2024-02-03_3a8eec5d5c5afe2a5f2a6efe24b45755_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-03_3a8eec5d5c5afe2a5f2a6efe24b45755_ryuk
Size

5.3MB
MD5

3a8eec5d5c5afe2a5f2a6efe24b45755
SHA1

bf79a6e3aa63299d09f010778abf0dd6097e1607
SHA256

e97b8b059d72386ddab7ddd65d6d99df18e874b8aa200df3858a1e32ffd553c7
SHA512

0315689f61540e866cc90eb592e51e92d6601e2b9a49c8ffd0fc7a872cdc073c89112add2d9bbc527cf707a55f9b1dd78b40d24080ba5f6adbc433dd697a0143
SSDEEP

49152:KM9QTD2p2nCeJkfDIhbSj+XOGdCfRqHxGGI3r7dDyVR+tVcyVqRYKsJzDeX30vBq:4y2xiypYKK3DYjq1jg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-03_3a8eec5d5c5afe2a5f2a6efe24b45755_ryuk

Files

2024-02-03_3a8eec5d5c5afe2a5f2a6efe24b45755_ryuk
.exe windows:6 windows x64 arch:x64

743fe2572188918737070af0b6d407c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\GitHub\polserver\bin\Release\pol.pdb

Imports

ws2_32

inet_ntop
ntohl
htonl
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
ntohs
htons
getsockopt
getpeername
connect
WSASetLastError
getsockname
WSACleanup
WSAStartup
gethostname
socket
setsockopt
listen
inet_ntoa
ioctlsocket
bind
accept
select
__WSAFDIsSet
WSAGetLastError
shutdown
send
inet_addr
gethostbyname
closesocket
recv

advapi32

GetUserNameA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

crypt32

CertFreeCertificateContext

wldap32

ord46
ord211
ord60
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord143

normaliz

IdnToAscii

libmysql

mysql_close
mysql_real_escape_string
mysql_fetch_row
mysql_free_result
mysql_num_rows
mysql_num_fields
mysql_fetch_fields
mysql_field_count
mysql_affected_rows
mysql_errno
mysql_error
mysql_init
mysql_real_connect
mysql_select_db
mysql_query
mysql_store_result
mysql_ping

kernel32

ReadConsoleInputA
SetEnvironmentVariableA
SetConsoleMode
ReadConsoleW
GetCurrentDirectoryW
GetDateFormatW
GetTimeFormatW
IsValidLocale
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetConsoleMode
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
HeapReAlloc
HeapFree
HeapAlloc
GetFullPathNameW
ExitProcess
SetFilePointerEx
GetModuleHandleExW
ExitThread
HeapWalk
HeapValidate
FileTimeToSystemTime
InterlockedPushEntrySList
InterlockedPopEntrySList
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
FlushFileBuffers
GetConsoleCP
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
CreateFileW
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
RtlUnwindEx
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
MoveFileExW
CloseHandle
SetEvent
WaitForSingleObject
CreateEventA
GetCurrentThreadId
PulseEvent
CreateSemaphoreA
GetProcessTimes
GetCurrentProcess
GetCurrentDirectoryA
GetLastError
GetModuleHandleA
SetConsoleCtrlHandler
SetLastError
FormatMessageA
GetTickCount64
InitializeCriticalSectionEx
SleepEx
WaitForSingleObjectEx
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
IsDebuggerPresent
OutputDebugStringA
CreateDirectoryA
FindClose
FindFirstFileA
FindNextFileA
K32GetProcessMemoryInfo
DuplicateHandle
RaiseException
GetCurrentThread
CreateFileA
SetUnhandledExceptionFilter
GetCurrentProcessId
SetFilePointer
VirtualQuery
RtlCaptureContext
GetEnvironmentVariableA
GetFileAttributesA
SuspendThread
ResumeThread
GetThreadContext
GetVersionExA
ReadProcessMemory
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
ResetEvent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
GetTimeZoneInformation
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteFileW
WriteConsoleW
GetFileAttributesExW
SetEndOfFile
CreateDirectoryW
Sleep
HeapSize
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
FormatMessageW
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
GetExitCodeThread
GetNativeSystemInfo
TryEnterCriticalSection
RtlPcToFileHeader
EncodePointer
DecodePointer
QueueUserWorkItem
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
InterlockedFlushSList

user32

GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
SendMessageTimeoutA
PostMessageA
IsWindow
DestroyWindow
ShowWindow
SetWindowPos
CreateDialogParamA
LoadMenuA
GetSubMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
LoadIconA
IsDialogMessageA
wvsprintfA
RegisterWindowMessageA

shell32

Shell_NotifyIconA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 353B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

743fe2572188918737070af0b6d407c8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

advapi32

crypt32

wldap32

normaliz

libmysql

kernel32

user32

shell32

version

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 82KB - Virtual size: 366KB

.pdata Size: 208KB - Virtual size: 207KB

.tls Size: 512B - Virtual size: 353B

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 82KB - Virtual size: 366KB

.pdata
Size: 208KB - Virtual size: 207KB

.tls
Size: 512B - Virtual size: 353B

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 41KB - Virtual size: 41KB