2024-01-01_d9283786c429a1ba5150a3a1002f8f29_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-01_d9283786c429a1ba5150a3a1002f8f29_ryuk
Size

1.6MB
MD5

d9283786c429a1ba5150a3a1002f8f29
SHA1

0be1d059587214cfd904ea9b871341d5fb3eb8cc
SHA256

de6b6613eecf3150120582430eb88a991b50ad2058c27f467cc974bf2f0322c4
SHA512

43c72235c683072478cf445794eb374039d6955cf04156c2aba08963d8db28dec652110df07af9970fb6bf7d007b7522a2e8173a08ee97102ab0fb69e746b86d
SSDEEP

24576:k3oH6RhNF4Xx7AvsqjnhMgeiCl7G0nehbGZpbD:2oH0FEBATDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-01_d9283786c429a1ba5150a3a1002f8f29_ryuk

Files

2024-01-01_d9283786c429a1ba5150a3a1002f8f29_ryuk
.exe windows:6 windows x64 arch:x64

6d75a4165c79a384f12ac557b9baac3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetCommandLineW
SetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ResetEvent
DeleteCriticalSection
WaitForMultipleObjectsEx
SetEvent
InitializeCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
TryEnterCriticalSection
CreateEventW
WaitForSingleObjectEx

api-ms-win-core-processthreads-l1-1-0

CreateThread
ResumeThread
TerminateProcess
TlsSetValue
GetCurrentThreadId
GetStartupInfoW
OpenThreadToken
OpenProcessToken
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
TlsGetValue
ExitProcess
TlsAlloc
TlsFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
SizeofResource
FreeLibrary
GetModuleFileNameW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoTaskMemFree
StringFromGUID2
CoReleaseServerProcess
CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoResumeClassObjects
CoTaskMemRealloc
CoTaskMemAlloc
CoAddRefServerProcess

oleaut32

LoadRegTypeLi
LoadTypeLi
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
VarUI4FromStr
SafeArrayCopy
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
SafeArrayGetVartype
VariantInit
VariantClear
SysFreeString
SysStringLen
SafeArrayCreate

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Get_Device_Interface_ListW
CM_Register_Notification
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-file-l1-1-0

SetFilePointerEx
FindClose
CreateFileW
ReadFile
WriteFile
FindFirstFileExW
FindNextFileW
GetFileType
FlushFileBuffers
SetEndOfFile

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
HeapSize

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
CopySid
GetLengthSid
GetSecurityDescriptorLength
IsValidSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
CreateServiceW
DeleteService
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

user32

PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW

api-ms-win-core-localization-l1-2-0

GetCPInfo
EnumSystemLocalesW
GetUserDefaultLCID
LCMapStringW
IsValidLocale
GetLocaleInfoW
GetOEMCP
IsValidCodePage
GetACP

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleCP
GetConsoleMode
WriteConsoleW

Exports

Exports

MessageBoxW

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d75a4165c79a384f12ac557b9baac3b

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-synch-l1-2-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-security-sddl-l1-1-0

user32

api-ms-win-core-localization-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-console-l1-1-0

Exports

Exports

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 8KB - Virtual size: 15KB

.pdata Size: 16KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 16KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB