2024-09-08_9a91615ed8ea9fa54414c3ea5b4ca76a_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-08_9a91615ed8ea9fa54414c3ea5b4ca76a_bkransomware
Size

1.8MB
MD5

9a91615ed8ea9fa54414c3ea5b4ca76a
SHA1

b41a8c3d6effa6835d85200cbec096b871a9c817
SHA256

a639db0020e7050f0b1d8e28129e6bcb577be8e882b0cbfd2ab755092855d880
SHA512

2db99df76bda15ae15154371c0cf1f3d3df44f44c6f35e88a7a13384c4d7d6eff0125fc76a713db81b6b39e65e2a025f9ef9a21f4f9675caebcfeb080a432d91
SSDEEP

49152:dzGbH0+BVt/osOGa6XTbNZTPoIJMVlc0:dvSXosOG5ToI0l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-08_9a91615ed8ea9fa54414c3ea5b4ca76a_bkransomware

Files

2024-09-08_9a91615ed8ea9fa54414c3ea5b4ca76a_bkransomware
.exe windows:5 windows x86 arch:x86

a7edd5def884a41d2982c1af9c315a59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\buildbot\slave\workdir\repos\LAR6\desktop\chromium\src\out\Release\installer.exe.pdb

Imports

comctl32

InitCommonControlsEx
ord410
ord413

gdiplus

GdipCreateBitmapFromStream
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipFree
GdipCloneImage
GdiplusShutdown
GdiplusStartup

secur32

GetUserNameExW

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptQueryObject
CertGetNameStringW

wintrust

WinVerifyTrust

wininet

InternetSetStatusCallbackW
InternetOpenW
InternetCrackUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpOpenRequestW
HttpQueryInfoW
InternetErrorDlg
InternetCloseHandle
InternetSetOptionW
HttpAddRequestHeadersW
InternetQueryDataAvailable

msimg32

AlphaBlend

psapi

GetModuleInformation
GetMappedFileNameA
GetProcessImageFileNameW
GetProcessMemoryInfo

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

shlwapi

SHDeleteKeyW

advapi32

GetExplicitEntriesFromAclW
RegSetValueExA
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
FreeSid
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
GetSecurityInfo
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExW
RegCloseKey
CreateProcessAsUserW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
BuildTrusteeWithSidW
RegGetKeySecurity
AdjustTokenPrivileges
CheckTokenMembership
LookupPrivilegeValueW
DuplicateToken
AccessCheck
RegCreateKeyExW
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl

kernel32

LoadLibraryExA
EncodePointer
ExitProcess
AreFileApisANSI
GetFullPathNameW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
UnhandledExceptionFilter
GetStartupInfoW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
WriteConsoleW
GetStringTypeW
ReadConsoleW
CompareStringW
LCMapStringW
MapViewOfFile
UnmapViewOfFile
GetLastError
SetLastError
CreateFileMappingW
CreateFileW
CloseHandle
GetEnvironmentVariableW
CreateProcessW
GetCurrentProcess
GetModuleHandleW
Sleep
TerminateProcess
GetModuleFileNameW
GetProcAddress
LoadLibraryA
CreateEventW
WaitForMultipleObjects
GetCurrentProcessId
VirtualAlloc
GetModuleHandleA
VirtualProtect
WaitForSingleObject
SetEvent
GetExitCodeProcess
GetProcessId
RemoveDirectoryW
OpenEventW
LocalFree
CreateMutexW
DuplicateHandle
ReleaseMutex
OpenProcess
ReadFile
CreateMailslotW
CancelIo
WriteFile
SetFilePointer
SetFileTime
GetDriveTypeW
GetLogicalDrives
DeviceIoControl
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
LoadResource
GlobalLock
GlobalAlloc
SizeofResource
GlobalUnlock
GlobalFree
LockResource
GetCurrentThreadId
GetLocaleInfoW
MulDiv
AllocConsole
IsProcessorFeaturePresent
OpenMutexW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
GetFileAttributesExW
GetLogicalDriveStringsW
GetLongPathNameW
GetTempFileNameW
QueryDosDeviceW
SetFileAttributesW
GetTempPathW
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
FlushFileBuffers
GetFileInformationByHandle
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
GetHandleInformation
OutputDebugStringA
GetTickCount
FormatMessageA
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetStdHandle
SetHandleInformation
CreatePipe
ResumeThread
AssignProcessToJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
IsDebuggerPresent
ExpandEnvironmentStringsW
UnregisterWaitEx
RegisterWaitForSingleObject
GetVersionExW
GetNativeSystemInfo
ResetEvent
CreateToolhelp32Snapshot
RaiseException
CreateThread
HeapSetInformation
GetModuleHandleExA
GetSystemDirectoryW
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
QueueUserWorkItem
GetModuleHandleExW
SetEnvironmentVariableW
GetProcessTimes
VirtualQueryEx
RtlCaptureContext
SetUnhandledExceptionFilter
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
OpenThread
SuspendThread
GetThreadContext
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
DeleteFileA
DebugActiveProcess
DebugActiveProcessStop
GetSystemTime
ReadProcessMemory
UnregisterWait
GetFileSize
Thread32First
Thread32Next
Module32FirstW
Module32NextW
LocalAlloc
FindResourceExW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapSize
DecodePointer
lstrlenA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CreateProcessA
OutputDebugStringW
SetEnvironmentVariableA
GetUserDefaultUILanguage
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
LoadLibraryW
SwitchToThread

gdi32

CreateFontW
GetObjectW
CreateBrushIndirect
GetTextExtentExPointW
BitBlt
SetTextColor
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
GetDeviceCaps
GetStockObject
DeleteDC

ole32

CoCreateInstance
CoTaskMemAlloc
PropVariantClear
CoTaskMemFree
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoAllowSetForegroundWindow
CoSetProxyBlanket

oleaut32

SafeArrayGetVartype
SafeArrayPutElement
SafeArrayCreate
SysAllocString
SysFreeString
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantInit
VariantChangeType

user32

SendMessageW
CreateDialogParamW
ShowWindow
SetWindowLongW
GetDlgItem
GetWindowLongW
LoadIconW
DestroyWindow
EnumThreadWindows
IsWindowVisible
IsWindowEnabled
SetForegroundWindow
DestroyIcon
MessageBoxW
UnhookWindowsHookEx
SetWindowsHookExW
CreateWindowExW
GetSysColorBrush
SetWindowPos
GetSysColor
ReleaseDC
GetWindowTextW
InvalidateRect
GetDC
BeginPaint
SetFocus
EnableWindow
FillRect
GetWindowRect
ScreenToClient
GetWindowTextLengthW
EndPaint
AllowSetForegroundWindow
IsDialogMessageW
CharUpperW
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
WaitMessage
DefWindowProcW
PostQuitMessage
UnregisterClassW
RegisterClassExW
CallMsgFilterW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SendNotifyMessageW
GetClientRect
SetWindowTextW
HideCaret

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 790KB - Virtual size: 789KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7edd5def884a41d2982c1af9c315a59

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

gdiplus

secur32

crypt32

wintrust

wininet

msimg32

psapi

winmm

shlwapi

advapi32

kernel32

gdi32

ole32

oleaut32

user32

userenv

Exports

Exports

Sections

.text Size: 790KB - Virtual size: 789KB

.rdata Size: 114KB - Virtual size: 114KB

.data Size: 10KB - Virtual size: 32KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 350KB - Virtual size: 350KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 790KB - Virtual size: 789KB

.rdata
Size: 114KB - Virtual size: 114KB

.data
Size: 10KB - Virtual size: 32KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 350KB - Virtual size: 350KB

.reloc
Size: 592KB - Virtual size: 596KB