dee28396...77df

C:\Users\FD1HVy\Desktop\BB ransomware.exe

Sample File

Binary

Malicious

»

Mime Type	application/vnd.microsoft.portable-executable
File Size	174.00 KB
MD5	c86e8425a3c9f4c1c475898d9a54a6d9
SHA1	4ba84694226f40f825901c611c8ed84ad1aea7e7
SHA256	dee28396d1ec3e91bad9b0cb0b945a5512a70882bffbb1f47e153b27b41977df
SSDeep	3072:1ghqfJRx7lF34j7GF34j7ZB6W1AEG5pzH0Dl2flUnLdKrAsrpH9Z59q:5dyqyZz16VPlULdK5pf59
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

»

Severity	Blacklisted
Names	Mal/Generic-S

PE Information

»

Image Base	0x400000
Entry Point	0x411a36
Size Of Code	0xfc00
Size Of Initialized Data	0x1ba00
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2055-09-15 12:57:59+00:00

Version Information (11)

»

Assembly Version	1.0.0.0
Comments	-
CompanyName	-
FileDescription	BB ransomware
FileVersion	1.0.0.0
InternalName	BB ransomware.exe
LegalCopyright	Copyright © 2020
LegalTrademarks	-
OriginalFilename	BB ransomware.exe
ProductName	BB ransomware
ProductVersion	1.0.0.0

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0xfa3c	0xfc00	0x200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.76
.rsrc	0x412000	0x1b718	0x1b800	0xfe00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.25
.reloc	0x42e000	0xc	0x200	0x2b600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

»

mscoree.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	0x0	0x402000	0x11a0a	0xfc0a	0x0

Icons (1)

»

Memory Dumps (19)

»

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
bb ransomware.exe	1	0x009C0000	0x009EFFFF	Relevant Image	32-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	1	0x01125000	0x01125FFF	First Execution	32-bit	0x01125080	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01125000	0x01125FFF	Content Changed	32-bit	0x01125D78	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01126000	0x01126FFF	First Execution	32-bit	0x01126038	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01303000	0x01304FFF	First Execution	32-bit	0x01303D06	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01303000	0x01304FFF	Content Changed	32-bit	0x013046A6	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01125000	0x01125FFF	Content Changed	32-bit	0x01125080	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01303000	0x01304FFF	Content Changed	32-bit	0x0130480E	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01303000	0x01304FFF	Content Changed	32-bit	0x01303E46	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01305000	0x01305FFF	First Execution	32-bit	0x01305066	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01303000	0x01304FFF	Content Changed	32-bit	0x0130444E	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01303000	0x01304FFF	Content Changed	32-bit	0x01304D1E	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01305000	0x01305FFF	Content Changed	32-bit	0x01305D7E	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01306000	0x01306FFF	First Execution	32-bit	0x01306000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01306000	0x01306FFF	Content Changed	32-bit	0x013061B6	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01305000	0x01305FFF	Content Changed	32-bit	0x01305F36	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01306000	0x01306FFF	Content Changed	32-bit	0x01306396	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01307000	0x01307FFF	First Execution	32-bit	0x013070AE	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x01303000	0x01304FFF	Content Changed	32-bit	0x013044C6	... Memory Dump Actions Go to Process Download Dump

Local AV Matches (1)

»

Threat Name	Severity
Trojan.GenericKD.33583211	Malicious

YARA Matches (1)

»

Rule Name	Rule Description	Classification	Score	Actions
ransomware_windows_wannacry	WannaCry / WannaCryptor ransomware	Worm, Ransomware	5/5	... YARA Actions Show Ruleset Show Match

C:\Users\FD1HVy\Pictures\5rqjW_ugsw1wGmp9oS5p.bmp.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	52.39 KB
MD5	7eb85254e9e8b7fb55057f093e11378d
SHA1	5e7cdb0dd8a44deccbd148acf6c93ba586892213
SHA256	5e5327d2fe2a48766f34e26b43eba7eb9ccb20b1d9f7d95513b1bbc2868c3b49
SSDeep	1536:JxKwLHbzPyV79TC90KACPXP9038BxAFOBhtgVvN:JxBLHPaBpsAuP2sIN
ImpHash	-

C:\Users\FD1HVy\Pictures\7ETK mHdCHVI4g.jpg.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	130.18 KB
MD5	28676a354b311c97142c632372898d84
SHA1	e41d99ee1453a2d1cbc0cb4bd4531726d81d4c85
SHA256	15db396c9faa48e6d887da07764b5bf423e5c2dff0dc73341f95ba4c349677b2
SSDeep	3072:JXHLOtxSSCO0lGVTXWuHUqQafzFmQXj8sfNdTa8jOdi:ZitcSdpXWuHUqxz9pNNAi
ImpHash	-

C:\Users\FD1HVy\Pictures\7LPg.gif.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	51.79 KB
MD5	81cfd7ad41b378d5720da3e41bc189e5
SHA1	a0e9744b3bfa2e49ed5dc14bc98946f6aed6c332
SHA256	c1bf409daeb927af6b4cd6dcb0a1e94272204945a52ae1d87ace1cd7f7ab4d6b
SSDeep	768:fbsD6OqpSgSBfqExxEjJAAaBq2xyWMmGufGhiBm0xmIprN4o1HhCgo00QVN2xoM8:fS+6Bf/yAxmPufT9xrR4YBh00o8R
ImpHash	-

C:\Users\FD1HVy\Pictures\AApAl2.bmp.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	144.94 KB
MD5	d2ca22de54d21d17df376ad039986985
SHA1	9ec8f1262bf9365ab1d4fcae51dbb6d70823a808
SHA256	bd62c8fbc8494a6088c4693184718b51f0ec71e6656db969256a0780fcdd24f6
SSDeep	3072:LKC1H2uYaTc1FRE4Y8Yo5ACIYMqXj5kfeQlFwXvPgrnee8L:B1WuYMiFRMdo5HIYlFkJFyvPgrnebL
ImpHash	-

C:\Users\FD1HVy\Pictures\desktop.ini.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	677 Bytes
MD5	fe4c07a276646ae9b1e35f1a87490a4e
SHA1	08e00ed92d5fd5d293ad6677e26fcf0699b005b0
SHA256	9ec8df0cff7a3fe5dcdf6e53bfe864a1571e9e4dccd18ef2c11ee069a1322462
SSDeep	12:o14/4wNd4FBPKzUaxdGmxwRHfISLGEAJSZNlX+cTaD397osfneuO8XrgJ4+SsRs:o14/4wN+TUUaxdrx5lJw3XG5UmO8XrgO
ImpHash	-

C:\Users\FD1HVy\Pictures\GEhqqA3sYQSkI7fC9OYU.gif.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	159.88 KB
MD5	76d42dd4ee054af5f00815931e6d920d
SHA1	dd377a34c36b27b17ced9094b0c2dbb2ef0411cd
SHA256	f1d6fd1e5d37a4e3d21d22f2997516725a60baaac17beb0f6f13203d7bc3aacd
SSDeep	3072:zZ3iuSKZO/hEKLYi6+M8vUX8QIzdLv/KBUwvUPy2Z5qxIR0JrW20P/:13zKLYi6+MqUX8QOPyfPA
ImpHash	-

C:\Users\FD1HVy\Pictures\ki_dMhqLHqic_TxbGMI.png.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	212.03 KB
MD5	e2dfeb60c953f7ee5c9045b1db025e95
SHA1	16db2f95f2d1725f05a84760ea89f27980fbf6de
SHA256	87994adea8b9379d7eced6cf66ce73a943d7cd6e607257c54b36aab17957256f
SSDeep	3072:bcPw511xrQEJV9otVi7XQ7HjVtHGiL8wg80SVgO4kvl7zrmEKKMUqS7ErcwwLV5D:Cw51vkwrotZ/miLe89JB7XmEcUeo7X6U
ImpHash	-

C:\Users\FD1HVy\Pictures\MousZfNe-KkO2Ra2yCe.jpg.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	157.10 KB
MD5	978200ff2ecc41cbc055ebf78e443187
SHA1	23b9db308d24aae96377e2c8b2ac99a3ca3be400
SHA256	f0977d92e6b3a1f92ee9197852d7e29e8f8e207bce859cc5ba1b1df951e2dca7
SSDeep	3072:9OeGikq2FAlJXofgWuNw4u8s3USHZiXIWhHRCtFBsOuko+QbJmi7AXR8f:PeAlJXNNzu8sLZKPhx4buko+QbJmiSg
ImpHash	-

C:\Users\FD1HVy\Pictures\Ond8yRC_W27YxY.gif.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	101.38 KB
MD5	3337daba17a47435492a4e2bc4e0d71d
SHA1	976f6188b952ae3667bb47cb6de674057eedbca9
SHA256	eb707c760b397fe6bec223eebb6828e64acdb9221d8276ef08c9aef48b84d2de
SSDeep	3072:2KY1Ho4ahCVp0BOi76EYBlijNaKDh+qmiThwY:2KQOCv0Oi763lijYKDhMY
ImpHash	-

C:\Users\FD1HVy\Pictures\OxeAL5Z.png.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	119.35 KB
MD5	a8383ec80fc0d022a8e427cc3d9c131c
SHA1	194fbd21e5d96e0cbcb2ff56f8fe5427d4dc511a
SHA256	5412de50da9edd7db3e1038f46027062f78a617818fde974b35526658ef9766b
SSDeep	3072:XdCxwD2f+4HRKgVeeAJaySmTWItG1BEKMYSloROO6KYy:XdIwixHRKAAJaydaQGsxoAO6E
ImpHash	-

C:\Users\FD1HVy\Pictures\s8nj.png.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	132.37 KB
MD5	f3c0ec5e6aa7480a6f31f4b748024e69
SHA1	c977560f9ca048c13313f7879da3a10b6d263bc5
SHA256	e8d9a9362fb02c3123ab124e55c6860eeed3e18fbcd15236dbce2fa5a8b243a3
SSDeep	3072:zWT/lSC2xEKt4pLAYB5k8DtfzrOL5EF16xTSzt4jO3ED:6TmxELLAYr3BfzrOL616k9k
ImpHash	-

C:\Users\FD1HVy\Pictures\vjEaj00hwfV8Ke_N_Svq.png.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	167.99 KB
MD5	7b1295ce48bfd698907114a9969bd925
SHA1	ba8fcca336a9a845198f4ca510b4a3783fcefc07
SHA256	db6dfb0cc55b19dd5bde2403b901557ba60610841605572685504336a2409b6a
SSDeep	3072:fGxxS67FKDAt88sciNHBAiZF/zo9PtJRXriOn+8Tik8he+tvFonl4sPn:fk7FeW88jiHrnzo9PtbXriO+8TrKe+tU
ImpHash	-

C:\Users\FD1HVy\Pictures\WUFAiJkFD.jpg.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	202.97 KB
MD5	e90beb647c5ecbc17e664401e1c3c591
SHA1	47f386254bcaa0896d7879567447d942206b6994
SHA256	205901de5928b5331ccd28d7c6a0e774062d5135c455dfd284804969fea3aa0c
SSDeep	3072:lBrPAWnVzKYVqO2tCRQR1xP5R+f5/5ZaTTEVzU33NO3I2VpLRVIlqg5pnfbQJ/Pn:lBrPNnV+a8MMzajaTiYNO3BXoTcn
ImpHash	-

C:\Users\FD1HVy\Pictures\yGO_eUa0GP_FKyiBj.bmp.encryptedbyBB

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	157.02 KB
MD5	f652104b29594f68c7f79bfda477a28f
SHA1	bd914e1dbf744783a228216a4b863a067ed142ad
SHA256	61a5a1ea53c1134541e6e49b72ac02dec648574d1d405428cc868563c17f34f1
SSDeep	3072:ip4pti7O++5JvyqCdVHYe8G3hE44LAVh8YMt3/ZrvQUivJTI:cWti71+ryP3HYenxrVh8D5Qf+
ImpHash	-

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After