2024-01-28_6cc84815c7919cba9e937d6f815a3eee_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-28_6cc84815c7919cba9e937d6f815a3eee_ryuk
Size

851KB
MD5

6cc84815c7919cba9e937d6f815a3eee
SHA1

0a6f90e8312d1fe14b6d0cc8ced1e58b1b6d59aa
SHA256

91f3052ffa05ea6e0bc246c6d0b4ad8df2f5c9684c2f851a81ae44f10baac76c
SHA512

39ec4f3bb07bdb91ddd4355fd21063ed2d70e973635075cd27d982d229feba689f65be7964f71504718a126ff343b2f84edd55549c08dee7f14d4c128df408d9
SSDEEP

24576:6SFhNxSnnTTWt2rR8FfBhRJUEbDk1ulUu:PlgnfWt2r4PRSEk1ul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-28_6cc84815c7919cba9e937d6f815a3eee_ryuk

Files

2024-01-28_6cc84815c7919cba9e937d6f815a3eee_ryuk
.exe windows:5 windows x64 arch:x64

91b6dd48e66f1cd083d1651131ee8cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Synaptics\Source\RefCode\GetPackratInfo\x64\Release\GetPackratInfo.pdb

Imports

ole32

CoInitialize
CLSIDFromProgID
CoCreateInstance

kernel32

RtlPcToFileHeader
HeapSize
WriteConsoleW
SetStdHandle
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
LoadLibraryW
GetCurrentProcess
GetModuleFileNameW
GetFileAttributesW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
ReleaseActCtx
TlsAlloc
TlsGetValue
TlsSetValue
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwindEx
GetLastError
LoadLibraryExW
GetConsoleMode
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
HeapAlloc
HeapReAlloc
HeapFree
GetModuleFileNameA
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
CreateFileW
ReadFile
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetProcessHeap
FlushFileBuffers
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

91b6dd48e66f1cd083d1651131ee8cfd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

kernel32

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 8KB - Virtual size: 14KB

.pdata Size: 9KB - Virtual size: 8KB

.gfids Size: 1024B - Virtual size: 700B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 8KB - Virtual size: 14KB

.pdata
Size: 9KB - Virtual size: 8KB

.gfids
Size: 1024B - Virtual size: 700B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB