2024-01-23_ffbdda246bc660f012c080924a9d95b4_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-23_ffbdda246bc660f012c080924a9d95b4_ryuk
Size

500KB
MD5

ffbdda246bc660f012c080924a9d95b4
SHA1

385d7ff32aed825a9e181b9a5e25391776bb6860
SHA256

9cf3027fad7e09484abe8e0be547cc3553f8cec53495f5721e9a3a72bb84c1ae
SHA512

f330bf061e2edb79d59ff0d777c6b1b1dc64c5bc661f9ed79f3dae45d05cca0e8c556437c0d6a06cf50db30e7026b1c28160565e9740294a27d17ba7a9e39d48
SSDEEP

6144:OcfPmTAH+phLHdFlj8d1kbOGWh++49QiJ3f:AachLHdkp4x3f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-23_ffbdda246bc660f012c080924a9d95b4_ryuk

Files

2024-01-23_ffbdda246bc660f012c080924a9d95b4_ryuk
.exe windows:6 windows x64 arch:x64

c0797ae41cd170ad4efe9e4b01e1e250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
RaiseException
InitializeCriticalSectionEx
MultiByteToWideChar
WriteFile
SetEvent
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationW
ReadFile
ReleaseMutex
DeleteFileW
SetFilePointer
GetFileSize
GetLastError
CreateFileW
Sleep
CreateThread
CloseHandle
WaitForSingleObject
CreateEventW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetModuleHandleW
ExitProcess
LoadLibraryW
GetUserDefaultUILanguage
GetFileAttributesW
FreeLibrary
LocalFree
InitializeCriticalSectionAndSpinCount
VerSetConditionMask
VerifyVersionInfoW
GetModuleFileNameW
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId
SetLastError
GetProcAddress
WinExec
CreateDirectoryW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
TerminateThread
OpenMutexW
CreateMutexW
GetSystemTimeAsFileTime
InitializeCriticalSection
GetSystemInfo
ResetEvent
FlushFileBuffers
FindNextFileW
SystemTimeToFileTime
IsBadWritePtr
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RtlUnwindEx
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW

user32

GetSysColor
EndDialog
PostQuitMessage
EndPaint
BeginPaint
IsWindowVisible
DefWindowProcW
PostMessageW
DialogBoxParamW
GetWindowTextW
SetTimer
SetWindowTextW
SetWindowPos
GetWindowDC
GetClientRect
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
SendMessageW
LoadStringW
MessageBoxW
InvalidateRect

gdi32

GetTextExtentPoint32W

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

oleaut32

VariantClear

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0797ae41cd170ad4efe9e4b01e1e250

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oleaut32

Sections

.text Size: 155KB - Virtual size: 155KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 50KB

.pdata Size: 8KB - Virtual size: 7KB

.gfids Size: 512B - Virtual size: 252B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 269KB - Virtual size: 269KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 155KB - Virtual size: 155KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 50KB

.pdata
Size: 8KB - Virtual size: 7KB

.gfids
Size: 512B - Virtual size: 252B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 269KB - Virtual size: 269KB

.reloc
Size: 2KB - Virtual size: 1KB