2024-02-24_8a0e9d80d8b100b5e9b213554deb9e15_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-24_8a0e9d80d8b100b5e9b213554deb9e15_ryuk
Size

1.8MB
MD5

8a0e9d80d8b100b5e9b213554deb9e15
SHA1

a2880af9d5f57fc1f270604ebae3d9b1e57e2b00
SHA256

8515189880fc80b54522057026a6af8914641079700b89d42607931c5819d373
SHA512

c0daf0aef41c87e6461e982831a0c099f8ec1e1ba483a0a81fa1533b5c626ef661809133282889f7bb3e9a6b52f544e9a592dfba0c1ed65ffd14e86832bc3e23
SSDEEP

24576:vY61vmbC4LATgpi5OP/d5cSJeWCPH5YV3HyTUGOBRcDXbk/Ya70dpkbI6Ny+htx5:vY64W4Lkgpi5OndBJU5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-24_8a0e9d80d8b100b5e9b213554deb9e15_ryuk

Files

2024-02-24_8a0e9d80d8b100b5e9b213554deb9e15_ryuk
.exe windows:6 windows x64 arch:x64

57ddb8ad07ac7af7cb8c2edaaa028223

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\sungeun\svn\free_formed_data\trunk\windows\ffdp\x64\Debug\ffdpcmd.pdb

Imports

kernel32

LoadLibraryW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
Sleep
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFullPathNameW
GetTempPathW
GetExitCodeProcess
GetSystemDirectoryW
lstrlenW
GetModuleHandleW
CreateMailslotW
WideCharToMultiByte
DeleteFileW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
SetFileAttributesW
GetCurrentProcess
GetCurrentThread
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
lstrcpyW
lstrcatW
CopyFileW
MoveFileExW
GetLogicalDriveStringsW
TlsFree
CreateSemaphoreW
lstrcmpiW
GetProcAddress
FreeLibrary
GetVersionExW
GetExitCodeThread
CreateThread
OpenEventW
ReleaseSemaphore
DeviceIoControl
QueryDosDeviceW
GetDriveTypeW
CreateFileW
FormatMessageW
LocalFree
GetModuleFileNameW
OpenProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetFileAttributesExW
GetDiskFreeSpaceW
GetSystemInfo
VirtualFree
VirtualAlloc
SetLastError
CloseHandle
GetLastError
WriteFile
ReadFile
MultiByteToWideChar
GetWindowsDirectoryW
SetEndOfFile
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
HeapQueryInformation
HeapReAlloc
GetStringTypeW
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
InitializeCriticalSectionAndSpinCount
GetTickCount
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
EncodePointer
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleHandleExW
WriteConsoleW
GetConsoleMode
ReadConsoleInputW
SetConsoleMode
HeapSize
HeapValidate
ExitProcess
GetCommandLineA
GetCommandLineW
GetACP
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
SetConsoleCtrlHandler
GetDateFormatW
ReadConsoleW

advapi32

GetSecurityDescriptorLength
ReportEventW
RegisterEventSourceW
DeregisterEventSource
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
InitiateSystemShutdownW
LookupPrivilegeNameW
LookupPrivilegeValueW
GetTokenInformation
FreeSid
EqualSid
AdjustTokenPrivileges
OpenThreadToken
RegOpenKeyW
RegEnumKeyExW
LsaNtStatusToWinError
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken

shell32

SHFileOperationW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDiGetActualSectionToInstallW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetINFClassW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupIterateCabinetW
SetupGetSourceInfoW
SetupGetSourceFileLocationW
SetupGetIntField
SetupGetStringFieldW
SetupFindNextLine
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57ddb8ad07ac7af7cb8c2edaaa028223

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

version

setupapi

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 364KB - Virtual size: 364KB

.data Size: 71KB - Virtual size: 81KB

.pdata Size: 60KB - Virtual size: 60KB

.idata Size: 10KB - Virtual size: 9KB

.gfids Size: 1KB - Virtual size: 1KB

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 364KB - Virtual size: 364KB

.data
Size: 71KB - Virtual size: 81KB

.pdata
Size: 60KB - Virtual size: 60KB

.idata
Size: 10KB - Virtual size: 9KB

.gfids
Size: 1KB - Virtual size: 1KB

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB