2024-09-03_a3f8b83d11ff3b8ed87b5d3dd4ac6f85_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-03_a3f8b83d11ff3b8ed87b5d3dd4ac6f85_bkransomware
Size

497KB
MD5

a3f8b83d11ff3b8ed87b5d3dd4ac6f85
SHA1

6a7a2857e57d5eb416fa7ef8f2e663c478c16706
SHA256

d10f957f9a006fd7a1dcfd7c953858f67c013a119313c463d7f1f11b91e2da00
SHA512

7692c159345f3cb8b3a9f9880789650a4eebbe96a3ed3add572edd533c2f0ea2c321079a0b2ada3e64d6a0a4e57bd0315d606f677b7e33d91206362f60dd48e4
SSDEEP

12288:NHC7owQTA/o/GiN6U8fF6ILQpo1Rm4OiOFvQsV4HI7tmlyYLJ+60pi9Fk+rtc9:NHC7zQA3KV7tml7IniI9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-03_a3f8b83d11ff3b8ed87b5d3dd4ac6f85_bkransomware

Files

2024-09-03_a3f8b83d11ff3b8ed87b5d3dd4ac6f85_bkransomware
.exe windows:5 windows x86 arch:x86

898cbbc7cdaad2a89abe2dcf5f883785

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\gogo\protecter\Release\protecter.pdb

Imports

ws2_32

getservbyname
gethostbyname
gethostbyaddr
inet_addr
htonl
ntohl
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup

kernel32

RtlUnwind
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleFileNameW
IsProcessorFeaturePresent
IsDebuggerPresent
FileTimeToLocalFileTime
SetFilePointerEx
LoadLibraryExW
HeapAlloc
HeapFree
WaitForSingleObject
GetProcessHeap
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
LeaveCriticalSection
CreateProcessA
TerminateProcess
MultiByteToWideChar
EnterCriticalSection
GetModuleFileNameA
CloseHandle
GetTickCount
GetLastError
SetLastError
DeleteCriticalSection
Sleep
VerSetConditionMask
SleepEx
VerifyVersionInfoA
FormatMessageA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
FreeLibrary
GetProcAddress
WaitForMultipleObjects
LoadLibraryA
ExpandEnvironmentStringsA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
TlsAlloc
TlsFree
GlobalFree
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetConsoleMode
TryEnterCriticalSection
SetEvent
ReleaseMutex
CreateEventA
GetHandleInformation
SetHandleInformation
GetCurrentProcessId
GetExitCodeProcess
CreateProcessW
CreateFileA
WriteFile
GetCurrentThreadId
TlsGetValue
TlsSetValue
GetVersionExA
DuplicateHandle
GetCurrentProcess
SwitchToThread
GetCurrentThread
SetStdHandle
CreateFileW
DeleteFileW
GetFileInformationByHandle
SetFilePointer
GetOverlappedResult
CancelIo
MoveFileExW
CreateHardLinkW
CreatePipe
CreateNamedPipeA
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDriveTypeA
GetDriveTypeW
GetFullPathNameW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileAttributesExW
GetFileTime
SetFileAttributesW
SetFileTime
LocalFree
FlushFileBuffers
SetEndOfFile
LockFile
LockFileEx
UnlockFile
UnlockFileEx
ExitThread
CreateThread
ReadConsoleW
RaiseException
GetConsoleCP
GetStartupInfoW
FindFirstFileExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
QueryPerformanceCounter
HeapSize
OutputDebugStringW
GetStringTypeW
CompareStringW
LCMapStringW
WriteConsoleW
HeapReAlloc
GetCommandLineA
GetTimeZoneInformation
DeviceIoControl
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA

user32

MessageBoxA

advapi32

DuplicateTokenEx
GetSecurityInfo
GetNamedSecurityInfoW
GetNamedSecurityInfoA
GetEffectiveRightsFromAclW
FreeSid
AllocateAndInitializeSid
LogonUserW
SetSecurityDescriptorDacl
RevertToSelf
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
CreateProcessAsUserW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

shell32

CommandLineToArgvW

iphlpapi

GetAdaptersInfo

Exports

Exports

_apr_allocator_alloc@8
_apr_allocator_create@4
_apr_allocator_destroy@4
_apr_allocator_free@8
_apr_allocator_max_free_set@8
_apr_allocator_mutex_get@4
_apr_allocator_mutex_set@8
_apr_allocator_owner_get@4
_apr_allocator_owner_set@8
_apr_app_initialize@12
_apr_array_append@12
_apr_array_cat@8
_apr_array_clear@4
_apr_array_copy@8
_apr_array_copy_hdr@8
_apr_array_make@12
_apr_array_pop@4
_apr_array_pstrcat@12
_apr_array_push@4
_apr_atoi64@4
_apr_atomic_add32@8
_apr_atomic_cas32@12
_apr_atomic_casptr@12
_apr_atomic_dec32@4
_apr_atomic_inc32@4
_apr_atomic_init@4
_apr_atomic_read32@4
_apr_atomic_set32@8
_apr_atomic_sub32@8
_apr_atomic_xchg32@8
_apr_atomic_xchgptr@8
_apr_collapse_spaces@8
_apr_conv_ucs2_to_utf8@16
_apr_conv_utf8_to_ucs2@16
_apr_cpystrn@12
_apr_file_attrs_set@16
_apr_file_close@4
_apr_file_datasync@4
_apr_file_dup2@12
_apr_file_dup@12
_apr_file_eof@4
_apr_file_flush@4
_apr_file_getc@8
_apr_file_gets@12
_apr_file_info_get@12
_apr_file_inherit_set@4
_apr_file_inherit_unset@4
_apr_file_link@8
_apr_file_lock@8
_apr_file_mtime_set@16
_apr_file_namedpipe_create@12
_apr_file_open@20
_apr_file_open_flags_stderr@12
_apr_file_open_flags_stdin@12
_apr_file_open_flags_stdout@12
_apr_file_open_stderr@8
_apr_file_open_stdin@8
_apr_file_open_stdout@8
_apr_file_perms_set@8
_apr_file_pipe_create@12
_apr_file_pipe_create_ex@16
_apr_file_pipe_timeout_get@8
_apr_file_pipe_timeout_set@12
_apr_file_pool_get@4
_apr_file_putc@8
_apr_file_puts@8
_apr_file_read@12
_apr_file_read_full@16
_apr_file_remove@8
_apr_file_rename@12
_apr_file_seek@12
_apr_file_setaside@12
_apr_file_sync@4
_apr_file_trunc@12
_apr_file_ungetc@8
_apr_file_unlock@4
_apr_file_write@12
_apr_file_write_full@16
_apr_file_writev@16
_apr_file_writev_full@16
_apr_filepath_encoding@8
_apr_filepath_get@12
_apr_filepath_list_merge@12
_apr_filepath_list_split@12
_apr_filepath_merge@20
_apr_filepath_name_get@4
_apr_filepath_root@16
_apr_filepath_set@8
_apr_getnameinfo@12
_apr_getservbyname@8
_apr_hash_clear@4
_apr_hash_copy@8
_apr_hash_count@4
_apr_hash_do@12
_apr_hash_first@8
_apr_hash_get@12
_apr_hash_make@4
_apr_hash_make_custom@8
_apr_hash_merge@20
_apr_hash_next@4
_apr_hash_overlay@12
_apr_hash_pool_get@4
_apr_hash_set@16
_apr_hash_this@16
_apr_hash_this_key@4
_apr_hash_this_key_len@4
_apr_hash_this_val@4
_apr_initialize@0
_apr_ipsubnet_create@16
_apr_ipsubnet_test@8
_apr_is_empty_array@4
_apr_is_empty_table@4
_apr_itoa@8
_apr_ltoa@8
_apr_off_t_toa@12
_apr_os_exp_time_get@8
_apr_os_exp_time_put@12
_apr_os_file_get@8
_apr_os_file_put@16
_apr_os_imp_time_get@8
_apr_os_imp_time_put@12
_apr_os_pipe_put@12
_apr_os_pipe_put_ex@16
_apr_os_thread_current@0
_apr_os_thread_equal@8
_apr_os_thread_get@8
_apr_os_thread_put@12
_apr_palloc@8
_apr_palloc_debug@12
_apr_parse_addr_port@20
_apr_pcalloc@8
_apr_pcalloc_debug@12
_apr_pmemdup@12
_apr_pool_abort_get@4
_apr_pool_abort_set@8
_apr_pool_allocator_get@4
_apr_pool_child_cleanup_set@16
_apr_pool_cleanup_for_exec@0
_apr_pool_cleanup_kill@12
_apr_pool_cleanup_register@16
_apr_pool_cleanup_run@12
_apr_pool_clear@4
_apr_pool_clear_debug@8
_apr_pool_create_core_ex@12
_apr_pool_create_core_ex_debug@16
_apr_pool_create_ex@16
_apr_pool_create_ex_debug@20
_apr_pool_create_unmanaged_ex@12
_apr_pool_create_unmanaged_ex_debug@16
_apr_pool_destroy@4
_apr_pool_destroy_debug@8
_apr_pool_initialize@0
_apr_pool_is_ancestor@8
_apr_pool_note_subprocess@12
_apr_pool_parent_get@4
_apr_pool_pre_cleanup_register@12
_apr_pool_tag@8
_apr_pool_terminate@0
_apr_pool_userdata_get@12
_apr_pool_userdata_set@16
_apr_pool_userdata_setn@16
_apr_proc_create@24
_apr_proc_detach@4
_apr_proc_kill@8
_apr_proc_wait@16
_apr_proc_wait_all_procs@20
_apr_procattr_addrspace_set@8
_apr_procattr_child_err_set@12
_apr_procattr_child_errfn_set@8
_apr_procattr_child_in_set@12
_apr_procattr_child_out_set@12
_apr_procattr_cmdtype_set@8
_apr_procattr_create@8
_apr_procattr_detach_set@8
_apr_procattr_dir_set@8
_apr_procattr_error_check_set@8
_apr_procattr_group_set@8
_apr_procattr_io_set@16
_apr_procattr_user_set@12
_apr_pstrcatv@16
_apr_pstrdup@8
_apr_pstrmemdup@12
_apr_pstrndup@12
_apr_pvsprintf@12
_apr_signal_block@4
_apr_signal_description_get@4
_apr_signal_unblock@4
_apr_sleep@8
_apr_sockaddr_equal@8
_apr_sockaddr_info_get@24
_apr_sockaddr_ip_get@8
_apr_sockaddr_ip_getbuf@12
_apr_sockaddr_is_wildcard@4
_apr_socket_addr_get@12
_apr_stat@16
_apr_strerror@12
_apr_strfsize@12
_apr_strtoff@16
_apr_strtoi64@12
_apr_strtok@12
_apr_table_add@12
_apr_table_addn@12
_apr_table_clear@4
_apr_table_clone@8
_apr_table_compress@8
_apr_table_copy@8
_apr_table_elts@4
_apr_table_get@8
_apr_table_getm@12
_apr_table_make@8
_apr_table_merge@12
_apr_table_mergen@12
_apr_table_overlap@12
_apr_table_overlay@12
_apr_table_set@12
_apr_table_setn@12
_apr_table_unset@8
_apr_table_vdo@16
_apr_terminate2@0
_apr_thread_create@20
_apr_thread_data_get@12
_apr_thread_data_set@16
_apr_thread_detach@4
_apr_thread_exit@8
_apr_thread_join@8
_apr_thread_mutex_create@12
_apr_thread_mutex_destroy@4
_apr_thread_mutex_lock@4
_apr_thread_mutex_pool_get@4
_apr_thread_mutex_trylock@4
_apr_thread_mutex_unlock@4
_apr_thread_once@8
_apr_thread_once_init@8
_apr_thread_pool_get@4
_apr_thread_yield@0
_apr_threadattr_create@8
_apr_threadattr_detach_get@4
_apr_threadattr_detach_set@8
_apr_threadattr_guardsize_set@8
_apr_threadattr_stacksize_set@8
_apr_time_ansi_put@12
_apr_time_clock_hires@4
_apr_time_exp_get@8
_apr_time_exp_gmt@12
_apr_time_exp_gmt_get@8
_apr_time_exp_lt@12
_apr_time_exp_tz@16
_apr_time_now@0
_apr_tokenize_to_argv@12
_apr_vformatter@16
_apr_vsnprintf@16
apr_app_init_complete
apr_dbg_log
apr_file_printf
apr_hashfunc_default
apr_os_level
apr_pool_cleanup_null
apr_psprintf
apr_pstrcat
apr_snprintf
apr_table_do
apr_terminate

Sections

.text
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

898cbbc7cdaad2a89abe2dcf5f883785

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

iphlpapi

Exports

Exports

Sections

.text Size: 351KB - Virtual size: 350KB

.rdata Size: 97KB - Virtual size: 96KB

.data Size: 5KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 42KB - Virtual size: 43KB

.text
Size: 351KB - Virtual size: 350KB

.rdata
Size: 97KB - Virtual size: 96KB

.data
Size: 5KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 42KB - Virtual size: 43KB