2024-01-11_23c895f1f9996f3761800c23442924e1_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-11_23c895f1f9996f3761800c23442924e1_ryuk
Size

1.8MB
MD5

23c895f1f9996f3761800c23442924e1
SHA1

7cf5ed651cd89ea15f93d733c18d3c064a474b6e
SHA256

0582eafb29080f11da59994d7cec14d0be6c8d1d58675157cc3468cebf5ccd69
SHA512

c85d131b78b648855a7b49d69bdc66cdbad65b7ad61d9565e6a058b98fe7e5f905e3141d93ea448fc17f3192c712e88406ba94b49c14042764be4c51012e4847
SSDEEP

12288:CA7A/9vZBmtCYEBTAACxSmH0K7Nwhw+4GOkoJNCK/UXObQLm9pnzEd:CGo9vZmCYEBTA8o0Ko4GYdl9Bi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-11_23c895f1f9996f3761800c23442924e1_ryuk

Files

2024-01-11_23c895f1f9996f3761800c23442924e1_ryuk
.exe windows:6 windows x64 arch:x64

0e4c71fc3163cfe463dc0766862436fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadFile
WriteFile
CloseHandle
GetLastError
PostQueuedCompletionStatus
Sleep
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
CreateIoCompletionPort
GetQueuedCompletionStatus
ResetEvent
CreateEventW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
SwitchToFiber
DeleteFiber
ConvertFiberToThread
ConvertThreadToFiber
SetEvent
CreateFileW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FindNextFileW
FindFirstFileExW
FindClose
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
HeapQueryInformation
GetStringTypeW
LCMapStringW
CompareStringW
WriteConsoleW
OutputDebugStringA
GetFileType
GetACP
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceCounter
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
MultiByteToWideChar
GetCurrentProcessId
InitializeSListHead
GetProcessHeap
VirtualQuery
FreeLibrary
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwindEx
GetModuleFileNameA
GetModuleHandleExW
HeapSize
HeapValidate
GetSystemInfo
ExitThread
ExitProcess
GetStdHandle
GetCommandLineA
GetCommandLineW

ws2_32

WSAGetLastError
WSAIoctl
WSACleanup
WSAStartup
socket
closesocket
setsockopt

advapi32

SystemFunction036

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e4c71fc3163cfe463dc0766862436fe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

advapi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 416KB - Virtual size: 415KB

.data Size: 10KB - Virtual size: 21KB

.pdata Size: 103KB - Virtual size: 102KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 416KB - Virtual size: 415KB

.data
Size: 10KB - Virtual size: 21KB

.pdata
Size: 103KB - Virtual size: 102KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB