2024-04-15_f2b124d482a95b9913d084110be23bb9_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-15_f2b124d482a95b9913d084110be23bb9_ryuk
Size

3.8MB
MD5

f2b124d482a95b9913d084110be23bb9
SHA1

852f32cacd9243049104dab6aa2c26b4200caf2f
SHA256

94bbb9a8928f13d6a899e11cf414a089a5075a2c71299d24b5ea5f13d16fa883
SHA512

30d88efe5093f2f1f41f5f9858e82be781030557a0034f98fee25400d478a69ed23a895e9ae36405826e5d0f3030ecda13f37eeab6266e857c424099069a858a
SSDEEP

49152:wOjPWriTKuk26pfC9Zp37QCz9bKO5u+42bfwgPpB/OIGpHBTFNeLYTyIU6ih/ukJ:0Dfkrb3B/OIETHV+Nu/IuEwo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-15_f2b124d482a95b9913d084110be23bb9_ryuk

Files

2024-04-15_f2b124d482a95b9913d084110be23bb9_ryuk
.exe windows:5 windows x64 arch:x64

0258ea2d4a586b7cda2cca9e7d43a996

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Prog\accelerate_lsp\bin\Release\x64\net_daemon64.pdb

Imports

kernel32

MoveFileExW
GetCommandLineW
OutputDebugStringA
GetPrivateProfileIntW
GetModuleHandleA
GetSystemDirectoryA
GetSystemWow64DirectoryA
GetVersionExA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
GetExitCodeProcess
CreateThread
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForMultipleObjects
DuplicateHandle
ConnectNamedPipe
DisconnectNamedPipe
CreateEventA
CreateFileA
CreateNamedPipeA
CreateWaitableTimerA
SetWaitableTimer
TryEnterCriticalSection
ReleaseMutex
CreateMutexA
GetLocalTime
GetFileSize
WriteFile
CopyFileW
SetFilePointer
GetTempPathA
GetTempFileNameA
CreateFileW
DeleteFileA
MoveFileA
MapViewOfFileEx
SetLastError
GetFileInformationByHandle
GetModuleFileNameA
CreateDirectoryW
GetFullPathNameW
GetFileSizeEx
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
ExpandEnvironmentStringsA
CreateProcessW
WriteConsoleW
FlushFileBuffers
GetConsoleCP
CreatePipe
GetTickCount
CloseHandle
ReadFile
Sleep
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
SetEndOfFile
ExpandEnvironmentStringsW
IsValidCodePage
FindNextFileA
FindFirstFileExA
ReadConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetACP
GetCommandLineA
ExitProcess
GetModuleHandleExW
ExitThread
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetDriveTypeW
RtlUnwindEx
RtlPcToFileHeader
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
FreeLibrary
WaitForSingleObject
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
GlobalFree
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
FlushConsoleInputBuffer
GetSystemTime
GlobalAlloc
GetModuleFileNameW
LoadLibraryW
GetLastError
SystemTimeToFileTime
GetProcAddress
GlobalMemoryStatus
FormatMessageW
FindClose
GetFileAttributesExW
SetFilePointerEx
AreFileApisANSI
WaitForSingleObjectEx
GetCurrentThread
EncodePointer
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
OutputDebugStringW
SleepEx
FormatMessageA
VerifyVersionInfoA
VerSetConditionMask
GetStdHandle
PeekNamedPipe
GetFileType

user32

GetUserObjectInformationW
GetProcessWindowStation
GetParent
MessageBoxW
MsgWaitForMultipleObjects
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
IsWindow
GetClassNameA
SetFocus

shell32

CommandLineToArgvW

ole32

CoCreateGuid
StringFromCLSID
IIDFromString
CoTaskMemFree
StringFromGUID2

advapi32

ReportEventW
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterEventSourceW
DeregisterEventSource
RegCloseKey

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

ws2_32

WSAGetLastError
ntohs
inet_addr
__WSAFDIsSet
WSCEnumProtocols32
recv
WSCDeinstallProvider
WSCWriteProviderOrder32
WSCWriteProviderOrder
WSCInstallProvider64_32
WSCInstallProvider
select
WSACleanup
WSAStartup
socket
closesocket
WSCGetProviderPath
WSCEnumProtocols
send
setsockopt
getsockopt
connect
getsockname
getpeername
WSASetLastError
WSAIoctl
bind
ioctlsocket
freeaddrinfo
getaddrinfo
sendto
recvfrom
listen
accept
gethostname
WSCDeinstallProvider32
htonl
shutdown
getservbyname
gethostbyname
htons

wldap32

ord35
ord30
ord50
ord32
ord211
ord301
ord22
ord46
ord143
ord60
ord41
ord26
ord27
ord33
ord200
ord79

normaliz

IdnToAscii

rpcrt4

UuidCreate

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 782KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 351KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.cave
Size: 157KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0258ea2d4a586b7cda2cca9e7d43a996

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

advapi32

version

iphlpapi

ws2_32

wldap32

normaliz

rpcrt4

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 782KB - Virtual size: 781KB

.data Size: 351KB - Virtual size: 377KB

.pdata Size: 126KB - Virtual size: 125KB

.gfids Size: 2KB - Virtual size: 2KB

.rsrc Size: 146KB - Virtual size: 146KB

.reloc Size: 26KB - Virtual size: 26KB

.cave Size: 157KB - Virtual size: 160KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 782KB - Virtual size: 781KB

.data
Size: 351KB - Virtual size: 377KB

.pdata
Size: 126KB - Virtual size: 125KB

.gfids
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 146KB - Virtual size: 146KB

.reloc
Size: 26KB - Virtual size: 26KB

.cave
Size: 157KB - Virtual size: 160KB