2024-01-01_4fe4261a5165f666d820138c94925793_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-01_4fe4261a5165f666d820138c94925793_ryuk
Size

922KB
MD5

4fe4261a5165f666d820138c94925793
SHA1

ba5345f2b04f7bfa6812b366eba8290ac9179bcc
SHA256

47a6f3bc5a1d4f76fa4b9ddff71268f0022f5802189eed6b308257ad01ec0ec4
SHA512

e5c2699735730af3ac7b0eb1257052a12662af3e017f920bc7e920b1bd1cd5d8d25d2dfa696aa438ce3ca3670942cfa6a8c280fc8eadfa9b36705feccc74434e
SSDEEP

12288:iMZ8L7pZq40fnNd6riBSB//fuWuoxxqR2MsTt:dZa7pZKfnvBIuWBxxqR27t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-01_4fe4261a5165f666d820138c94925793_ryuk

Files

2024-01-01_4fe4261a5165f666d820138c94925793_ryuk
.exe windows:6 windows x64 arch:x64

020e11edb15462922d0147c22cc25a1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

CommandLineToArgvW

advapi32

SystemFunction036
RegEnumValueW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegOpenKeyW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegFlushKey
RegEnumKeyExW

kernel32

HeapSize
GetSystemTimeAsFileTime
GetFileAttributesExW
GetLastError
GetTimeZoneInformation
FlushFileBuffers
GetCommandLineW
WideCharToMultiByte
LocalFree
GetFileAttributesW
GetSystemInfo
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
IsDebuggerPresent
WriteFile
GetStdHandle
GetConsoleScreenBufferInfo
LoadLibraryW
GetProcAddress
FreeLibrary
GetConsoleOutputCP
MultiByteToWideChar
FormatMessageW
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetLastError
GetEnvironmentVariableW
WaitForSingleObject
CloseHandle
lstrlenW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
DuplicateHandle
GetModuleHandleA
ExpandEnvironmentStringsW
ResumeThread
GetExitCodeThread
Sleep
SwitchToThread
VirtualAlloc
VirtualFree
LoadLibraryA
FindFirstFileW
FindNextFileW
FindClose
CreateSemaphoreA
ReleaseSemaphore
RtlCaptureContext
RaiseException
SetEvent
CreateEventW
OpenThread
TerminateThread
SuspendThread
GetThreadContext
GetModuleHandleExW
VerSetConditionMask
VerifyVersionInfoW
FreeLibraryAndExitThread
GetCurrentProcessId
InitializeSListHead
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetEnvironmentVariableA
GetModuleFileNameW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetStdHandle
GetFileType
ReadFile
GetModuleFileNameA
WriteConsoleW
CreateFileW
SetFilePointerEx
ExitProcess
TerminateProcess
CreateThread
ExitThread
GetCommandLineA
GetACP
HeapFree
HeapAlloc
GetConsoleCP
GetConsoleMode
HeapReAlloc
ReadConsoleW
CompareStringW
LCMapStringW
SetEndOfFile
GetStringTypeW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
SetEnvironmentVariableA
GetProcessHeap

Sections

.text
Size: 651KB - Virtual size: 650KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

._deh
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.minfo
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tp
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dp
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

020e11edb15462922d0147c22cc25a1f

Headers

DLL Characteristics

File Characteristics

Imports

shell32

advapi32

kernel32

Sections

.text Size: 651KB - Virtual size: 650KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 154KB - Virtual size: 161KB

.pdata Size: 36KB - Virtual size: 36KB

.tls Size: 2KB - Virtual size: 1KB

._deh Size: 5KB - Virtual size: 4KB

.minfo Size: 1024B - Virtual size: 672B

.tp Size: 512B - Virtual size: 188B

.dp Size: 512B - Virtual size: 508B

.gfids Size: 512B - Virtual size: 184B

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 651KB - Virtual size: 650KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 154KB - Virtual size: 161KB

.pdata
Size: 36KB - Virtual size: 36KB

.tls
Size: 2KB - Virtual size: 1KB

._deh
Size: 5KB - Virtual size: 4KB

.minfo
Size: 1024B - Virtual size: 672B

.tp
Size: 512B - Virtual size: 188B

.dp
Size: 512B - Virtual size: 508B

.gfids
Size: 512B - Virtual size: 184B

.reloc
Size: 11KB - Virtual size: 11KB