode
RtlUnwind
GetStringTypeW
SetEnvironmentVariableW
SetEnvironmentVariableA
RaiseException
GetCPInfo
GetOEMCP
GetACP
GetCommandLineW
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
SetEndOfFile

user32

LoadStringA
wsprintfW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenSCManagerA
QueryServiceStatusEx
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CreateWellKnownSid
GetSecurityDescriptorDacl
QueryServiceConfigW
ControlService
BuildExplicitAccessWithNameW
FreeSid
SetEntriesInAclW
ChangeServiceConfigW
QueryServiceStatus
LookupAccountSidW
ChangeServiceConfig2W
QueryServiceObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenServiceW
SetServiceObjectSecurity
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
StartServiceCtrlDispatcherW

shell32

SHGetFolderPathW

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CertGetNameStringW
CryptQueryObject
CryptMsgClose

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathStripToRootW
PathQuoteSpacesW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathAppendW

ole32

CoCreateGuid

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b94efb677626b2c8928781538018e316

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

wintrust

crypt32

version

shlwapi

ole32

rpcrt4

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB