2024-02-24_8d860505166de1f0b70f83fbd6316c0d_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-24_8d860505166de1f0b70f83fbd6316c0d_ryuk
Size

1.7MB
MD5

8d860505166de1f0b70f83fbd6316c0d
SHA1

40e2f428f3e9dc7e7717516e196d7fe4b46859e3
SHA256

eb31d9de43123dab4281492e5d61b66f505b744f9adcb938bcbd27335b54e43c
SHA512

13010d5265aad012c7d6f044802de82fc9a1695fe49b23208cfe3a40f774352ffba3c140c4873d9723889055954c022ba9572ac53730a3b38493f28535e7e3b6
SSDEEP

12288:UQWzqYupZo+sSaYrBqJcUD6XL579rkVitLP5izLMQqUt4MK5z8YwwN44Ix2:UJzqYupZDlrgJDegmLP5ilqkK18Yw/x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-24_8d860505166de1f0b70f83fbd6316c0d_ryuk

Files

2024-02-24_8d860505166de1f0b70f83fbd6316c0d_ryuk
.exe windows:6 windows x64 arch:x64

17d5e5913d8a7932a6f90e85ea0749e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeviceIoControl
CreateFileA
WideCharToMultiByte
ReadFile
Process32First
GetStdHandle
RegisterWaitForSingleObject
UnregisterWait
TerminateProcess
WaitForMultipleObjects
PeekNamedPipe
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetSystemTimeAsFileTime
SetEvent
GetVersionExA
Process32Next
LocalFree
GetCurrentProcessId
FormatMessageA
CreateEventA
GetProcessTimes
GetFileAttributesExA
FindFirstFileA
FindNextFileA
FindClose
GetFileInformationByHandle
GetTempPathA
ExpandEnvironmentStringsA
GetExitCodeProcess
CreateProcessA
CloseHandle
WaitForSingleObject
CreatePipe
SetHandleInformation
GetLastError
RaiseException
WriteConsoleW
HeapSize
GetTimeZoneInformation
GetCurrentDirectoryW
SetEndOfFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetModuleFileNameW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
SetStdHandle
GetFileType
MultiByteToWideChar
DuplicateHandle
SetConsoleCtrlHandler
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
CreateFileW
GetDriveTypeW
GetFullPathNameA
GetConsoleMode
ReadConsoleW
SetFilePointerEx
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleCP
HeapReAlloc
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
DeleteFileW
GetFileAttributesExW
CreateDirectoryW
FindFirstFileExA
GetStringTypeW
GetProcessHeap
GetModuleFileNameA

advapi32

SystemFunction036
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA

user32

IsWindowVisible
PostMessageA
GetClassNameA
PostThreadMessageA
EnumWindows
GetWindowThreadProcessId

Sections

.text
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.3MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

17d5e5913d8a7932a6f90e85ea0749e2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: 335KB - Virtual size: 335KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 6KB - Virtual size: 40KB

.pdata Size: 18KB - Virtual size: 17KB

.gfids Size: 512B - Virtual size: 184B

.reloc Size: 1.3MB - Virtual size: 2.0MB

.text
Size: 335KB - Virtual size: 335KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 6KB - Virtual size: 40KB

.pdata
Size: 18KB - Virtual size: 17KB

.gfids
Size: 512B - Virtual size: 184B

.reloc
Size: 1.3MB - Virtual size: 2.0MB