2024-04-05_889ecf60fcf76a8534b9e677742d0e9c_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-05_889ecf60fcf76a8534b9e677742d0e9c_ryuk
Size

156KB
MD5

889ecf60fcf76a8534b9e677742d0e9c
SHA1

6b0dd5c6b3fc94340400b4bfba79941d806287db
SHA256

bf304e8ae82037bbfd00eaed70c5f4053240385ab215b354c64a681d908ef9b8
SHA512

7b5c297e3c515574c262fcf0bb312c80249a16cb6c567c1a937be7398d71f5222d93bf54d588429215f45c601c6d0f5dc8ba4a65010f9555e5bb474c5cfe4a96
SSDEEP

3072:8O/oxXWSkkVxyY8p5cf0HMcovXgq/DxwNqjqiVtO0sq4hq:kxXWSkpXT9MzfrDfOe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-05_889ecf60fcf76a8534b9e677742d0e9c_ryuk

Files

2024-04-05_889ecf60fcf76a8534b9e677742d0e9c_ryuk
.exe windows:6 windows x64 arch:x64

39b5d11be99c11ea0377d4064b4f7819

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\ZTAO_CS2013\IP3D\main\PrimaAPI\TestCCMLO\Release\TestCCMLO.pdb

Imports

enhance

AllocSet
?Set@GeoNipple400@@QEAAXXZ
FreeSet

primaccmlo

QuodrantMatch
ComputeMatchGeo
NippleDistMatch
SearchObjects
ParseXml
LoadDcmXml

cadscience

GetCadScience
DemoResult

kernel32

GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
CreateFileW
HeapSize
HeapReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
WriteFile
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
OutputDebugStringW
CloseHandle
WaitForSingleObjectEx
CreateThread
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
LCMapStringW
SetStdHandle
GetStringTypeW
GetProcessHeap

Exports

Exports

??0AdvBdr400@@QEAA@AEBV0@@Z
??0AdvBdr400@@QEAA@XZ
??0BreastMaskClass@@QEAA@AEBV0@@Z
??0BreastMaskClass@@QEAA@HH@Z
??0FeatPeak@@QEAA@AEBV0@@Z
??0FeatPeak@@QEAA@HHH@Z
??0FeatPeak@@QEAA@XZ
??0GeoNipple400@@QEAA@AEBV0@@Z
??0GeoNipple400@@QEAA@PEAEHH_N@Z
??0IPt3D@@QEAA@HHH@Z
??0IPt3D@@QEAA@XZ
??0RoiVolF@@QEAA@MM@Z
??0RoiVolF@@QEAA@MMMMMM@Z
??1AdvBdr400@@QEAA@XZ
??1BreastMaskClass@@QEAA@XZ
??1FeatPeak@@QEAA@XZ
??1GeoNipple400@@QEAA@XZ
??1IPt3D@@QEAA@XZ
??4AdvBdr400@@QEAAAEAV0@AEBV0@@Z
??4ArtifactDetector@@QEAAAEAV0@AEBV0@@Z
??4BreastMaskClass@@QEAAAEAV0@AEBV0@@Z
??4FeatPeak@@QEAAAEAV0@AEBV0@@Z
??4GeoNipple400@@QEAAAEAV0@AEBV0@@Z
??4IPt3D@@QEAAAEAV0@AEBV0@@Z
??4RoiVolF@@QEAAAEAU0@$$QEAU0@@Z
??4RoiVolF@@QEAAAEAU0@AEBU0@@Z
?__autoclassinit2@AdvBdr400@@QEAAX_K@Z
?__autoclassinit2@ArtifactDetector@@QEAAX_K@Z
?__autoclassinit2@BreastMaskClass@@QEAAX_K@Z
?__autoclassinit2@FeatPeak@@QEAAX_K@Z
?__autoclassinit2@GeoNipple400@@QEAAX_K@Z

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39b5d11be99c11ea0377d4064b4f7819

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

enhance

primaccmlo

cadscience

kernel32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 232B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 232B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB