2025-02-07_3b5003b7ddc7dd942d2d69fdb3bf9ade_bkransomware_floxif_hawkeye_icedid

Sharing

Copy URL

Twitter E-mail

General

Target

2025-02-07_3b5003b7ddc7dd942d2d69fdb3bf9ade_bkransomware_floxif_hawkeye_icedid
Size

487KB
MD5

3b5003b7ddc7dd942d2d69fdb3bf9ade
SHA1

36d828b942d6009ab709c595d0911d6c566dee3e
SHA256

085a6cc4132fb39a4e6702c70da6ab0a0ee1ca184bcd242e2ae8f942836dfbc4
SHA512

4935bedcc1eff7468516ebf56c3925698e80698f454b4c4b23c568160f276dd21990bb1d981cc338b87805191a2d1342b455770fcc629297f2dbf71a9f42b9bc
SSDEEP

6144:eaUKpyqj6ztvrfMqBODlRCpr0Hg77nyihK6cO40YFSBV+UdvrEFp7hKTb+:e/KAvAMqlRGrIg7nIItBjvrEH7J

Score

1^/10

Malware Config

Signatures

Files

2025-02-07_3b5003b7ddc7dd942d2d69fdb3bf9ade_bkransomware_floxif_hawkeye_icedid
.exe windows:5 windows x86 arch:x86

cf522837b2118a0df9ca8289b41b5e40

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

07-06-2012 00:00

Not After

06-06-2022 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:fb:51:c8:76:8e:f6:92:7b:f4:1d:a1:a2:34:a1:d9
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30-07-2013 00:00

Not After

25-07-2015 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems\, Incorporated,OU=AcrobatXI,O=Adobe Systems\, Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f4:b4:77:df:8d:45:20:25:12:cc:ef:b7:a6:ac:6b:35:c9:d5:0a:c4
Signer

Actual PE Digest

f4:b4:77:df:8d:45:20:25:12:cc:ef:b7:a6:ac:6b:35:c9:d5:0a:c4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\B\127930\Acrobat\Installers\BootStrapExe_Small\Release\Setup.pdb

Imports

msi

ord205
ord240
ord70
ord281
ord118
ord195
ord160
ord159
ord32
ord88
ord137
ord8
ord141
ord171
ord92
ord19

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

FindNextFileW
FileTimeToSystemTime
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetCurrentProcessId
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
FileTimeToLocalFileTime
SetErrorMode
GetCommandLineW
GetSystemTimeAsFileTime
RtlUnwind
CreateThread
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
SetStdHandle
GetFileType
ExitProcess
GetModuleHandleExW
HeapQueryInformation
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
OutputDebugStringW
LCMapStringW
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
EncodePointer
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleA
GetModuleFileNameW
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
GetUserDefaultUILanguage
GetVersionExW
DeleteFileW
SetCurrentDirectoryW
GetTempFileNameW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
GetModuleHandleW
GetSystemInfo
GetCurrentProcess
FreeResource
GetTempPathW
GetCurrentDirectoryW
GetSystemDirectoryW
CreateProcessW
CloseHandle
WaitForSingleObject
SetLastError
GetLastError
GetExitCodeProcess
GetUserDefaultLangID
LoadLibraryW
Sleep
ResumeThread
GetProcAddress
FreeLibrary
GetThreadPriority
FindResourceW
FormatMessageW
SizeofResource
LoadResource
LocalFree
LockResource

user32

EndPaint
BeginPaint
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadCursorW
GetSysColorBrush
ReleaseDC
GetDC
GetWindowThreadProcessId
SetCursor
PostQuitMessage
GetSystemMetrics
CharUpperW
GetCursorPos
TranslateMessage
GetMessageW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropW
GetPropW
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetDesktopWindow
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
CreateDialogIndirectParamW
DestroyWindow
IsDialogMessageW
GetWindow
SetWindowLongW
GetWindowLongW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
SetWindowPos
InvalidateRect
DestroyMenu
RealChildWindowFromPoint
SetPropW
ClientToScreen
ShowWindow
IsWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetParent
SendDlgItemMessageA
UnregisterClassW
EndDialog
PostMessageW
EnableWindow
KillTimer
SetTimer
SendMessageW

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetMapMode
GetClipBox
Escape
DeleteObject
DeleteDC
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
InitiateSystemShutdownW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCreateKeyW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathFileExistsW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
StrFormatByteSizeW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoCreateGuid

oleaut32

SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString

urlmon

URLDownloadToFileW

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf522837b2118a0df9ca8289b41b5e40

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59Certificate

Extended Key Usages

Key Usages

75:fb:51:c8:76:8e:f6:92:7b:f4:1d:a1:a2:34:a1:d9Certificate

Extended Key Usages

Key Usages

f4:b4:77:df:8d:45:20:25:12:cc:ef:b7:a6:ac:6b:35:c9:d5:0a:c4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

urlmon

oleacc

Sections

.text Size: 219KB - Virtual size: 219KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 9KB - Virtual size: 25KB

.rsrc Size: 100KB - Virtual size: 100KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6c:59:ef:a9:e1:00:e1:0e:e3:06:ba:8f:e0:29:25:59
Certificate

75:fb:51:c8:76:8e:f6:92:7b:f4:1d:a1:a2:34:a1:d9
Certificate

f4:b4:77:df:8d:45:20:25:12:cc:ef:b7:a6:ac:6b:35:c9:d5:0a:c4
Signer

.text
Size: 219KB - Virtual size: 219KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 9KB - Virtual size: 25KB

.rsrc
Size: 100KB - Virtual size: 100KB