2024-04-18_1486b5fa8faea9cf7dce032bc3314b93_ryuk

General

Target

2024-04-18_1486b5fa8faea9cf7dce032bc3314b93_ryuk
Size

6.8MB
MD5

1486b5fa8faea9cf7dce032bc3314b93
SHA1

abe0784c2214d32fd6f2993346c19ba016151de6
SHA256

27912c2fa53d80b2ffe9d31d9808ccf9aef74c7c0ff423a96c65037b21796180
SHA512

20247dcde22c04ce0034b187d55712b3f5e8077e5dd11e9cc8b1c3ae9616c07e2d53ea68b62e54ba0a94ab5693ca63ab8b79859b692135feecab6a86051cf2a3
SSDEEP

196608:vQSsyW1qHha3PswuTun5fiRgb8/52H7cfp6vC:ISWguP4o6+As0p6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-18_1486b5fa8faea9cf7dce032bc3314b93_ryuk

Files

2024-04-18_1486b5fa8faea9cf7dce032bc3314b93_ryuk
.exe windows:6 windows x64 arch:x64

afcd14dae08fa7ba7053380b1118fe56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AreFileApisANSI
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: 233KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vlizer0
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vlizer1
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afcd14dae08fa7ba7053380b1118fe56

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wtsapi32

user32

Sections

.text Size: 233KB - Virtual size: 236KB

.data Size: 17KB - Virtual size: 20KB

_RDATA Size: 512B - Virtual size: 4KB

.vlizer0 Size: 2.5MB - Virtual size: 2.5MB

.vlizer1 Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 233KB - Virtual size: 236KB

.data
Size: 17KB - Virtual size: 20KB

_RDATA
Size: 512B - Virtual size: 4KB

.vlizer0
Size: 2.5MB - Virtual size: 2.5MB

.vlizer1
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB