2024-12-15_1be18e1bdac187039a5d62da49bf54cd_bkransomware_floxif

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-15_1be18e1bdac187039a5d62da49bf54cd_bkransomware_floxif
Size

2.3MB
MD5

1be18e1bdac187039a5d62da49bf54cd
SHA1

c776ed4550bdc869ae594d4a2443f1c25e2a80a6
SHA256

d618984f7ba92af0aa57fff1439d75a531b894501c46dd2b55d3d9a2743c84c7
SHA512

6a7cf759c5ca3e512c16eebce656e96b8093f0ac73a2de797e5e80316d14fdf4f70e619708ccbb3f38d0ad410f339d99606f3873349ce3337292d71b1dd90dba
SSDEEP

49152:5Jyuu74d5rn0TsHx81j9MzvAPaGBRTUs5UFlm7k5wcQlFNjiH1QaC6NxM8:VPn0oHx81j9MzSLZUs5UFlm7k5BQRjix

Score

1^/10

Malware Config

Signatures

Files

2024-12-15_1be18e1bdac187039a5d62da49bf54cd_bkransomware_floxif
.exe windows:5 windows x86 arch:x86

fc0425827da5c3bb47735fa1f1c91286

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:f1:4d:bb:3f:0b:29:40:12:d0:94:e3:ea:84:06:97
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31-08-2015 00:00

Not After

07-09-2016 23:59

Subject

CN=SEIKO EPSON CORPORATION,OU=Information Service & Support Department,O=SEIKO EPSON CORPORATION,L=Suwa-shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:cb:ab:55:37:d7:c5:1a:d2:69:74:84:22:4e:81:a7:de:e6:43:77
Signer

Actual PE Digest

43:cb:ab:55:37:d7:c5:1a:d2:69:74:84:22:4e:81:a7:de:e6:43:77

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext

setupapi

SetupDiGetDriverInfoDetailW
SetupDiCreateDeviceInfoList
SetupDiClassGuidsFromNameW
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoW
SetupDiGetINFClassW
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsW
SetupDiBuildDriverInfoList
CMP_WaitNoPendingInstallEvents
SetupDiOpenDevRegKey
SetupDiRemoveDevice
CM_Get_Device_ID_Size
CM_Get_Device_IDW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetStringFieldW
SetupCloseInfFile
SetupDiSetDeviceInstallParamsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetCommandLineW
RtlUnwind
GetFileTime
GetModuleHandleExW
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
HeapQueryInformation
GetSystemTimeAsFileTime
GetSystemInfo
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
GetProfileIntW
SearchPathW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
GetFileSize
GetCurrentDirectoryW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
VerifyVersionInfoW
lstrcpyW
VerSetConditionMask
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
FindResourceExW
InitializeCriticalSection
GetThreadLocale
FileTimeToSystemTime
GlobalGetAtomNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SetThreadPriority
lstrcmpA
GetCurrentThread
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeResource
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
LoadLibraryA
GetModuleHandleA
OutputDebugStringA
GetCurrentProcessId
CopyFileW
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
SetLastError
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableW
GetModuleHandleW
GetVersionExW
RemoveDirectoryW
ResumeThread
CreateThread
LockResource
LoadResource
SizeofResource
FindResourceW
SetEvent
CreateEventW
ResetEvent
GetExitCodeThread
WaitForSingleObject
GetModuleFileNameW
GetTickCount
GetUserDefaultLangID
Sleep
SetFilePointer
GetLocalTime
LocalFree
FormatMessageW
WriteFile
CreateDirectoryW
SetFileAttributesW
DeleteFileW
CloseHandle
DeleteCriticalSection
FindNextFileW
DecodePointer
FindClose
GlobalFree
EnterCriticalSection
HeapSize
GetProcAddress
GetLastError
RaiseException
CreateFileW
ReadFile
GetFileAttributesW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GlobalAlloc
GetProcessHeap
HeapFree
GetSystemWindowsDirectoryW
CompareFileTime
HeapAlloc
FreeLibrary
FindFirstFileW
HeapReAlloc
VirtualProtect
TlsAlloc
ExitProcess

user32

CreatePopupMenu
NotifyWinEvent
WindowFromPoint
MessageBeep
ReleaseCapture
SetCapture
CharUpperW
IsZoomed
TrackMouseEvent
SendDlgItemMessageA
CopyImage
RealChildWindowFromPoint
IntersectRect
LoadMenuW
EnumDisplayMonitors
SetRectEmpty
SetLayeredWindowAttributes
LoadCursorW
SetCursor
ShowOwnedPopups
TranslateMessage
GetMessageW
DrawIconEx
IsRectEmpty
OffsetRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
DestroyMenu
GetCursorPos
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
DrawTextExW
DrawTextW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetWindow
GetTopWindow
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
GetSysColor
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
GetMenuDefaultItem
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
CopyRect
ReleaseDC
GetDC
MapVirtualKeyW
GetKeyNameTextW
IsWindow
LoadBitmapW
GetClassNameW
FillRect
InvalidateRect
UpdateWindow
DrawStateW
GetLastActivePopup
GetWindowThreadProcessId
GetParent
GetWindowLongW
MessageBoxW
IsWindowEnabled
UnhookWindowsHookEx
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
CharNextExA
MapWindowPoints
SetTimer
KillTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
DeleteMenu
EnableMenuItem
GetSystemMenu
LoadIconW
EnableWindow
GetAsyncKeyState
UnregisterClassW
CharPrevW
SetMenuDefaultItem
GetWindowRgn
DestroyCursor
InvertRect
HideCaret
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
CharNextW
SetClassLongW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
IsClipboardFormatAvailable
SubtractRect
PostThreadMessageW
FrameRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
CharUpperBuffW
RegisterClipboardFormatW
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
IsMenu
ToUnicodeEx
DestroyAcceleratorTable
ModifyMenuW
CopyIcon
GetIconInfo
GetDoubleClickTime
LockWindowUpdate
BringWindowToTop
SetCursorPos
LoadImageW
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
GetNextDlgGroupItem
SetRect
InvalidateRgn
CopyAcceleratorTableW
WaitMessage
MonitorFromPoint
UnionRect
EnableScrollBar
SetPropW
UpdateLayeredWindow
GrayStringW
GetUpdateRect

gdi32

Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetMapMode
SetRectRgn
DPtoLP
CreateRoundRectRgn
CreateDIBSection
GetRgnBox
CreatePatternBrush
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceW
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
CreateBitmap
SetTextColor
SetBkColor
PatBlt
CreateRectRgnIndirect
GetObjectW
GetStockObject
DeleteObject
CreateSolidBrush
GetDeviceCaps
CreateDCW
SetTextAlign
CopyMetaFileW
DeleteDC
SetROP2

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
GetPrinterDriverDirectoryW
EnumPrintersW
EnumPrinterDriversW
DeleteMonitorW
GetPrinterDataW
GetPrinterW
EnumJobsW
SetJobW
ClosePrinter
DeletePrinterConnectionW

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
StartServiceW
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW
SHAppBarMessage
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHBrowseForFolderW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathFindFileNameW
PathRenameExtensionW
PathFindNextComponentW
PathIsDirectoryW
PathCombineW
SHDeleteKeyW
SHGetValueW
SHEnumValueW
SHDeleteValueW
SHDeleteEmptyKeyW
SHEnumKeyExW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathRemoveExtensionW
StrFormatKBSizeW

uxtheme

GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeText
DrawThemeParentBackground
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
IsAppThemed

ole32

CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromString
CoCreateGuid
CoUninitialize
OleInitialize
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoRegisterMessageFilter
CoRevokeClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
ReleaseStgMedium
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
CLSIDFromProgID
OleUninitialize

oleaut32

OleCreateFontIndirect
LoadTypeLi
VarBstrFromDate
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysFreeString
VariantChangeType

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc0425827da5c3bb47735fa1f1c91286

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

7d:f1:4d:bb:3f:0b:29:40:12:d0:94:e3:ea:84:06:97Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

43:cb:ab:55:37:d7:c5:1a:d2:69:74:84:22:4e:81:a7:de:e6:43:77Signer

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

setupapi

version

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 354KB - Virtual size: 354KB

.data Size: 27KB - Virtual size: 56KB

.rsrc Size: 340KB - Virtual size: 340KB

.reloc Size: 124KB - Virtual size: 123KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

7d:f1:4d:bb:3f:0b:29:40:12:d0:94:e3:ea:84:06:97
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

43:cb:ab:55:37:d7:c5:1a:d2:69:74:84:22:4e:81:a7:de:e6:43:77
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 354KB - Virtual size: 354KB

.data
Size: 27KB - Virtual size: 56KB

.rsrc
Size: 340KB - Virtual size: 340KB

.reloc
Size: 124KB - Virtual size: 123KB