2024-04-16_b3bcabdbdd37c20ccc0097e889f3ede0_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-16_b3bcabdbdd37c20ccc0097e889f3ede0_ryuk
Size

497KB
MD5

b3bcabdbdd37c20ccc0097e889f3ede0
SHA1

db95430a42eb6ba2866bf365cf368eb2569c070f
SHA256

8e27b4ddffb0b257f7e12051e051265af61924de2c4a849a6717f566896d4234
SHA512

3bdc24938868b39d418949aad46f9f62f00471d8131a5596ed2f8ad2cd644fe9444917b583ab97a68efefd287afa9eebedcd784a99409d35c7f2a56bec0f9f57
SSDEEP

6144:2YglVUzaisvooL2kjDx/a4tHQDw3ttA3NzzMMzPd0jvdNTZlHG+Ps9Mmbhti5QgD:Cl2iUt8sNzDRaJZ09MmbLi57iC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-16_b3bcabdbdd37c20ccc0097e889f3ede0_ryuk

Files

2024-04-16_b3bcabdbdd37c20ccc0097e889f3ede0_ryuk
.exe windows:5 windows x64 arch:x64

3497e10c19d7de7f65dfd3d4c7f9e7fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WaitForSingleObject
Sleep
GetLastError
GetSystemDirectoryA
LockResource
DeleteFileA
CreateThread
GetWindowsDirectoryA
LoadResource
LocalFree
CreateDirectoryA
ReadFile
GetFileSizeEx
WriteFile
SetFilePointer
CreateMutexA
LocalAlloc
ReleaseMutex
CreateFileA
CloseHandle
GetStartupInfoA
CreateProcessA
OutputDebugStringA
GetLocalTime
InitializeCriticalSection
ExitProcess
GetTickCount
SetUnhandledExceptionFilter
VirtualFree
VirtualAlloc
DeleteCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
FindNextFileA
FindClose
SetFileTime
FindResourceA
LocalFileTimeToFileTime
GetFileAttributesA
SystemTimeToFileTime
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FindFirstFileExA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetACP
GetCommandLineW
GetCommandLineA
GetCurrentDirectoryA
SizeofResource
TryEnterCriticalSection
GetCurrentThreadId
WideCharToMultiByte
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
HeapReAlloc
GetModuleHandleExW
GetStdHandle
GetModuleFileNameA

user32

wsprintfA

ws2_32

accept
bind
WSAIoctl
__WSAFDIsSet
gethostbyname
select
listen
send
socket
connect
recv
htonl
htons
setsockopt
WSAStartup
gethostname
inet_addr
closesocket

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetReadFile
InternetOpenA
InternetCloseHandle

iphlpapi

GetTcpTable

advapi32

SystemFunction036

Sections

.text
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3497e10c19d7de7f65dfd3d4c7f9e7fb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

wininet

iphlpapi

advapi32

Sections

.text Size: 325KB - Virtual size: 324KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 15KB - Virtual size: 22KB

.pdata Size: 20KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 325KB - Virtual size: 324KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 15KB - Virtual size: 22KB

.pdata
Size: 20KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB