2024-01-28_fe0954356dc44d63df787734e63bcf07_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-28_fe0954356dc44d63df787734e63bcf07_ryuk
Size

1.7MB
MD5

fe0954356dc44d63df787734e63bcf07
SHA1

b63949a640dd0bfb0a45f297588b91e2d96f404e
SHA256

6ecb87e8d3efec604cb95ccd2129d417666efc12ff81b655d2aa3b594fe3b3f4
SHA512

36a8820b291ee50f68ced83c055096f0eba7bf358e8e0e2e2daf1e6805121801bd18acdc4020b54692291a361a49cd3546f4b5999530dcede6bdcb6fff6095db
SSDEEP

24576:AIg/X248lf/Do6nWl1R3u4X/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:8X18lf/Do6WlvHXLNiXicJFFRGNzj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-28_fe0954356dc44d63df787734e63bcf07_ryuk

Files

2024-01-28_fe0954356dc44d63df787734e63bcf07_ryuk
.exe windows:6 windows x64 arch:x64

ef5ae9dddc6e716c0681d804530f9e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\qb\workspace\19992\p4gen\gfx_Development\dump64\igfx\lh\release\IntelCpHDCPSvc\IntelCpHDCPSvc.pdb

Imports

cfgmgr32

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection
CreateEventW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
SetEvent
CreateSemaphoreExW
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep
SignalObjectAndWait

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventRegister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleA
FreeLibraryAndExitThread
GetProcAddress
SizeofResource
LoadStringW
LoadResource
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW

oleaut32

SysAllocString
SysStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
VariantClear
VariantInit
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SysFreeString
SafeArrayGetUBound
SafeArrayRedim
LoadRegTypeLi
SafeArrayDestroy
SafeArrayCreate

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetStartupInfoW
TerminateProcess
CreateThread
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
OpenProcessToken
GetCurrentThread
GetThreadPriority
SetThreadPriority
SwitchToThread
GetCurrentProcess
TlsAlloc

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoTaskMemAlloc
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoReleaseServerProcess
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoAddRefServerProcess
CoTaskMemFree
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorGroup
MakeAbsoluteSD
IsValidSid
InitializeSecurityDescriptor
GetTokenInformation
GetSecurityDescriptorLength
SetSecurityDescriptorOwner
GetLengthSid
CopySid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharUpperW
CharNextW

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-management-l1-1-0

DeleteService
CreateServiceW
OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplayDevicesW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

user32

GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
MessageBoxW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader

api-ms-win-core-processthreads-l1-1-1

GetThreadTimes
IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetLogicalProcessorInformation
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPopEntrySList
QueryDepthSList
InterlockedPushEntrySList

api-ms-win-core-localization-l1-2-0

IsValidCodePage
GetCPInfo
GetACP
GetOEMCP
LCMapStringW

api-ms-win-core-file-l1-1-0

FindNextFileW
WriteFile
SetFilePointerEx
FindFirstFileExW
FlushFileBuffers
CreateFileW
FindClose
GetFileType

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleCP
WriteConsoleW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
ChangeTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask
GetProcessAffinityMask

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
RegisterWaitForSingleObject

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
VirtualProtect

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef5ae9dddc6e716c0681d804530f9e1f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cfgmgr32

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

oleaut32

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-synch-l1-2-1

user32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-systemtopology-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-memory-l1-1-0

Sections

.text Size: 285KB - Virtual size: 284KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 10KB - Virtual size: 17KB

.pdata Size: 20KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 285KB - Virtual size: 284KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 10KB - Virtual size: 17KB

.pdata
Size: 20KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB