2024-01-26_12b5e1e276abc2826b0701a6e9fbbea5_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-26_12b5e1e276abc2826b0701a6e9fbbea5_ryuk
Size

1.6MB
MD5

12b5e1e276abc2826b0701a6e9fbbea5
SHA1

bcc07f7a24da8ce6d127a0c6fd556f281d7d41ed
SHA256

f85ecb7ca816fc579cd245f6b7e7931aa88311e2cb4cce5e5f1eed243da11626
SHA512

f446c6e00b909aa9869ad23c0ef8c869270e07eef1dc6a238c4914c4976096e2a355bdea0d07837ec09406a16b2b129be623330bf66924ed4f5209302c35c616
SSDEEP

24576:1V7fcpdwxVcyWYV4LGBN5S7JTX0IppN7W0EkRPOZDtMGjau:3idwkyT4LGBN5nI7W0Ec4tM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-26_12b5e1e276abc2826b0701a6e9fbbea5_ryuk

Files

2024-01-26_12b5e1e276abc2826b0701a6e9fbbea5_ryuk
.exe windows:6 windows x64 arch:x64

902119f69e3b8483ed797fc16d109bef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindNextFileA
GetSystemWindowsDirectoryA
FormatMessageA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CloseHandle
SetEvent
ResetEvent
CreateEventA
GetTickCount
GetDriveTypeA
GetVolumeInformationA
GetCommandLineW
GetEnvironmentVariableA
GetEnvironmentVariableW
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileW
FindNextFileW
GetLocalTime
GetTimeZoneInformation
GetModuleHandleA
GetProcessTimes
GetCurrentProcess
DeleteCriticalSection
CreateFileA
DeviceIoControl
ReadFile
WriteFile
SetNamedPipeHandleState
SleepEx
WaitNamedPipeA
LoadLibraryExA
GetSystemTimeAsFileTime
RtlUnwindEx
ExitProcess
TerminateProcess
GetModuleHandleW
GetModuleHandleExW
DeleteFileW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExW
MoveFileExW
FindFirstFileExW
CreateThread
ExitThread
ResumeThread
FindFirstFileA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
HeapAlloc
HeapFree
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetStartupInfoW
GetCurrentThread
GetCurrentThreadId
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetFilePointerEx
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
SetEndOfFile
ReadConsoleW
SetEnvironmentVariableW
GetProcessHeap
GetCPInfo
IsValidCodePage
GetACP
GetOEMCP
GetFileSizeEx
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
SetConsoleCtrlHandler
HeapSize
WriteConsoleW
OutputDebugStringW
RaiseException
InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead
QueryPerformanceCounter
FindClose
Sleep
FreeLibrary
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
GetVersion
SetErrorMode
SetHandleInformation
lstrlenA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentProcessId
CreateMutexA
WaitForSingleObject
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetLastError
FreeLibraryAndExitThread
GetVersionExA
GetCommandLineA

user32

EnableWindow
SetDlgItemTextA
GetClientRect
GetWindowRect
GetFocus
SetFocus
GetDlgItemTextA
GetDlgItem
EndDialog
MoveWindow
ShowWindow
GetDlgItemTextW
MessageBeep
SendMessageA
GetSystemMetrics
MessageBoxA
SetWindowTextA
wsprintfA
ScreenToClient
GetWindowLongA
GetActiveWindow
GetParent
CreateDialogIndirectParamA
DialogBoxIndirectParamA

netapi32

Netbios

comdlg32

GetOpenFileNameA

comctl32

ord17

wsock32

inet_addr
ioctlsocket
WSACleanup
WSAStartup
getsockname
getsockopt
htonl
WSAGetLastError
socket
setsockopt
send
select
recv
inet_ntoa
connect
closesocket
__WSAFDIsSet
getpeername

shell32

ord680

oleaut32

VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysFreeString
SysAllocStringLen
SysAllocString
VariantClear

ole32

CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity

ws2_32

getaddrinfo
freeaddrinfo
getnameinfo

advapi32

RegQueryValueExW
StartServiceA
QueryServiceStatus
RegCloseKey
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
GetUserNameA
GetUserNameW
RegSetValueExA
RegSetValueExW
RegEnumKeyExA
RegQueryInfoKeyA
CloseServiceHandle
OpenSCManagerA
OpenServiceA

shlwapi

PathRemoveBackslashW

dhcpcsvc

DhcpRequestParams

userenv

GetProfilesDirectoryA

Sections

.text
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 817KB - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

902119f69e3b8483ed797fc16d109bef

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

netapi32

comdlg32

comctl32

wsock32

shell32

oleaut32

ole32

ws2_32

advapi32

shlwapi

dhcpcsvc

userenv

Sections

.text Size: 564KB - Virtual size: 564KB

.textidx Size: 817KB - Virtual size: 817KB

.rdata Size: 214KB - Virtual size: 213KB

.data Size: 19KB - Virtual size: 45KB

.pdata Size: 64KB - Virtual size: 63KB

.gfids Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 564KB - Virtual size: 564KB

.textidx
Size: 817KB - Virtual size: 817KB

.rdata
Size: 214KB - Virtual size: 213KB

.data
Size: 19KB - Virtual size: 45KB

.pdata
Size: 64KB - Virtual size: 63KB

.gfids
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB