2024-03-28_751b5b8f1e27cd51b8750d6a5f1f2a96_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-28_751b5b8f1e27cd51b8750d6a5f1f2a96_ryuk
Size

854KB
MD5

751b5b8f1e27cd51b8750d6a5f1f2a96
SHA1

c862fc11eb9de6fc655c5c80504153a33ef3cd25
SHA256

0f214cd89318c500389e77ff124f5b7a835b6e9dcd22ef30f91d2e90cade1d6b
SHA512

ac48e0ecc6d0c33d409717e721e7f8c9783785257325560cc88e195b930fee27d66db0220c3657ad5f9c444b3fb2c9a810c53bd12af6ed37c23707c6b6a2ab3c
SSDEEP

24576:5jUvcFHlkUCgevfUUF3edgRGMfJ0rVCPQXOvKr9B9J:5jP9+VPfbFudgRGQJCVCPQXZX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-28_751b5b8f1e27cd51b8750d6a5f1f2a96_ryuk

Files

2024-03-28_751b5b8f1e27cd51b8750d6a5f1f2a96_ryuk
.exe windows:5 windows x64 arch:x64

2a10f31970612b32ba33e5dbe4e0883c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\cygwin64\home\buildbot\DebugSystem22\software\Output\NetworkServer.pdb

Imports

phidget22extra

pconf_parsepcs
startDaemon
getLogLevel
getComputerName
getErrorStr
pconf_renderpc_locked
pconf_parsepc_locked
pconf_unlock_locked
pconf_parsepc

phidget22

pnwrite
pnread
mostimestamp_monthstring
mostimestamp_now
mos_strrchrc
kv_read
json_escape
getNetConnPrivate
PhidgetNet_unpublishmdns
mos_strchr
kvvset
setNetConnHandlers
mos_sscanf
PhidgetNet_startServer2
kvset
mos_urldecode
kvfree
mos_strtrim
setNetConnProtocol
setNetConnConnectionTypeListener
getNetConnPeerName
handleDeviceRequest
kvadd
getIPhidgetServerNetConn
mos_strlcat
getPhidgetServerHandle
setNetConnPrivate
kvsetcaseinsensitive
PhidgetNet_publishmdns
setNetConnConnTypeStr
newkv
mos_strcasestrc
handleDeviceClient
netConnReadLine
pconf_create
pconf_renderjson
pconf_setcreatemissing
mos_file_readx
kvgeti32
mos_strcasecmp
mostimestamp_toepoch
mos_file_writex
pconf_addi
mos_vsnprintf
netConnWrite
kvgetbool
mostimestamp_fromstring
kvgetstrc
mos_strncmp
pconf_renderpc
mos_strtou64
pconf_set
mos_base64_encode
mos_SHA1_Final
mos_SHA1_Update
mos_SHA1_Init
pconf_getcount
PhidgetManager_close
PhidgetManager_create
PhidgetManager_open
Phidget_finalize
pconf_get64
mos_optarg
PhidgetLog_enableNetwork
PhidgetLog_setSourceLevel
mos_getopt
PhidgetLog_getRotating
mos_printef
PhidgetLog_disable
PhidgetLog_enable
PhidgetLog_setRotating
PhidgetLog_disableNetwork
PhidgetManager_delete
pconf_getu32
PhidgetNet_startServer
PhidgetDictionary_enableStatsDictionary
PhidgetNet_setProperty
PhidgetNet_stopServer
PhidgetDictionary_enableControlDictionary
mos_opendir
mos_cond_init
mos_iop_addnotice
mos_iop_release
Phidget_close
mos_endswith
_mos_free
pconf_update
pconf_release
_mos_alloc
mos_mutex_unlock
mos_readdir
pconf_addstr
mos_task_exit
PhidgetDictionary_add
mos_iop_alloc
mos_task_create
mos_glock
Phidget_setDeviceLabel
pconf_tostring
pconf_getbool
mos_mutex_lock
PhidgetDictionary_delete
Phidget_openWaitForAttachment
pconf_get32
Phidget_setDeviceSerialNumber
pconf_getentryname
mos_closedir
mos_mkdirp
mos_cond_timedwait
pconf_addblock
mos_asprintf
pconf_exists
mos_strcmp
mos__strdup
pconf_addbool
pconf_getstr
mos_gunlock
mos_task_exiting
PhidgetDictionary_create
Phidget_validDictionaryKey
PhidgetDictionary_addDictionary
pconf_remove
PhidgetDictionary_setOnChangeCallbackHandler
mos_mutex_init
mos_snprintf
mos_gettime_usec
PhidgetLog_loge
mos_strlcpy
mos_strlen
mos_basename
mos_usleep
setNetConnConnectionTypeLocal

kernel32

SetFilePointerEx
GetStringTypeW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
FindNextFileA
FindFirstFileExA
FindClose
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetStdHandle
GetCurrentDirectoryW
MoveFileExW
GetTimeZoneInformation
LCMapStringW
CompareStringW
WriteConsoleW
GetACP
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
GetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
GetModuleFileNameW
RaiseException
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
GetFileSize
LockFileEx
LocalFree
CreateFileMappingA
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetVersionExW
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
EnterCriticalSection
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
SetConsoleCtrlHandler
IsValidCodePage

advapi32

SystemFunction036

Sections

.text
Size: 661KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a10f31970612b32ba33e5dbe4e0883c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

phidget22extra

phidget22

kernel32

advapi32

Sections

.text Size: 661KB - Virtual size: 661KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 11KB - Virtual size: 17KB

.pdata Size: 37KB - Virtual size: 36KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 661KB - Virtual size: 661KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 11KB - Virtual size: 17KB

.pdata
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB