2024-09-11_b6dc1ed771bc6f17e15aac79604054a5_bkransomware_metamorfo

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-11_b6dc1ed771bc6f17e15aac79604054a5_bkransomware_metamorfo
Size

3.3MB
MD5

b6dc1ed771bc6f17e15aac79604054a5
SHA1

1d9fe2ffadbe79388d30aaf73571f58948be7fe0
SHA256

ef9e875188caa23179cfc1f66064ada5f73c2db26a25668f2b9834882f5d211d
SHA512

87c7615dbe1d9ceb24383645a7ba9884230eafa69cc6d6760099f97c738afb6d79126f0ad8790e398bc4d92d2a0561eace87b1c025c6a9de6d318541f2abce5e
SSDEEP

98304:foa+J9ZPj2YfJA9CHR3y7telNxeg4vFLOAkGkzdnEVomFHKnPrH:fqvjTJ8elNxeg4vFLOyomFHKnPrH

Score

1^/10

Malware Config

Signatures

Files

2024-09-11_b6dc1ed771bc6f17e15aac79604054a5_bkransomware_metamorfo
.exe windows:5 windows x86 arch:x86

d1c8861056512fe297854f4fcf2db3fa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

66:86:ae:4c:ed:75:0f:4d:6b:8a:a7:df
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

09/10/2016, 02:54

Not After

26/08/2017, 04:34

Subject

CN=Hongkong zoekyu Technology Limited,O=Hongkong zoekyu Technology Limited,L=Hongkong,ST=Hongkong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f0:20:1a:e7:4f:b9:79:aa:41:9f:2e:89:60:a5:a6:9f:94:fa:1e:99
Signer

Actual PE Digest

f0:20:1a:e7:4f:b9:79:aa:41:9f:2e:89:60:a5:a6:9f:94:fa:1e:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\rafotech\minisoft\bin\Install.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
GetCPInfo
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
GetOEMCP
GetACP
IsValidCodePage
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetStdHandle
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapQueryInformation
GetModuleHandleExW
ExitProcess
RtlUnwind
VirtualQuery
GetSystemInfo
ExitThread
IsProcessorFeaturePresent
IsDebuggerPresent
GetTimeZoneInformation
FindResourceExW
GetWindowsDirectoryW
VirtualProtect
GetTempPathW
GetTempFileNameW
Sleep
GetProfileIntW
GetTickCount
SearchPathW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
VerifyVersionInfoW
VerSetConditionMask
lstrcmpiW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
LocalReAlloc
LocalAlloc
GetStringTypeW
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadLocale
FileTimeToSystemTime
GlobalGetAtomNameW
GlobalFlags
GlobalFindAtomW
GetSystemDirectoryW
EncodePointer
CopyFileW
GlobalSize
lstrcpyW
ResumeThread
SetThreadPriority
LoadLibraryW
LoadLibraryA
GetModuleHandleA
OutputDebugStringA
SetLastError
GlobalAddAtomW
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetProcAddress
GetModuleHandleW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetCurrentThreadId
GetCurrentThread
WideCharToMultiByte
SetFileAttributesW
LocalFree
DeleteFileW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
SetFileTime
CreateDirectoryW
GetCurrentProcess
MoveFileExW
SystemTimeToFileTime
MulDiv
FreeResource
CreateThread
LockResource
GlobalFree
InterlockedExchange
GlobalUnlock
MultiByteToWideChar
SizeofResource
GlobalAlloc
GlobalLock
LoadResource
FindResourceW
GetCommandLineW
DecodePointer
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
VirtualAlloc
VirtualFree
CloseHandle
GetLastError
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetFileSize

user32

MapVirtualKeyW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CharUpperBuffW
RegisterClipboardFormatW
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
GetUpdateRect
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
DestroyAcceleratorTable
ModifyMenuW
CopyIcon
GetIconInfo
GetDoubleClickTime
LockWindowUpdate
BringWindowToTop
SetRect
SetCursorPos
LoadImageW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
EnumDisplayMonitors
SetLayeredWindowAttributes
MonitorFromPoint
UnionRect
EnableScrollBar
DestroyMenu
UpdateLayeredWindow
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuItemInfoW
CreatePopupMenu
NotifyWinEvent
MessageBeep
GetSystemMenu
GetAsyncKeyState
IsZoomed
TrackMouseEvent
CharUpperW
DestroyIcon
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
KillTimer
SetTimer
DeleteMenu
SystemParametersInfoW
CopyImage
RealChildWindowFromPoint
LoadMenuW
CheckDlgButton
SetDlgItemTextW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
EqualRect
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
IntersectRect
CopyRect
SendDlgItemMessageA
GetClassNameW
UpdateWindow
EndPaint
BeginPaint
ReleaseDC
GetDC
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetDesktopWindow
SetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
ValidateRect
GetActiveWindow
GetMessageW
MapDialogRect
GetWindow
SetWindowContextHelpId
SetWindowPos
DrawIconEx
InflateRect
FillRect
DrawFocusRect
GetSysColorBrush
MapWindowPoints
SetWindowRgn
DrawStateW
IsWindowVisible
DrawFrameControl
DrawEdge
RegisterWindowMessageW
UnhookWindowsHookEx
SetWindowsHookExW
ScreenToClient
ClientToScreen
GetCursorPos
IsWindow
GetLastActivePopup
GetWindowThreadProcessId
IsWindowEnabled
ShowOwnedPopups
GetWindowRgn
CreateMenu
DestroyCursor
InvertRect
HideCaret
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
PostQuitMessage
LoadBitmapW
SetMenuItemInfoW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
IsClipboardFormatAvailable
SubtractRect
GetKeyNameTextW
PostThreadMessageW
FrameRect
GetPropW
CreateAcceleratorTableW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
GetSysColor
PtInRect
SetWindowLongW
RedrawWindow
GetClassLongW
SetClassLongW
ExitWindowsEx
TranslateMessage
IsDialogMessageW
PeekMessageW
DispatchMessageW
DrawTextW
TabbedTextOutW
DrawTextExW
SetRectEmpty
GrayStringW
IsRectEmpty
SetCursor
GetParent
LoadCursorW
GetWindowTextA
InvalidateRect
GetWindowLongW
GetWindowRect
GetWindowDC
IsIconic
PostMessageW
SetForegroundWindow
DrawIcon
GetClientRect
LoadIconW
OffsetRect
MessageBoxW
GetSystemMetrics
GetDlgItemTextW
SendMessageW
EnableWindow
UnregisterClassW
GetKeyState
CallNextHookEx
SetWindowTextW

gdi32

SetROP2
SetTextColor
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
SetRectRgn
CreateRoundRectRgn
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
Rectangle
SetPolyFillMode
OffsetRgn
RoundRect
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
GetClipBox
ExcludeClipRect
CreatePen
GetLayout
SetLayout
SetMapMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetRgnBox
DeleteObject
GetTextMetricsW
CreateDCW
CopyMetaFileW
Polyline
Polygon
CreatePolygonRgn
GetTextExtentPoint32W
GetTextColor
Ellipse
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
CombineRgn
CreateSolidBrush
SetBkMode
CreateFontW
BitBlt
PatBlt
LPtoDP
GetDeviceCaps
CreatePalette
CreateBitmap
DPtoLP
CreateCompatibleBitmap
GetMapMode
ExtTextOutW
PtVisible
RealizePalette
GetBkColor
CreatePatternBrush
Escape
RectVisible
TextOutW
CreateDIBSection
StretchBlt
SetDIBColorTable
SelectObject
CreateCompatibleDC
GetDIBColorTable
GetObjectW
GetStockObject
DeleteDC
GetObjectType

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExW
OpenProcessToken
RegCloseKey

shell32

SHAppBarMessage
SHBrowseForFolderW
SHGetFolderPathW
SHGetPathFromIDListW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragFinish
DragQueryFileW
ShellExecuteExW
SHGetFileInfoW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW

uxtheme

GetThemeColor
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
DrawThemeParentBackground
GetCurrentThemeName
IsAppThemed
DrawThemeText

ole32

CoInitializeEx
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
OleFlushClipboard
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
CoRegisterMessageFilter
CoRevokeClassObject
CoTaskMemAlloc
OleLockRunning
RevokeDragDrop
RegisterDragDrop

oleaut32

SysFreeString
LoadTypeLi
OleCreateFontIndirect
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipReleaseDC
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImagePointRectI
GdipLoadImageFromStream
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipDisposeImage
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImageHeight
GdipFree
GdiplusShutdown
GdipDrawImageRectI

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1c8861056512fe297854f4fcf2db3fa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

66:86:ae:4c:ed:75:0f:4d:6b:8a:a7:dfCertificate

Extended Key Usages

Key Usages

f0:20:1a:e7:4f:b9:79:aa:41:9f:2e:89:60:a5:a6:9f:94:fa:1e:99Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 333KB - Virtual size: 333KB

.data Size: 26KB - Virtual size: 66KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 122KB - Virtual size: 121KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

66:86:ae:4c:ed:75:0f:4d:6b:8a:a7:df
Certificate

f0:20:1a:e7:4f:b9:79:aa:41:9f:2e:89:60:a5:a6:9f:94:fa:1e:99
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 333KB - Virtual size: 333KB

.data
Size: 26KB - Virtual size: 66KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 122KB - Virtual size: 121KB