2024-09-14_4b70bc61a059546f8c1ac75f4ff991a8_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-14_4b70bc61a059546f8c1ac75f4ff991a8_bkransomware
Size

4.7MB
MD5

4b70bc61a059546f8c1ac75f4ff991a8
SHA1

fcc29efa9cecadfea836ea4d8a1beb81b422f28f
SHA256

e0232f4cc7e53bea61a5fff550d705312a39068cafca228e137bf5bed1b16d35
SHA512

0057c12ac3ff7ac26858c8229fbc64f690b3198d09d89813d9973bab5927a6008aa17402d85895cfa14bd020a337ddb40684afe37e842a4d4b8ba6d43838c151
SSDEEP

98304:gbmZPz21Su72uosGoUtCMdyKLykHKR4aKctL9/Z:7HGQou9HHKbKctP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-14_4b70bc61a059546f8c1ac75f4ff991a8_bkransomware

Files

2024-09-14_4b70bc61a059546f8c1ac75f4ff991a8_bkransomware
.exe windows:6 windows x86 arch:x86

fdff1360a75186efcadf44a2a514ffa6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gitlab-runner\builds\dh-7EerU\0\openfin\rvm\rvm\OpenFinRVM\Release-Production\OpenFinRVM.pdb

Imports

kernel32

Sleep
GetProcessTimes
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
DuplicateHandle
CreateProcessW
QueryPerformanceCounter
GetProcAddress
CreateMutexW
ReleaseMutex
WaitForSingleObject
TerminateProcess
K32EnumProcesses
OpenProcess
GetProcessId
K32GetProcessImageFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateEventW
WaitForMultipleObjects
FindResourceW
LoadResource
SizeofResource
LockResource
FormatMessageW
CreatePipe
SetHandleInformation
GetExitCodeProcess
GetFileSize
ReadFile
MulDiv
GetStringTypeW
GetCurrentThread
EncodePointer
DecodePointer
GetModuleHandleA
GetTickCount
ReleaseSemaphore
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SystemTimeToFileTime
FormatMessageA
RaiseException
RtlUnwind
GetCommandLineW
IsProcessorFeaturePresent
GetCPInfo
CreateTimerQueue
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
HeapReAlloc
ExitThread
LoadLibraryExW
LoadLibraryW
UnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
IsValidCodePage
GetACP
GetOEMCP
IsDebuggerPresent
GetStdHandle
GetFileType
GetModuleFileNameW
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointerEx
GetTimeZoneInformation
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
InitializeSListHead
UnregisterWaitEx
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetEnvironmentVariableA
SetCurrentDirectoryW
GetCurrentDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFileTime
RemoveDirectoryW
SetFileAttributesW
SetFileTime
DeviceIoControl
CreateDirectoryExW
CopyFileW
MoveFileExW
LoadLibraryA
GetStringTypeExW
QueryPerformanceFrequency
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetModuleHandleW
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetFileAttributesW
LocalFree
SetEnvironmentVariableW
UnmapViewOfFile
LocalFileTimeToFileTime
SetFilePointer
ConnectNamedPipe
CreateNamedPipeW
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
ReadProcessMemory
K32GetModuleFileNameExW
GetShortPathNameW
ExpandEnvironmentStringsW
LocalAlloc
GetLongPathNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetLocalTime
GetTempPathW
CreateFileW
CreateDirectoryW
GetCurrentProcess
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetProcessHeap
ResetEvent
SetEvent
GetCurrentProcessId
WaitForSingleObjectEx
CloseHandle
OpenEventA
CreateEventA

user32

SetDlgItemTextW
SendDlgItemMessageW
EnableWindow
GetDlgItem
SetWindowTextW
GetClassLongW
EndDialog
DialogBoxParamW
WaitForInputIdle
PostThreadMessageW
GetWindowThreadProcessId
ReplyMessage
InSendMessage
ScreenToClient
SetWindowPos
GetClientRect
LoadStringW
GetWindowTextLengthW
MessageBoxW
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
RegisterWindowMessageW
CreateWindowExW
EnumWindows
UnregisterClassW
wsprintfW
LoadCursorW
SetCursor
TrackMouseEvent
GetCursorPos
GetDesktopWindow
GetDC
ReleaseDC
GetWindowLongW
SetWindowLongW
DefWindowProcW
SetTimer
KillTimer
PostMessageW
SendMessageW
PostQuitMessage
FindWindowW
SetForegroundWindow
LoadIconW
MonitorFromPoint
GetMonitorInfoW
GetWindowPlacement
IsWindowVisible
ShowWindow
GetWindowTextW
RegisterClassExW
GetSysColorBrush
SendMessageTimeoutW
ReleaseCapture
SetCapture
GetWindowRect
GetCapture
SetClassLongW
LoadImageW
UpdateLayeredWindow
DestroyWindow

dbghelp

MiniDumpWriteDump

wininet

InternetReadFile
InternetGetConnectedState
InternetGetLastResponseInfoW
InternetOpenW
InternetSetOptionW
InternetCloseHandle
InternetQueryOptionW
InternetQueryDataAvailable
HttpQueryInfoW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetErrorDlg
InternetCrackUrlW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ord17

gdi32

GetDeviceCaps
CreateFontIndirectW
AddFontResourceW
RemoveFontResourceW
SetTextColor
SetBkMode
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
CreateCompatibleDC

advapi32

RegQueryInfoKeyW
LookupAccountNameW
GetUserNameW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
ConvertSidToStringSidW
RegEnumKeyExW
RegDeleteValueW

shell32

SHGetFolderPathW
ShellExecuteW
Shell_NotifyIconW
SHGetPropertyStoreForWindow
CommandLineToArgvW

gdiplus

GdipCreateBitmapFromFile
GdipDrawRectangleI
GdipDeletePen
GdipCreatePen1
GdipDrawString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteGraphics
GdipCreateSolidFill
GdipResetClip
GdipFillPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientCenterPointI
GdipCreatePathGradientFromPath
GdipSetClipRegion
GdipDeleteRegion
GdipCreateRegionPath
GdipAddPathPieI
GdipDeletePath
GdipCreatePath
GdipSetSmoothingMode
GdipFillRectangleI
GdipSetLineBlend
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRectI
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipDrawImageRectI
GdipCreateFromHDC
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipGetImageHeight
GdipGetImageWidth
GdipMeasureString
GdipGetGenericFontFamilySansSerif
GdipCreateBitmapFromScan0
GdipDrawCachedBitmap
GdiplusShutdown
GdiplusStartup
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipCreateBitmapFromStream

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CryptQueryObject
CryptMsgGetParam

shlwapi

PathFileExistsW
PathCreateFromUrlW
SHStrDupW
UrlCreateFromPathW

ole32

CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

urlmon

IsValidURL

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 682KB - Virtual size: 682KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdff1360a75186efcadf44a2a514ffa6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

dbghelp

wininet

version

comctl32

gdi32

advapi32

shell32

gdiplus

crypt32

shlwapi

ole32

urlmon

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 682KB - Virtual size: 682KB

.data Size: 109KB - Virtual size: 136KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 151KB - Virtual size: 150KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 682KB - Virtual size: 682KB

.data
Size: 109KB - Virtual size: 136KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 151KB - Virtual size: 150KB