2024-03-10_e0d0ac7e35fa9121ff37685e30d6bb23_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-10_e0d0ac7e35fa9121ff37685e30d6bb23_ryuk
Size

3.2MB
MD5

e0d0ac7e35fa9121ff37685e30d6bb23
SHA1

bd6446b34393252718c9a29252784612759ea31c
SHA256

086d71f7d18982c9c5990fc167d1090951ad12adbcb0ff2f8ae99cd2f1af3e6b
SHA512

fe23b006382d7ea536be6f556400eae68b2f6a0e8399b3f6a7a862cf53e98ec77ced186d907cdb29df3339f0a63f740cb5473373bac29c825d4ef99212d3a9ec
SSDEEP

49152:+z4eLvu8F3j2WbQVdI17FpQ5Iq8gs0VJsv6tWKFdu9CQFmPguu744TTnWCLZgZ3l:2O8ZK2zRLrgseJsv6tWKFdu9CjI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-10_e0d0ac7e35fa9121ff37685e30d6bb23_ryuk

Files

2024-03-10_e0d0ac7e35fa9121ff37685e30d6bb23_ryuk
.exe windows:6 windows x64 arch:x64

bf976a660acd575c8958816a7aeab4f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetEvent
WaitForSingleObjectEx
CreateEventW
DuplicateHandle
WaitForSingleObject
Sleep
GetCurrentProcess
CreateThread
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
WaitForMultipleObjects
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
CreateFileW
FlushFileBuffers
GetFileType
GetLogicalDrives
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
SetErrorMode
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
GetLongPathNameW
RemoveDirectoryW
GetTempPathW
DeviceIoControl
LoadLibraryW
CloseHandle
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetUserDefaultUILanguage
MultiByteToWideChar
WideCharToMultiByte
ResetEvent
GetSystemDirectoryW
FindFirstFileExW
FindNextFileW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
FreeLibrary
GetModuleHandleExW
GetExitCodeProcess
OpenProcess
LoadLibraryA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
WriteConsoleW
HeapSize
SetEnvironmentVariableA
EnumSystemLocalesW
IsValidLocale
GetACP
GetStdHandle
GetModuleFileNameA
HeapReAlloc
HeapFree
HeapAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFileAttributesW
SetStdHandle
FreeLibraryAndExitThread
GetModuleFileNameW
GetStartupInfoW
GetLocalTime
GetSystemTime
FormatMessageW
GetProcAddress
GetModuleHandleW
GetLastError
GetConsoleWindow
OutputDebugStringW
LocalFree
GetCurrentProcessId
GetCommandLineW
GetUserDefaultLCID
CopyFileW
CompareStringW
ExitThread
ExitProcess
GetCommandLineA
ReleaseMutex
CreateMutexW
VirtualFree
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
LoadLibraryExW

user32

PeekMessageW
PostMessageW
DefWindowProcW
DispatchMessageW
UnregisterClassW
CreateWindowExW
DestroyWindow
GetQueueStatus
TranslateMessage
RegisterClassW
UnhookWindowsHookEx
CharNextExA
CallNextHookEx
MsgWaitForMultipleObjectsEx
SetWindowsHookExW
SetWindowLongPtrW
GetWindowLongPtrW
KillTimer
SetTimer

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoUninitialize

advapi32

RegFlushKey
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
GetTokenInformation
GetLengthSid
FreeSid
CopySid
OpenProcessToken
RegSetValueExW

ws2_32

WSAAsyncSelect

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf976a660acd575c8958816a7aeab4f6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

advapi32

ws2_32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 22KB - Virtual size: 42KB

.pdata Size: 67KB - Virtual size: 67KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 1024B - Virtual size: 572B

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 22KB - Virtual size: 42KB

.pdata
Size: 67KB - Virtual size: 67KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 1024B - Virtual size: 572B

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 8KB - Virtual size: 8KB