2024-10-12_e8c1bcc8f0120c5b51623009e7aa8ad2_bkransomware_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-12_e8c1bcc8f0120c5b51623009e7aa8ad2_bkransomware_revil
Size

1.4MB
MD5

e8c1bcc8f0120c5b51623009e7aa8ad2
SHA1

1c161dd8ca0e45b57bdd88ebf4dca2fa73cda0f1
SHA256

67373aaa398c7e8920bf51901ae2f46628272f6d32cdcc2d34644a5f2a2dc54f
SHA512

11a5ad48f32c549dd80d888bdc9a62dd2ac0c5552469fa3580ebdc8a2b4ac14edf605e9265ad94ae3cb28d4ec1c6fcee3ed5fd0ca232c3a37a26591aeddd2367
SSDEEP

24576:SZhSThx06YLsx1KsscTJ/8+KpPH9qlE1LN0h2yp4OsGbZTbqTepqCnmcqFcyVN8:S/W0/Lsx1KfSKP9qlE1LN0MU4ObZTGeL

Score

1^/10

Malware Config

Signatures

Files

2024-10-12_e8c1bcc8f0120c5b51623009e7aa8ad2_bkransomware_revil
.exe windows:5 windows x86 arch:x86

f147840c3ba369520e437599b06a3cf7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Nomkib Kokcud,O=Lup Tilkiebdo Uo,L=Uuvou,ST=Sofranga,C=CN

Not Before

25/11/2015, 00:00

Not After

24/11/2016, 00:00

Subject

CN=Bea Joags,O=Lup Tilkiebdo Uo,L=Uuvou,ST=Sofranga,C=CN

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:36:35:47:3b:16:7f:6d:2f:1b:8c:8e:d4:d1:19:dc:22:4f:9e:e9
Signer

Actual PE Digest

6d:36:35:47:3b:16:7f:6d:2f:1b:8c:8e:d4:d1:19:dc:22:4f:9e:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetVersionExA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTempFileNameW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
ResetEvent
ReleaseMutex
CreateMutexA
WaitForMultipleObjects
CreateDirectoryW
GetTickCount
GetDriveTypeW
SetLastError
GetOverlappedResult
DeviceIoControl
CancelIo
GetCurrentProcessId
GetSystemInfo
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
SetWaitableTimer
FindFirstFileExW
CreateFileA
CreateWaitableTimerA
CreateEventA
SleepEx
CloseHandle
SetFilePointer
SetEndOfFile
FlushFileBuffers
ReadFile
WriteFile
GetFileSize
Sleep
WaitForSingleObject
SetEvent
InitializeCriticalSection
GetCurrentThreadId
CreateThread
OpenProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
InterlockedCompareExchange
InterlockedExchange
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByte
FindResourceA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryExA
lstrcmpiA
SetEnvironmentVariableA
GetTimeZoneInformation
SetConsoleMode
ReadConsoleInputA
GetTempPathW
GetCommandLineA
GetModuleHandleW
LoadLibraryA
CancelWaitableTimer
GetSystemTime
SystemTimeToFileTime
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
LocalFree
WriteConsoleW
SetStdHandle
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
SetConsoleCtrlHandler
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcAddress
FreeLibrary
InterlockedDecrement
SystemTimeToTzSpecificLocalTime
InterlockedIncrement
QueryPerformanceCounter
GetFileType
IsDebuggerPresent
OutputDebugStringW
EncodePointer
IsProcessorFeaturePresent
VirtualAlloc
VirtualProtect
VirtualQuery
RtlUnwind
ExitThread
LoadLibraryExW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetStdHandle
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

user32

MessageBoxA
CharNextW
CharUpperA
PostThreadMessageA
LoadStringA
TranslateMessage
GetMessageA
GetUserObjectInformationW
GetProcessWindowStation
CharNextA
DispatchMessageA

advapi32

SetServiceStatus
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyW
RegSetValueExA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
OpenProcessToken
StartServiceA
LookupPrivilegeValueA
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
StartServiceCtrlDispatcherA
RegCloseKey
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyA

shell32

ord165
SHGetFolderPathA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoReleaseServerProcess
CoResumeClassObjects
CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoAddRefServerProcess
StringFromGUID2

oleaut32

UnRegisterTypeLi
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysAllocString
RegisterTypeLi
VariantClear

userenv

GetUserProfileDirectoryA

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlW
InternetReadFile

ws2_32

WSACleanup
send
htons
WSASetLastError
recv
WSAGetLastError
ntohl
ntohs
WSAAddressToStringA
WSAStartup
closesocket
shutdown

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CertOpenSystemStoreA
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFindCertificateInStore
CertAddCertificateContextToStore
PFXExportCertStoreEx

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JUCISO
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f147840c3ba369520e437599b06a3cf7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

01Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6d:36:35:47:3b:16:7f:6d:2f:1b:8c:8e:d4:d1:19:dc:22:4f:9e:e9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

userenv

wininet

ws2_32

crypt32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 290KB - Virtual size: 289KB

.data Size: 44KB - Virtual size: 63KB

.JUCISO Size: 1024B - Virtual size: 1024B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 52KB - Virtual size: 51KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

01
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6d:36:35:47:3b:16:7f:6d:2f:1b:8c:8e:d4:d1:19:dc:22:4f:9e:e9
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 290KB - Virtual size: 289KB

.data
Size: 44KB - Virtual size: 63KB

.JUCISO
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 52KB - Virtual size: 51KB