2024-04-19_a38fc71536d4cd6da498c16048168d6f_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-19_a38fc71536d4cd6da498c16048168d6f_ryuk
Size

1.5MB
MD5

a38fc71536d4cd6da498c16048168d6f
SHA1

2cb29c3e11b26d93d702bb673fcc565086bfbb3c
SHA256

7fc919a99f08403231c2b02378936592f93edb05cc15c85a8ded2889f1e8ab0f
SHA512

866e8855dbfc0c70276eecbf36c5e17b3504258822931e6661071d19a748e30d0deb651a349c0036933cd0857c4000331a14e845fa0102e4bdd6bd973af3ea23
SSDEEP

24576:LiilO9ZrOCniCc/9NlwTgCCSHaCZNFWWDXUvBw6rg9KIwWcqXQ:tlO9ZrOCniCE9Og3AYK6rg8oA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-19_a38fc71536d4cd6da498c16048168d6f_ryuk

Files

2024-04-19_a38fc71536d4cd6da498c16048168d6f_ryuk
.exe windows:6 windows x64 arch:x64

38830a18a650f403e45b48b49882b108

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildslave\fmod\build\_builds\fsbtool\win64\vs2015\release\FSBTool64.pdb

Imports

ole32

PropVariantClear
CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
CoInitializeEx

shell32

CommandLineToArgvW

user32

GetDesktopWindow

winmm

waveOutGetNumDevs
timeGetTime
waveOutReset
waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInOpen
waveInGetDevCapsW
waveInGetDevCapsA
waveInGetNumDevs
waveOutGetPosition
waveOutGetDevCapsA
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetDevCapsW

ws2_32

htonl
accept
bind
closesocket
connect
htons
inet_addr
ntohl
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAGetLastError
WSACleanup
ioctlsocket
listen
recv
select
send
socket
WSAStartup

shlwapi

ord219

kernel32

CreateEventA
HeapSize
WriteConsoleW
FlushFileBuffers
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCurrentDirectoryW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
HeapReAlloc
HeapFree
HeapAlloc
GetACP
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameA
GetFullPathNameA
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
MoveFileExW
DeleteFileW
GetFileType
GetDriveTypeW
CreateDirectoryW
LoadLibraryExW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetCommandLineW
CreateFileW
GetFileSizeEx
GetTempFileNameW
CloseHandle
GetLastError
HeapSetInformation
SetEvent
WaitForSingleObject
CreateEventW
GetProcAddress
LoadLibraryA
CreateFileA
GetFileSize
ReadFile
SetFilePointer
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetCurrentThreadId
SetThreadPriority
FreeLibrary
LoadLibraryW
GetSystemInfo
SetLastError
ResetEvent
SetEndOfFile
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW

Exports

Exports

FSBank_Build
FSBank_BuildCancel
FSBank_FetchNextProgressItem
FSBank_Init
FSBank_MemoryGetStats
FSBank_MemoryInit
FSBank_Release
FSBank_ReleaseProgressItem
FSBank_SetLibraryPath

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38830a18a650f403e45b48b49882b108

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

shell32

user32

winmm

ws2_32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 360KB - Virtual size: 360KB

.data Size: 61KB - Virtual size: 325KB

.pdata Size: 43KB - Virtual size: 43KB

.gfids Size: 1024B - Virtual size: 544B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 36KB - Virtual size: 35KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 360KB - Virtual size: 360KB

.data
Size: 61KB - Virtual size: 325KB

.pdata
Size: 43KB - Virtual size: 43KB

.gfids
Size: 1024B - Virtual size: 544B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 36KB - Virtual size: 35KB

.reloc
Size: 7KB - Virtual size: 6KB