2024-04-08_cda4e9803eb98c8406836fa9d72238b3_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-08_cda4e9803eb98c8406836fa9d72238b3_ryuk
Size

202KB
MD5

cda4e9803eb98c8406836fa9d72238b3
SHA1

8ccfc34c2b345730954291c17d875153de086644
SHA256

f369833359386dde71d08b08dcb601f2518f48e3224a780fa4c879f011c19ce4
SHA512

6c9b5933f294b61c464f8463d024a071f0e8547bcb536191a34385bf53be8dea2bc414123c8ebc024a5ad90e2b5be00d6d02beee6820a2933763cc3b5335ce64
SSDEEP

3072:NFVOfXbtjE9gyOsDXSXdN44hfLVoqDfExbU:zVQNE9VruNS06WfWQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-08_cda4e9803eb98c8406836fa9d72238b3_ryuk

Files

2024-04-08_cda4e9803eb98c8406836fa9d72238b3_ryuk
.exe windows:5 windows x64 arch:x64

140323b54ca264c55588b8c62dd1aacc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetIpNetTable
GetAdaptersAddresses
IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

kernel32

GetLastError
Process32NextW
GetCurrentThread
LoadLibraryA
GlobalAlloc
DeleteFileW
Process32FirstW
GlobalFree
Sleep
CreateThread
HeapAlloc
GetWindowsDirectoryW
GetProcAddress
VirtualAllocEx
LocalFree
ExitProcess
GetProcessHeap
FreeLibrary
CopyFileW
CreateRemoteThread
VirtualFreeEx
GetTickCount
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
GetVersionExW
CreateFileW
GetTempPathW
SetFilePointer
WaitForMultipleObjects
GetModuleFileNameW
VirtualAlloc
GetCurrentProcess
GetCommandLineW
VirtualFree
SetLastError
HeapFree
WriteProcessMemory
CloseHandle
SetFilePointerEx
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
TerminateProcess
GetModuleHandleExW
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
GetACP
LCMapStringW
GetStringTypeW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo

advapi32

LookupAccountSidW
OpenThreadToken
EnumServicesStatusW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
ImpersonateSelf
OpenProcessToken
GetTokenInformation

shell32

ShellExecuteW
CommandLineToArgvW

ws2_32

closesocket
WSAStartup
socket
bind
htons
sendto
setsockopt
WSACleanup
htonl
inet_addr

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

140323b54ca264c55588b8c62dd1aacc

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

kernel32

advapi32

shell32

ws2_32

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 64KB - Virtual size: 2.7MB

.pdata Size: 4KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 188B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 64KB - Virtual size: 2.7MB

.pdata
Size: 4KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 188B

.reloc
Size: 2KB - Virtual size: 1KB