2024-01-06_c9d8de3c1c73ad32ea211ff4f2f4778a_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-06_c9d8de3c1c73ad32ea211ff4f2f4778a_ryuk
Size

339KB
MD5

c9d8de3c1c73ad32ea211ff4f2f4778a
SHA1

f76390b138c01f48ad6c87774c2b13b9b1e9b60f
SHA256

c3f0736ce0336cf522c96e7aa0787b15e83e6abb4d085c1f0f41dd050fbe5709
SHA512

0e5bbf228c56dac369d59dd6b92efa10198ac92bbd37d8794bb4b43563da6a0b81e04da429b36e1293b77de3215c25c9b6a754d45edf54d9718c620979047a86
SSDEEP

6144:UZhhb22QMeH9yaVSifP4fJ9OyQrykdS3VZW5Eaq/IPnyohhrMK9:cDQhdyt+4ffORrykyo3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-06_c9d8de3c1c73ad32ea211ff4f2f4778a_ryuk

Files

2024-01-06_c9d8de3c1c73ad32ea211ff4f2f4778a_ryuk
.exe windows:6 windows x64 arch:x64

1f628841ee07d20aeb7c3f0728a48d7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rdcedmsubip

rdCEDMsub2D

cedmsubip

CEDMsub2D
CEDMsub2Dver

kernel32

HeapSize
IsProcessorFeaturePresent
ReadFile
FindFirstFileA
WriteFile
FindNextFileA
FindClose
CreateFileW
UnmapViewOfFile
GetLastError
CreateFileA
LoadLibraryA
CloseHandle
GetOverlappedResult
GetProcAddress
GetFileType
MapViewOfFile
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetEndOfFile
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
HeapAlloc
HeapReAlloc
HeapFree
GetModuleFileNameA
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetProcessHeap
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
ReadConsoleW

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f628841ee07d20aeb7c3f0728a48d7c

Headers

DLL Characteristics

File Characteristics

Imports

rdcedmsubip

cedmsubip

kernel32

Sections

.text Size: 220KB - Virtual size: 220KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 11KB - Virtual size: 10KB

.gfids Size: 1024B - Virtual size: 800B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 11KB - Virtual size: 10KB

.gfids
Size: 1024B - Virtual size: 800B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB