royal | 2db52b3206c573c63688bbd66c9f25caf8ef72458e2095d07b922cefeb366c9b

Sharing

Copy URL

Twitter E-mail

General

Target

2db52b3206c573c63688bbd66c9f25caf8ef72458e2095d07b922cefeb366c9b
Size

2.1MB
MD5

f2f184c8baa512d77c99fb3010bf4985
SHA1

34d804d25b3657e0cb333b8fccac175b94e3b879
SHA256

2db52b3206c573c63688bbd66c9f25caf8ef72458e2095d07b922cefeb366c9b
SHA512

8b6f53dc3b50f644e4c80a3b291e0a77352582952549141ab8b8c3177b87ef52ac4cb3d917166191f802c636008605c52ee598499ab2929c1af69c4b870e0d26
SSDEEP

24576:P+KpPzIzkQoU6cvTJdCm6pMtGMt0p0LkeoqP5nV6BQ1s2Y/tJGnX+LuiehI6YL2+:Dq9FTZGkvtOqYwrUPJwzjdQsh6b

Score

10^/10

ransomware royal

Malware Config

Signatures

Royal Ransomware 1 IoCs
ransomware

Processes:

resource yara_rule

sample family_royal
Royal family
royal

resource	yara_rule
sample	family_royal

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2db52b3206c573c63688bbd66c9f25caf8ef72458e2095d07b922cefeb366c9b

Files

2db52b3206c573c63688bbd66c9f25caf8ef72458e2095d07b922cefeb366c9b
.exe windows:6 windows x86

3a45ce41fbc6d362dd2f153d51234462

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW

ws2_32

WSAStartup
shutdown
setsockopt
connect
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
WSAGetLastError
WSACleanup
gethostbyname
select
ntohs
getsockopt
ioctlsocket
bind
WSAIoctl
closesocket
ntohl
WSASocketW
socket
WSAAddressToStringW
htonl
htons

crypt32

CertEnumCertificatesInStore
CertOpenStore
CertFindCertificateInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore

advapi32

CryptGetUserKey
CryptReleaseContext
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptSetHashParam
CryptGetProvParam
CryptAcquireContextW

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW

shell32

ShellExecuteW
CommandLineToArgvW

iphlpapi

GetIpAddrTable

netapi32

NetShareEnum
NetApiBufferFree

rstrtmgr

RmStartSession
RmGetList
RmShutdown
RmEndSession
RmRegisterResources

bcrypt

BCryptGenRandom

kernel32

CompareStringW
HeapAlloc
HeapFree
GetModuleFileNameW
SetConsoleCtrlHandler
LCMapStringW
HeapReAlloc
GetConsoleOutputCP
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
GetModuleHandleExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
EncodePointer
WriteConsoleW
WideCharToMultiByte
RaiseException
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLogicalDrives
FindFirstFileW
EnterCriticalSection
FindNextFileW
WriteFile
LeaveCriticalSection
FindClose
CreateFileW
ExitThread
Sleep
CloseHandle
CreateThread
lstrcmpiW
GetDriveTypeW
GetCommandLineW
GetCurrentProcess
lstrlenW
WaitForMultipleObjects
InitializeCriticalSection
InitializeConditionVariable
CreateMutexW
lstrlenA
WaitForSingleObject
GetLastError
GetProcAddress
DeleteCriticalSection
ExitProcess
CreateProcessW
GetModuleHandleW
DecodePointer
lstrcmpW
CancelIo
GetQueuedCompletionStatus
CreateIoCompletionPort
SleepConditionVariableCS
ReadFile
GetFileSizeEx
WakeAllConditionVariable
GetProcessId
SetEndOfFile
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetNativeSystemInfo
SetFilePointerEx
MoveFileExW
FlushFileBuffers
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
FormatMessageA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualFree
GetEnvironmentVariableW
MultiByteToWideChar
GetACP
GetStdHandle
GetFileType
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a45ce41fbc6d362dd2f153d51234462

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

crypt32

advapi32

user32

shell32

iphlpapi

netapi32

rstrtmgr

bcrypt

kernel32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 500KB - Virtual size: 500KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 500KB - Virtual size: 500KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 78KB - Virtual size: 78KB