2024-09-21_632b4c1f2e5c39a050bbf04377baeb6a_bkransomware

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-21_632b4c1f2e5c39a050bbf04377baeb6a_bkransomware
Size

3.1MB
MD5

632b4c1f2e5c39a050bbf04377baeb6a
SHA1

eece4581f99c1a199376bb543196ca3c0678a15a
SHA256

387db2eb206d0ff461c01a4bd29116531c1dcb5775aae17a5a568bb66d6e1b0e
SHA512

063537d312eb30481a76ac98f31f73313fa132a45c27f0c631b4a3f9bb5515a8808bb0c68948f9dbaeb1960479e513241ccf71dcdf4e4e24d437414adb62add3
SSDEEP

98304:lOGQIARJX9+9EOhgctc5WbKmsqfyWkpLlNsFirfw7U3:lOGQ3RJX9+9EzctckKmsqfnkpLlNsFi5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-21_632b4c1f2e5c39a050bbf04377baeb6a_bkransomware

Files

2024-09-21_632b4c1f2e5c39a050bbf04377baeb6a_bkransomware
.exe windows:5 windows x86 arch:x86

4e744a17b8478e03ec544a5fbf05da82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_CrossProduct@12
BeginAnalyze
_VECTOR3Length@4
_COLORtoDWORD@16
_Normalize@8
_SetRotationYMatrix@8
_SetRotationXMatrix@8
_TransformVector3_VPTR2@16
_RotatePositionWithPivot@24
_CalcDistance@8
_MatrixMultiply2@12
_TransformV3TOV4@16
_SetInverseMatrix@8
_WriteTGA@24
EndAnalyze

wsock32

inet_addr
gethostbyname
WSAStartup
WSACleanup
socket
send
recv
ioctlsocket
htons
connect
closesocket

dinput8

DirectInput8Create

kernel32

CreateFileW
VirtualQuery
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
FreeEnvironmentStringsW
SetEndOfFile
SetEnvironmentVariableA
GetFileSize
CloseHandle
GetLocalTime
OpenFile
IsDBCSLeadByte
CreateDirectoryA
OpenProcess
TerminateProcess
ReadFile
CreateFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTickCount
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
SetCurrentDirectoryA
GetCurrentDirectoryA
lstrcmpA
lstrcpyA
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetSystemInfo
lstrcmpiA
GetVolumeInformationA
InterlockedCompareExchange
GetModuleHandleA
MulDiv
WriteFile
GetCurrentProcessId
ExitProcess
GetCurrentThread
GetThreadContext
IsDebuggerPresent
WaitForSingleObject
FindClose
GetModuleFileNameA
RemoveDirectoryA
FindFirstFileA
FindNextFileA
InterlockedExchange
CreateThread
GetCurrentProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
LocalFree
lstrcatA
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLogicalDriveStringsA
GetTempPathA
QueryDosDeviceA
SetFileAttributesA
CopyFileA
GetVersionExA
GetSystemTime
InterlockedDecrement
DeviceIoControl
GetEnvironmentStringsW
QueryPerformanceCounter
CreateDirectoryW
GetFileAttributesExW
FlushFileBuffers
FindNextFileW
GetFileType
LoadLibraryW
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
GetProcessHeap
GetOEMCP
GetACP
IsValidCodePage
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsGetValue
CreateSemaphoreW
GetStartupInfoW
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetModuleHandleW
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
SystemTimeToTzSpecificLocalTime
TlsAlloc
GetThreadPriority
CreateEventW
SetLastError
UnhandledExceptionFilter
GetCPInfo
WriteConsoleW
GetModuleFileNameW
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
SetEvent
FileTimeToSystemTime
GetModuleHandleExW
AreFileApisANSI
ExitThread
LoadLibraryExW
GetCommandLineA
GetStdHandle
FindFirstFileExW
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateTimerQueue
GetSystemTimeAsFileTime
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetStringTypeW
RtlUnwind
IsProcessorFeaturePresent
HeapFree
HeapAlloc

user32

ReleaseCapture
wsprintfA
SetRect
MessageBoxA
CharNextA
CharPrevA
OpenClipboard
LoadCursorFromFileA
SetCursor
EnumDisplayDevicesA
LoadIconA
ShowCursor
UpdateWindow
GetSystemMetrics
ShowWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
ReleaseDC
GetDC
OffsetRect
ScreenToClient
GetCursorPos
GetClientRect
SetCapture
IsClipboardFormatAvailable
GetClipboardData
mouse_event
PostMessageA
CopyRect
EmptyClipboard
SetClipboardData
CloseClipboard

gdi32

GetStockObject
AddFontResourceExA
GetDeviceCaps
SelectObject
GetTextExtentPoint32A
DeleteObject
CreateFontIndirectA
RemoveFontResourceExA

advapi32

RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoInitializeEx
CoInitialize
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoSetProxyBlanket

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

freeimage

_FreeImage_Load@12
_FreeImage_Unload@4
_FreeImage_GetBits@4
_FreeImage_GetInfo@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_SaveJPEG@12

shlwapi

PathAppendA
PathRemoveFileSpecA
PathFileExistsA

psapi

GetProcessImageFileNameA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 702KB - Virtual size: 987KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e744a17b8478e03ec544a5fbf05da82

Headers

DLL Characteristics

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

freeimage

shlwapi

psapi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 260KB - Virtual size: 260KB

.data Size: 702KB - Virtual size: 987KB

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 128KB - Virtual size: 127KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 260KB - Virtual size: 260KB

.data
Size: 702KB - Virtual size: 987KB

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 128KB - Virtual size: 127KB