2024-04-15_fae2800c38fe3cde3a088fc400e29a7f_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-15_fae2800c38fe3cde3a088fc400e29a7f_ryuk
Size

1.5MB
MD5

fae2800c38fe3cde3a088fc400e29a7f
SHA1

9a6d43b9f2f2f30e72a9169d4c8ce548ed8db46e
SHA256

acb443519bc347258f0a333b10fddf6a4ed2cb14f3d0f7a8d058bcb9a8ece3c8
SHA512

014de27515ed5b93ab4386ce6b2a5f6073abdfb8b669233d9b2e478a5a0b051b1951dd680aec7a4fc24974372e9e8c613a1c573e2015b2e8fbf72f7caea3ccec
SSDEEP

24576:kun83hfJK4zWTwRYUe83COwuAva2CPpZlLJAWJPuSdRrKbN:P83hfJJzWTSYJBMlVA22Km

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-15_fae2800c38fe3cde3a088fc400e29a7f_ryuk

Files

2024-04-15_fae2800c38fe3cde3a088fc400e29a7f_ryuk
.exe windows:6 windows x64 arch:x64

fb15330479db18d8084aaea940c4bb0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildslave\fmod\build\_builds\fsbtool\win64\vs2015\release\FSBTool64.pdb

Imports

ole32

PropVariantClear
CoCreateInstance
CoInitialize
CoTaskMemFree
CoInitializeEx
CoUninitialize

shell32

CommandLineToArgvW

user32

GetDesktopWindow

winmm

timeGetTime
waveOutReset
waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInOpen
waveInGetDevCapsW
waveInGetDevCapsA
waveInGetNumDevs
waveOutGetPosition
waveOutGetNumDevs
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetDevCapsW
waveOutGetDevCapsA

ws2_32

ioctlsocket
accept
bind
closesocket
htonl
htons
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAGetLastError
WSACleanup
WSAStartup
socket
inet_addr
listen
recv
select
send
connect

shlwapi

ord219

kernel32

OpenEventA
HeapSize
WriteConsoleW
FlushFileBuffers
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCurrentDirectoryW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
HeapReAlloc
HeapFree
HeapAlloc
GetACP
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameA
GetFullPathNameA
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
MoveFileExW
DeleteFileW
GetFileType
GetDriveTypeW
CreateDirectoryW
LoadLibraryExW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetCPInfo
GetStringTypeW
GetLocaleInfoW
GetCommandLineW
CreateFileW
GetFileSizeEx
GetTempFileNameW
CloseHandle
GetLastError
HeapSetInformation
SetEvent
WaitForSingleObject
CreateEventW
GetProcAddress
LoadLibraryA
CreateFileA
GetFileSize
ReadFile
SetFilePointer
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetCurrentThreadId
SetThreadPriority
FreeLibrary
LoadLibraryW
GetSystemInfo
SetLastError
ResetEvent
CreateEventA
SetEndOfFile
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW

Exports

Exports

FSBank_Build
FSBank_BuildCancel
FSBank_FetchNextProgressItem
FSBank_Init
FSBank_MemoryGetStats
FSBank_MemoryInit
FSBank_Release
FSBank_ReleaseProgressItem
FSBank_SetLibraryPath

Sections

.text
Size: 1014KB - Virtual size: 1014KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb15330479db18d8084aaea940c4bb0e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

shell32

user32

winmm

ws2_32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 1014KB - Virtual size: 1014KB

.rdata Size: 354KB - Virtual size: 354KB

.data Size: 59KB - Virtual size: 324KB

.pdata Size: 42KB - Virtual size: 42KB

.gfids Size: 1024B - Virtual size: 544B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 36KB - Virtual size: 35KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 1014KB - Virtual size: 1014KB

.rdata
Size: 354KB - Virtual size: 354KB

.data
Size: 59KB - Virtual size: 324KB

.pdata
Size: 42KB - Virtual size: 42KB

.gfids
Size: 1024B - Virtual size: 544B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 36KB - Virtual size: 35KB

.reloc
Size: 7KB - Virtual size: 6KB