2024-02-19_1429cddf914397437c136d10d11d2131_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-19_1429cddf914397437c136d10d11d2131_ryuk
Size

2.0MB
MD5

1429cddf914397437c136d10d11d2131
SHA1

873c5a0e20c193744f8aad398368e617dc756467
SHA256

643aaea2f85794613d8088fef1372479df40b5a316cc4ea1143a681a54fb223a
SHA512

b4e0a7e28bc5ae0bf7cdccf9ba323e58adcd697b9a8405dba05ca5e06148f8bd1cfcf56be7348fb8edfa83100894f95770c1d637ff8da8122228e906163909fb
SSDEEP

49152:CqbckXa179jtI91Zh2wbuoHQi3wPNyVmEMj82o0FXPTZ9n:JbcJJIxGPgmf82p9n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-19_1429cddf914397437c136d10d11d2131_ryuk

Files

2024-02-19_1429cddf914397437c136d10d11d2131_ryuk
.exe windows:6 windows x64 arch:x64

5a6c9317c4bfeb44823a96cb1d6e93e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Default.DESKTOP-M9I88C9\Desktop\MeshAgent2\Release\MeshService64.pdb

Imports

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

dbghelp

StackWalk64
SymGetModuleBase64
SymInitialize
SymFunctionTableAccess64
SymGetLineFromAddr64
SymFromAddr

iphlpapi

ConvertLengthToIpv4Mask
SendARP
GetAdaptersAddresses
GetAdaptersInfo

ws2_32

recv
socket
send
gethostbyname
bind
accept
WSAGetLastError
setsockopt
ioctlsocket
getsockname
ntohl
ntohs
gethostname
htonl
htons
listen
WSACleanup
select
WSASetLastError
WSASocketW
WSAStartup
inet_addr
gethostbyaddr
getservbyport
inet_ntoa
getservbyname
WSAIoctl
shutdown
connect
recvfrom
getsockopt
sendto
__WSAFDIsSet
closesocket

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperGetProvCertFromChain

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

gdiplus

GdipCloneImage
GdipGetImageEncoders
GdipAlloc
GdiplusStartup
GdipSaveImageToStream
GdipDisposeImage
GdipFree
GdipGetImageEncodersSize
GdiplusShutdown
GdipLoadImageFromStream

winhttp

WinHttpGetIEProxyConfigForCurrentUser

kernel32

RtlUnwindEx
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
GetFullPathNameA
GetSystemPowerStatus
SetCurrentDirectoryA
Sleep
GetLastError
CloseHandle
CreateProcessA
LoadLibraryA
GetProcAddress
FreeLibrary
ReadFile
GetCurrentThreadId
GetVersionExA
CreateThread
SetSystemPowerState
GetCurrentProcess
SetThreadExecutionState
DeviceIoControl
WaitForSingleObject
CreateFileA
GetOverlappedResult
CreateEventA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
CancelIo
GetFileAttributesExA
FindFirstFileA
GetDriveTypeA
FindNextFileA
FindFirstVolumeA
FindClose
GetVolumePathNamesForVolumeNameA
GetStringTypeW
RemoveDirectoryA
FindNextVolumeA
FindVolumeClose
GetDiskFreeSpaceExA
CopyFileA
RtlCaptureContext
DuplicateHandle
GetModuleHandleA
SetEvent
GetCurrentThread
GetSystemDirectoryA
DeleteFileA
QueueUserAPC
SleepEx
GetTickCount
OpenThread
IsDebuggerPresent
CreateNamedPipeA
TerminateProcess
WaitForMultipleObjectsEx
ResetEvent
WTSGetActiveConsoleSessionId
GetExitCodeProcess
SetConsoleCtrlHandler
GetModuleFileNameW
GlobalFree
FreeConsole
CreateDirectoryA
GetFileType
GetModuleHandleW
MultiByteToWideChar
SwitchToFiber
DeleteFiber
CreateFiber
WideCharToMultiByte
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetLastError
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
HeapReAlloc
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
DeleteFileW
MoveFileExW
CreateDirectoryW
GetCPInfo
SetStdHandle
FindFirstFileExA
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetTimeZoneInformation
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetProcessHeap
CreateFileW
WriteConsoleW
HeapSize
SetEndOfFile
RaiseException
FindFirstFileW
GetDriveTypeW
PeekNamedPipe
GetCurrentDirectoryW
GetFullPathNameW
RtlPcToFileHeader
ReadDirectoryChangesW
EncodePointer

user32

GetUserObjectInformationW
GetProcessWindowStation
EndDialog
DialogBoxParamA
SetWindowTextA
MessageBoxA
MessageBoxW
EnableWindow
MessageBeep
ExitWindowsEx
GetDC
ReleaseDC
GetUserObjectInformationA
CloseWindowStation
GetDlgItem
MapVirtualKeyA
SendInput
SetForegroundWindow
GetForegroundWindow
FindWindowA
EnumDisplayMonitors
GetSystemMetrics
SetThreadDesktop
GetThreadDesktop
SendMessageA
OpenInputDesktop
SetProcessWindowStation
CloseDesktop
OpenWindowStationA
OpenDesktopA
GetMonitorInfoA

gdi32

CreateCompatibleDC
SelectObject
GetDIBits
DeleteDC
SetStretchBltMode
DeleteObject
CreateCompatibleBitmap
BitBlt
StretchBlt

advapi32

DeregisterEventSource
CreateServiceA
StartServiceCtrlDispatcherA
QueryServiceStatus
CloseServiceHandle
StartServiceA
FreeSid
CheckTokenMembership
ChangeServiceConfig2A
OpenServiceA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueA
InitiateSystemShutdownA
OpenProcessToken
RegCreateKeyA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
DeleteService
OpenSCManagerA
RegisterServiceCtrlHandlerA
SetServiceStatus
AllocateAndInitializeSid
ControlService

shell32

SHGetFolderPathA

ole32

CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysStringLen

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a6c9317c4bfeb44823a96cb1d6e93e4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

dbghelp

iphlpapi

ws2_32

wintrust

version

gdiplus

winhttp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

crypt32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 448KB - Virtual size: 447KB

.data Size: 13KB - Virtual size: 164KB

.pdata Size: 80KB - Virtual size: 80KB

.gfids Size: 512B - Virtual size: 196B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 448KB - Virtual size: 447KB

.data
Size: 13KB - Virtual size: 164KB

.pdata
Size: 80KB - Virtual size: 80KB

.gfids
Size: 512B - Virtual size: 196B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 16KB - Virtual size: 16KB