2024-02-01_18efe1b4309e29575601c1dce968aaeb_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-01_18efe1b4309e29575601c1dce968aaeb_ryuk
Size

2.3MB
MD5

18efe1b4309e29575601c1dce968aaeb
SHA1

8da90bfce6eaa1af93a7165e72bf9829b93d3a17
SHA256

5eda24531414c4e8c4e45e3da4231a2af7a70f4398a0c4cd7fbf8bfa59272ca3
SHA512

0a98d0b83bb2e00a187e6a5865675f9cbb6d96f3231c1f7387a868277d3a65bcc34ddc462905470b585de8cc287f1cc149b0b2efbea7bd35e830ed3316936155
SSDEEP

24576:8w7+EYw6Qb4zkFAP7qgib7ionm7PscDtXelFa+C6zPOW79qnQrt//Pd0TxHxJppu:8k+K6Q4zksmg+dssbO6zGMQQ9Qxvu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-01_18efe1b4309e29575601c1dce968aaeb_ryuk

Files

2024-02-01_18efe1b4309e29575601c1dce968aaeb_ryuk
.exe windows:5 windows x64 arch:x64

73938662b479520d5e9f9e615139c013

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\b\build\slave\Win\build\src\out\Release\nacl64.exe.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSACloseEvent
WSAGetLastError
gethostbyname
socket
shutdown
setsockopt
send
select
WSACreateEvent
ntohs
listen
htons
htonl
getsockname
closesocket
bind
accept
WSAEventSelect
WSAStartup
WSACleanup
recv

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime
timeEndPeriod

userenv

DestroyEnvironmentBlock
GetProfileType
CreateEnvironmentBlock

kernel32

GetStdHandle
GetLongPathNameW
CloseHandle
GetLastError
SetLastError
GetCurrentProcess
ResumeThread
IsProcessInJob
QueryInformationJobObject
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetFileAttributesW
GetTempPathW
OutputDebugStringW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
CreateFileW
DeleteFileW
WriteFile
OutputDebugStringA
GetCurrentProcessId
GetTickCount
FormatMessageA
LocalFree
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetSystemTimeAsFileTime
QueryThreadCycleTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetCurrentThreadId
DuplicateHandle
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
OpenProcess
ReadFile
SetHandleInformation
CreateProcessW
AssignProcessToJobObject
SetInformationJobObject
AttachConsole
AllocConsole
IsDebuggerPresent
RaiseException
CreateThread
VirtualProtect
VirtualQuery
FreeLibrary
LoadLibraryW
lstrcmpiA
GetVersionExW
GetNativeSystemInfo
GetCurrentDirectoryW
GetFileAttributesExW
QueryDosDeviceW
RemoveDirectoryW
SetFileAttributesW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcessId
SetEnvironmentVariableA
GetSystemDirectoryW
GetWindowsDirectoryW
CreateEventW
GetModuleHandleA
FlushFileBuffers
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
SetFileTime
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
UnregisterWaitEx
RegisterWaitForSingleObject
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
VirtualAlloc
VirtualFree
ResetEvent
WaitForMultipleObjects
GetModuleHandleExA
GetProcessTimes
GetSystemInfo
VirtualQueryEx
RtlAddFunctionTable
RtlDeleteFunctionTable
CreateRemoteThread
FormatMessageW
DebugActiveProcess
ConnectNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetNamedPipeInfo
CancelIo
HeapSetInformation
VirtualProtectEx
DecodePointer
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateJobObject
GetUserDefaultLCID
GetThreadContext
GetFileType
ProcessIdToSessionId
GetProcessHandleCount
SignalObjectAndWait
CreateMutexW
VirtualAllocEx
VirtualFreeEx
CreateJobObjectW
ReadProcessMemory
DebugBreak
lstrlenW
SearchPathW
GetThreadId
ContinueDebugEvent
WaitForDebugEvent
SuspendThread
SetThreadContext
FlushInstructionCache
ExitProcess
CreateFileA
LockFileEx
UnlockFileEx
MapViewOfFileEx
GetThreadTimes
SwitchToThread
GetSystemTime
DisconnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
GetNamedPipeHandleStateW
InitializeCriticalSectionAndSpinCount
InitOnceExecuteOnce
SetCurrentDirectoryA
GetCurrentDirectoryA
ExitThread
FreeLibraryAndExitThread
HeapAlloc
HeapFree
HeapReAlloc
GetACP
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
GetTimeZoneInformation
ReadConsoleW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetProcessHeap
GetCommandLineA
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
GetSystemPowerStatus
ReleaseSemaphore
CreateSemaphoreW
TransactNamedPipe
EncodePointer
GetStringTypeW
WriteProcessMemory
GetDriveTypeW
GetFullPathNameA
GetFullPathNameW
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
LoadLibraryExA

advapi32

SetEntriesInAclW
ConvertSidToStringSidW
SetThreadToken
LookupPrivilegeValueW
EqualSid
DuplicateTokenEx
DuplicateToken
CreateRestrictedToken
CreateWellKnownSid
CopySid
RegDisablePredefinedCache
RevertToSelf
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
SetSecurityInfo
SetTokenInformation
SetKernelObjectSecurity
GetSecurityDescriptorSacl
GetLengthSid
GetKernelObjectSecurity
GetAce
SystemFunction036
RegCreateKeyExW
CreateProcessAsUserW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetTokenInformation
OpenProcessToken
GetSecurityInfo

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx

user32

GetUserObjectInformationW
CloseWindowStation
CloseDesktop
wsprintfW
MessageBoxW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
CallMsgFilterW
GetProcessWindowStation
CreateWindowExW
RegisterClassExW
UnregisterClassW
PostQuitMessage
DefWindowProcW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
SetProcessWindowStation
CreateWindowStationW
GetThreadDesktop
DestroyWindow
CreateDesktopW

Exports

Exports

ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
CrashForException
DumpProcess
DumpProcessWithoutCrash
GetHandleVerifier
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
IsSandboxedProcess
RegisterNonABICompliantCodeRange
SetCrashKeyValueImpl
TerminateProcessWithoutDump
UnregisterNonABICompliantCodeRange
_ovly_debug_event
nacl_global_xlate_base
nacl_thread_ids
nacl_user

Sections

.text
Size: 1020KB - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73938662b479520d5e9f9e615139c013

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

winmm

userenv

kernel32

advapi32

ole32

user32

Exports

Exports

Sections

.text Size: 1020KB - Virtual size: 1020KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 10KB - Virtual size: 156KB

.pdata Size: 68KB - Virtual size: 68KB

.tls Size: 512B - Virtual size: 25B

.gfids Size: 1024B - Virtual size: 824B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 1020KB - Virtual size: 1020KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 10KB - Virtual size: 156KB

.pdata
Size: 68KB - Virtual size: 68KB

.tls
Size: 512B - Virtual size: 25B

.gfids
Size: 1024B - Virtual size: 824B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB