2024-01-25_f656e6893e5d0fb1c053e1a6c9a52365_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-25_f656e6893e5d0fb1c053e1a6c9a52365_ryuk
Size

507KB
MD5

f656e6893e5d0fb1c053e1a6c9a52365
SHA1

15e396a19d13d09cb4e31da38f179c70fca7f1ef
SHA256

7fcd301680fadcb0f429949e7922af37a3327eba4d5ff4605a9fac52e8114670
SHA512

4ae7967e6e5a34b524f9602d259ad4b7383c3608cb5170a2d18910e4edd5165775820e4a16ff85654c9f66d336f47c705af6f0f623c029b1ccc0d720e78fa6e1
SSDEEP

6144:Y4kn0UtdMF5WiiYaU21B2/D2YPktWJBbwmZqvFT55/iohoJdpQ52FUel8:Y4knHtdMF5Fo1BRtWJ6ioSJ8cZ8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-25_f656e6893e5d0fb1c053e1a6c9a52365_ryuk

Files

2024-01-25_f656e6893e5d0fb1c053e1a6c9a52365_ryuk
.exe windows:6 windows x64 arch:x64

31b5751c8ba3552705525825d43a0570

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
GetCommandLineA
GetStdHandle
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

FindNextFileW
FindClose
SetEndOfFile
SetFilePointerEx
CreateFileW
ReadFile
WriteFile
GetFileType
FlushFileBuffers
FindFirstFileExW
CreateDirectoryW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-1-0

TryEnterCriticalSection
CreateEventW
WaitForSingleObjectEx
WaitForMultipleObjectsEx
InitializeCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
SetEvent
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ResetEvent

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
OpenProcessToken
OpenThreadToken
TerminateProcess
GetCurrentThreadId
TlsAlloc
CreateThread
ExitProcess
ResumeThread
GetStartupInfoW
TlsFree
TlsGetValue
TlsSetValue

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
LoadStringW
GetModuleHandleExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharUpperW
CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegSetValueExA

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegOpenKeyW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoTaskMemRealloc
CoInitializeEx
CoTaskMemAlloc

oleaut32

SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SafeArrayCreate
SafeArrayDestroy
SafeArrayRedim
SysAllocString
RegisterTypeLi
UnRegisterTypeLi
VariantClear
VariantInit
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayCopy
SafeArrayGetVartype
SafeArrayGetUBound

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Get_Device_Interface_ListW
CM_Unregister_Notification
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSize
HeapReAlloc

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorLength
GetTokenInformation
IsValidSid
MakeAbsoluteSD
GetLengthSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
CopySid
InitializeSecurityDescriptor

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle
CreateServiceW
DeleteService

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

user32

DispatchMessageW
PostThreadMessageW
TranslateMessage
GetMessageW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetCPInfo
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlPcToFileHeader

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleCP
WriteConsoleW
GetConsoleMode

Exports

Exports

MessageBoxW

Sections

.text
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31b5751c8ba3552705525825d43a0570

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-io-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-security-sddl-l1-1-0

user32

api-ms-win-core-localization-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-console-l1-1-0

Exports

Exports

Sections

.text Size: 299KB - Virtual size: 298KB

.rdata Size: 147KB - Virtual size: 147KB

.data Size: 8KB - Virtual size: 15KB

.pdata Size: 16KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 299KB - Virtual size: 298KB

.rdata
Size: 147KB - Virtual size: 147KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 16KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB