2024-04-10_0a1fc193856f114c35a1d8b9ae78c81e_ryuk | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-10_0a1fc193856f114c35a1d8b9ae78c81e_ryuk
Size

5.8MB
MD5

0a1fc193856f114c35a1d8b9ae78c81e
SHA1

a1b65577e2e082d463471cbef6417e3366a3be72
SHA256

6c3f63fbe9189a04dd707fb1214c05ac24cbf52fcb8f2e73d3f8b40c63fbb45b
SHA512

11ff75ff443570d4885bf9df4f52db0f16d62beb3d85d18677f426b30789420ac387b701e81bea327e51fe1098d66ada4c03c44547524bec8382f5ae7cc95af9
SSDEEP

98304:ZOYCvFpDgDVkUMN9vdIWXe+q2WWmQNfTBBGzQuKLQ59PzN26btqXM7LTKtD9Rykf:ZUvfD0kUMNFd9e+q2WWmQNLBBGZlrQaS

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

resource	yara_rule
sample	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-10_0a1fc193856f114c35a1d8b9ae78c81e_ryuk

Files

2024-04-10_0a1fc193856f114c35a1d8b9ae78c81e_ryuk
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.pyc