2024-04-08_4bbc098f230064de79611029f3076320_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-08_4bbc098f230064de79611029f3076320_ryuk
Size

16.4MB
MD5

4bbc098f230064de79611029f3076320
SHA1

0bd1149d5c29585ecef3cee5f37e119f70f1274d
SHA256

a3b27afd504b31a29ca9979b6db97933c228b9aa25a21f2ac568d85c14953022
SHA512

d5f1019d82b39ddbcc97b3f95e4c21007bfcc6ace2f5304c46aebcd1aeb3df3135172a865011c1f902f8cb3bb9b9262121448c01d95aa648cdb37679200f6b8a
SSDEEP

196608:6BT6YuxG2ygRm9ZZ5VIJceZ9sD6OoYYc:6dPuxagm9IJceZ9sD34c

Score

10^/10

Malware Config

Signatures

Detects executables packed with Enigma 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Enigma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-08_4bbc098f230064de79611029f3076320_ryuk

Files

2024-04-08_4bbc098f230064de79611029f3076320_ryuk
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\nw71_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb

Exports

Exports

GetHandleVerifier
GetPakFileHashes
IsSandboxedProcess

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 116B

.tls
Size: 512B - Virtual size: 385B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 68B

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 326B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 13.5MB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 330KB - Virtual size: 330KB

.data Size: 18KB - Virtual size: 51KB

.pdata Size: 59KB - Virtual size: 58KB

.00cfg Size: 512B - Virtual size: 40B

.gxfg Size: 11KB - Virtual size: 11KB

.retplne Size: 512B - Virtual size: 116B

.tls Size: 512B - Virtual size: 385B

.voltbl Size: 512B - Virtual size: 68B

CPADinfo Size: 512B - Virtual size: 56B

_RDATA Size: 512B - Virtual size: 244B

malloc_h Size: 512B - Virtual size: 326B

.rsrc Size: 170KB - Virtual size: 169KB

.reloc Size: 8KB - Virtual size: 8KB

.enigma1 Size: 13.5MB - Virtual size: 4KB

.enigma2 Size: 752KB - Virtual size: 752KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 330KB - Virtual size: 330KB

.data
Size: 18KB - Virtual size: 51KB

.pdata
Size: 59KB - Virtual size: 58KB

.00cfg
Size: 512B - Virtual size: 40B

.gxfg
Size: 11KB - Virtual size: 11KB

.retplne
Size: 512B - Virtual size: 116B

.tls
Size: 512B - Virtual size: 385B

.voltbl
Size: 512B - Virtual size: 68B

CPADinfo
Size: 512B - Virtual size: 56B

_RDATA
Size: 512B - Virtual size: 244B

malloc_h
Size: 512B - Virtual size: 326B

.rsrc
Size: 170KB - Virtual size: 169KB

.reloc
Size: 8KB - Virtual size: 8KB

.enigma1
Size: 13.5MB - Virtual size: 4KB

.enigma2
Size: 752KB - Virtual size: 752KB