2024-09-21_a0c6a611bc0b493e60e037f68f45dd88_bkransomware

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-21_a0c6a611bc0b493e60e037f68f45dd88_bkransomware
Size

3.4MB
MD5

a0c6a611bc0b493e60e037f68f45dd88
SHA1

c0975d8b623eab473617f9ba26d344215ed44e92
SHA256

43f466556887c1e8896e541c29d61e8ad8d664fc4a20b34ff7032a802e6ae7aa
SHA512

ea9e06e36f8e41f4772b1c85d51dc2a068c7b9eeb638830f9e0cc40bf4313c725cbbe2623a4d979b1d9b4a383d5738b1d90faaf70bd2e2db5ec6ae167e2ec31a
SSDEEP

98304:XmEiPKDeHaJFkSTDNLhecyTkN9aETrOzna5sJUN42Nq:WwDe6EwNhec2saorOza5qb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-21_a0c6a611bc0b493e60e037f68f45dd88_bkransomware

Files

2024-09-21_a0c6a611bc0b493e60e037f68f45dd88_bkransomware
.exe windows:5 windows

1bb9cb508976b84d686dfeb8d4b323fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

RaiseException
CreateDirectoryA
InterlockedExchange
GetLastError
SetLastError
lstrcmpiA
GetProcAddress
HeapSize
CopyFileA
EnterCriticalSection
GlobalFree
GetPrivateProfileStringA
ResetEvent
WritePrivateProfileStringA
MoveFileA
LockResource
DecodePointer
WaitForMultipleObjects
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetDiskFreeSpaceExA
GetVersionExA
WinExec
CloseHandle
GetCurrentProcessId
GetTempPathA
DeleteFileA
CreateThread
lstrcpyA
Process32First
OutputDebugStringW
VirtualFree
OpenProcess
TerminateProcess
VirtualAlloc
LoadLibraryA
Process32Next
VirtualProtect
CreateToolhelp32Snapshot
FlushInstructionCache
SetFileTime
LocalFileTimeToFileTime
CreateFileW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
LoadLibraryExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetStringTypeW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
EncodePointer
GetSystemInfo
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GlobalUnlock
MultiByteToWideChar
lstrcatA
ReadFile
IsDBCSLeadByte
CreateProcessA
LeaveCriticalSection
HeapDestroy
CreateEventA
SizeofResource
Sleep
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GlobalAlloc
InitializeCriticalSection
WriteFile
ExpandEnvironmentStringsA
GetProcessHeap
SetEvent
WaitForSingleObject
HeapReAlloc
GlobalLock
HeapFree
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
HeapAlloc
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
lstrcpynA
VirtualQuery
lstrlenA
FreeResource
SetFilePointer
GetNativeSystemInfo
FindResourceA
GetFileSize
CreateFileA
DosDateTimeToFileTime

user32

MapWindowPoints
SetCursor
DestroyWindow
ClientToScreen
EndPaint
UpdateWindow
FindWindowA
LoadCursorA
CopyRect
GetWindow
IsRectEmpty
RegisterClassExA
GetWindowRect
ScreenToClient
SetTimer
UpdateLayeredWindow
CallWindowProcA
GetMessageA
PostQuitMessage
GetWindowDC
SetWindowTextA
IsWindowVisible
ReleaseCapture
SystemParametersInfoA
EqualRect
DispatchMessageA
PostMessageA
IsWindow
GetActiveWindow
ShowWindow
SetLayeredWindowAttributes
GetCursorPos
SetWindowPos
DefWindowProcA
MonitorFromWindow
ReleaseDC
CreateWindowExA
GetWindowLongA
UnregisterClassA
InvalidateRect
MessageBoxA
SetWindowLongA
SetPropA
GetWindowTextA
OffsetRect
GetForegroundWindow
TranslateMessage
GetCapture
GetDC
GetUpdateRect
GetMonitorInfoA
PtInRect
BeginPaint
SetRectEmpty
SendMessageA
GetWindowTextLengthA
SetFocus
GetClientRect
CharNextA
WindowFromPoint
wsprintfA
InvalidateRgn
GetParent
SetForegroundWindow
GetPropA
KillTimer
SetCapture
GetClassInfoExA
wsprintfW
GetSystemMetrics

gdi32

ExtTextOutA
GetStockObject
GetObjectA
CreateRectRgnIndirect
SelectClipRgn
SelectObject
DeleteObject
SetBkColor
CreateDIBSection
DeleteDC
GetTextExtentPoint32A
BitBlt
CreateCompatibleDC
CombineRgn

advapi32

RegCreateKeyExA
SetSecurityDescriptorDacl
RegEnumKeyExA
InitializeSecurityDescriptor
RegDeleteKeyA
RegQueryInfoKeyW
RegQueryValueExA
EqualSid
GetSecurityDescriptorControl
RegSetValueExA
GetAclInformation
LookupAccountNameA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetSecurityDescriptorDacl
RegCloseKey
GetLengthSid
GetFileSecurityA
GetAce
SetFileSecurityA
AddAce
AddAccessAllowedAce
RegDeleteValueA
InitializeAcl

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHFileOperationA
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysFreeString
SysAllocStringLen

shlwapi

StrToIntA
StrToInt64ExA
PathFindFileNameA
wvnsprintfA
PathCombineA
PathRemoveFileSpecA
PathFileExistsA
PathIsDirectoryA
PathFindExtensionA
PathRemoveExtensionA
StrStrIA

comctl32

_TrackMouseEvent

wininet

InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetReadFile
InternetGetLastResponseInfoA
InternetConnectA
HttpQueryInfoA

gdiplus

GdipCloneImage
GdipFillPath
GdipDrawLine
GdipDrawImageRect
GdiplusStartup
GdipCreateFontFromDC
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipFillRectangle
GdipDrawString
GdipDrawRectangle
GdipClonePath
GdipDeletePath
GdipCreateFont
GdipAddPathLine
GdipAlloc
GdipDrawImageI
GdipCreateSolidFill
GdipDeleteFontFamily
GdipDeleteStringFormat
GdipSetSmoothingMode
GdipDrawImage
GdipSetStringFormatAlign
GdipLoadImageFromFile
GdipGetImageGraphicsContext
GdipAddPathRectangle
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipDeleteFont
GdipDrawPath
GdipSetTextRenderingHint
GdipCreateLineBrushFromRect
GdipSetStringFormatLineAlign
ord1
GdipGetImageHeight
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipGetSmoothingMode
GdipDeletePen
GdipFree
GdipDeleteBrush
GdipDrawImageRectRect
GdipLoadImageFromStream
GdiplusShutdown
GdipCreatePen1
GdipGetImageWidth
GdipCreatePath
GdipSetStringFormatTrimming
GdipCreateStringFormat
GdipImageRotateFlip
GdipDisposeImage

psapi

GetModuleFileNameExA
EnumProcessModules

Sections

.text
Size: 311KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.aspack
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1bb9cb508976b84d686dfeb8d4b323fc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

gdiplus

psapi

Sections

.text Size: 311KB - Virtual size: 312KB

.rdata Size: 82KB - Virtual size: 84KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 38KB - Virtual size: 40KB

.reloc Size: 16KB - Virtual size: 20KB

.aspack Size: 40KB - Virtual size: 44KB

.adata Size: - Virtual size: 4KB

.text
Size: 311KB - Virtual size: 312KB

.rdata
Size: 82KB - Virtual size: 84KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 38KB - Virtual size: 40KB

.reloc
Size: 16KB - Virtual size: 20KB

.aspack
Size: 40KB - Virtual size: 44KB

.adata
Size: - Virtual size: 4KB