2024-02-19_64c1c9ff3b2b29ab09763b2aca5f89f3_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-19_64c1c9ff3b2b29ab09763b2aca5f89f3_ryuk
Size

724KB
MD5

64c1c9ff3b2b29ab09763b2aca5f89f3
SHA1

6e99729a2cfdcb07019f5b70912627f32444cb64
SHA256

20159bd703009f53f5164cbdd4bac4f20cc6496e9971377b6ecdc99e32813775
SHA512

0e4ad8a03e8fd8cd5c2fc3c140738aae845dd1ce200cc4a169522328ab18580cc522ec720e78302d4c82360ee8f908e4935a4acc06d6e10c4aaef8ca91cee508
SSDEEP

12288:B2h45cQlzH8xE1NySo1OwyAFIphmUuM0LZOTDuzQukm+CJ4eXCZKe:B2h/QlzH8xE1NySIOMIeUBTMHJ4pZK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-19_64c1c9ff3b2b29ab09763b2aca5f89f3_ryuk

Files

2024-02-19_64c1c9ff3b2b29ab09763b2aca5f89f3_ryuk
.exe windows:5 windows x64 arch:x64

11f57a930c6c1c353c2d1d9f9b8cb448

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GoogleUpdateComRegisterShell64_unsigned.pdb

Imports

advapi32

RegCloseKey
RegOverridePredefKey
RegOpenKeyExW

kernel32

FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetFileType
GetACP
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
GetCommandLineW
GetModuleHandleExW
VirtualQuery
GetModuleFileNameW
GetCurrentProcessId
CloseHandle
LocalFree
LoadLibraryW
GetCurrentProcess
SetLastError
GetTickCount
GetEnvironmentVariableW
lstrcmpiW
FreeLibrary
FindClose
TerminateProcess
Sleep
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
GetCurrentThreadId
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
OutputDebugStringW
CreateFileW
WriteFile
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FlushFileBuffers
IsDebuggerPresent
ExitProcess
GetStdHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
GetStartupInfoW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
GetModuleFileNameA

user32

CharLowerBuffW
MessageBoxW
wsprintfW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard

shlwapi

PathStripPathW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAppendW

shell32

CommandLineToArgvW

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

11f57a930c6c1c353c2d1d9f9b8cb448

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

shlwapi

shell32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 5KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 268B

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 5KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 268B

.reloc
Size: 568KB - Virtual size: 572KB