2024-01-25_61d6c4246d87c4be5553db37e769371d_gazer_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-25_61d6c4246d87c4be5553db37e769371d_gazer_ryuk
Size

4.8MB
MD5

61d6c4246d87c4be5553db37e769371d
SHA1

cb08008a11267bc5f0ba76370b12a9329a13984c
SHA256

9c501b59650f09bdb0cf7e682a191a553a312f66c95f09a72d49ec16a5697e9f
SHA512

23af02863df7554f1a6a46ae12a844c6b803b9bf9eec7fd84e5a856252841fa2736fe02499af4ac0a01fedacc8cd28101630bb49c10e44ea93c94e583ac7cbda
SSDEEP

49152:TiM4VBRtM6X5lrKDH0mvDch1Znn/hOmyIDjotz/ftiHeeFzXUTbIjP/bO6YUbj9O:unacGtKee3jHDpmz8Momh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-25_61d6c4246d87c4be5553db37e769371d_gazer_ryuk

Files

2024-01-25_61d6c4246d87c4be5553db37e769371d_gazer_ryuk
.exe windows:6 windows x64 arch:x64

773ab66b53c7cda223e6579fb2de4b44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAIoctl
gethostbyname
inet_addr
sendto
recvfrom
WSAWaitForMultipleEvents
setsockopt
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
select
__WSAFDIsSet
ioctlsocket
freeaddrinfo
getaddrinfo
send
WSASetLastError
recv
ntohs
getsockopt
listen
htonl
getsockname
getpeername
connect
bind
accept
socket
closesocket
WSACleanup
WSAStartup
htons
WSAGetLastError
gethostname

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom

crypt32

CertCloseStore
CertOpenSystemStoreA
CertEnumCertificatesInStore

wldap32

ord217
ord32
ord301
ord200
ord30
ord79
ord35
ord33
ord143
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46

core_rl_magick++_

??0Geometry@Magick@@QEAA@PEBD@Z
?write@Image@Magick@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?read@Image@Magick@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?quality@Image@Magick@@QEAAX_K@Z
?fileName@Image@Magick@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?fileName@Image@Magick@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?debug@Image@Magick@@QEAAX_N@Z
?compressType@Image@Magick@@QEAAXW4CompressionType@MagickCore@@@Z
??1Image@Magick@@UEAA@XZ
??0Image@Magick@@QEAA@XZ
?composite@Image@Magick@@QEAAXAEBV12@_J1W4CompositeOperator@MagickCore@@@Z
?compare@Image@Magick@@QEAANAEBV12@W4MetricType@MagickCore@@@Z
?yOff@Geometry@Magick@@QEBA_JXZ
?xOff@Geometry@Magick@@QEBA_JXZ
?composite@Image@Magick@@QEAAXAEBV12@W4GravityType@MagickCore@@W4CompositeOperator@4@@Z
?quantumRed@Color@Magick@@QEBAEXZ
??0Geometry@Magick@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?extent@Image@Magick@@QEAAXAEBVGeometry@2@@Z
?gamma@Image@Magick@@QEAAXN@Z
?convolve@Image@Magick@@QEAAX_KPEBN@Z
?colorMatrix@Image@Magick@@QEAAX_KPEBN@Z
?repage@Image@Magick@@QEAAXXZ
?crop@Image@Magick@@QEAAXAEBVGeometry@2@@Z
?texture@Image@Magick@@QEAAXAEBV12@@Z
?scale@Image@Magick@@QEAAXAEBVGeometry@2@@Z
??0Image@Magick@@QEAA@AEBV01@@Z
??0Image@Magick@@QEAA@AEBVBlob@1@@Z
??0Blob@Magick@@QEAA@PEBX_K@Z
?TerminateMagick@Magick@@YAXXZ
?quantumBlue@Color@Magick@@QEBAEXZ
?copyPixels@Image@Magick@@QEAAXAEBV12@AEBVGeometry@2@AEBVOffset@2@@Z
??1Offset@Magick@@QEAA@XZ
?quantumGreen@Color@Magick@@QEBAEXZ
??1Blob@Magick@@UEAA@XZ
??0Color@Magick@@QEAA@AEBV01@@Z
??0Color@Magick@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1Color@Magick@@UEAA@XZ
?quantumAlpha@Color@Magick@@QEBAEXZ
?composite@Image@Magick@@QEAAXAEBV12@AEBVGeometry@2@W4CompositeOperator@MagickCore@@@Z
?InitializeMagick@Magick@@YAXPEBD@Z
??0Offset@Magick@@QEAA@_J0@Z
??0Geometry@Magick@@QEAA@AEBV01@@Z
?modifyImage@Image@Magick@@QEAAXXZ
?syncPixels@Image@Magick@@QEAAXXZ
?getPixels@Image@Magick@@QEAAPEAE_J0_K1@Z
?getConstPixels@Image@Magick@@QEBAPEBE_J0_K1@Z
?size@Image@Magick@@QEBA?AVGeometry@2@XZ
?quiet@Image@Magick@@QEAAX_N@Z
?iccColorProfile@Image@Magick@@QEBA?AVBlob@2@XZ
?iccColorProfile@Image@Magick@@QEAAXAEBVBlob@2@@Z
?colorSpace@Image@Magick@@QEAAXW4ColorspaceType@MagickCore@@@Z
?channels@Image@Magick@@QEBA_KXZ
?backgroundColor@Image@Magick@@QEAAXAEBVColor@2@@Z
??0Image@Magick@@QEAA@AEBVGeometry@1@AEBVColor@1@@Z
?width@Geometry@Magick@@QEBA_KXZ
?height@Geometry@Magick@@QEBA_KXZ
??1Geometry@Magick@@QEAA@XZ
??0Geometry@Magick@@QEAA@_K0_J1@Z

core_rl_magickcore_

SetMagickResourceLimit
GetMagickResourceLimit
GetImageRegistry
AcquireExceptionInfo
DestroyExceptionInfo
GetEnvironmentValue
InterpretSiPrefixValue
FormatMagickSize
SetImageRegistry

bcrypt

BCryptGenRandom

kernel32

CreateFileW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
SetFilePointerEx
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
RaiseException
RtlPcToFileHeader
FileTimeToSystemTime
SetStdHandle
CreateDirectoryW
DeleteFileW
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileAttributesExW
SetEndOfFile
GetFileSizeEx
FlushFileBuffers
GetTimeZoneInformation
SetEnvironmentVariableW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FindFirstFileExW
SetConsoleMode
ReadConsoleInputW
HeapSize
WriteConsoleW
RtlUnwindEx
LeaveCriticalSection
InitializeSListHead
IsProcessorFeaturePresent
TlsGetValue
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
SleepEx
InitializeCriticalSectionEx
GetLastError
SetLastError
FormatMessageW
VerSetConditionMask
VerifyVersionInfoW
Sleep
CloseHandle
WaitForSingleObjectEx
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetTickCount
ReleaseMutex
WaitForSingleObject
CreateMutexA
MoveFileExA
FindClose
FindFirstFileW
FindNextFileW
lstrlenW
GetSystemTime
CreateThread
TlsSetValue
TlsAlloc
SetEvent
ResetEvent
CreateEventA
GetCurrentThreadId
GetCommandLineA
SystemTimeToFileTime
RtlCaptureContext
WriteFile
DuplicateHandle
CreatePipe
GetCurrentProcess
TerminateProcess
CreateProcessW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetCurrentProcessId
GetModuleFileNameW
FormatMessageA
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW

Exports

Exports

hx_cffi

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 949KB - Virtual size: 949KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 624KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

773ab66b53c7cda223e6579fb2de4b44

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

crypt32

wldap32

core_rl_magick++_

core_rl_magickcore_

bcrypt

kernel32

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 949KB - Virtual size: 949KB

.data Size: 314KB - Virtual size: 359KB

.pdata Size: 142KB - Virtual size: 142KB

.gfids Size: 1024B - Virtual size: 576B

.tls Size: 512B - Virtual size: 9B

.gehcont Size: 512B - Virtual size: 36B

.reloc Size: 624KB - Virtual size: 628KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 949KB - Virtual size: 949KB

.data
Size: 314KB - Virtual size: 359KB

.pdata
Size: 142KB - Virtual size: 142KB

.gfids
Size: 1024B - Virtual size: 576B

.tls
Size: 512B - Virtual size: 9B

.gehcont
Size: 512B - Virtual size: 36B

.reloc
Size: 624KB - Virtual size: 628KB