2024-04-19_80f0aca4b8d98b917c54deef2d8ce7af_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-19_80f0aca4b8d98b917c54deef2d8ce7af_ryuk
Size

1.4MB
MD5

80f0aca4b8d98b917c54deef2d8ce7af
SHA1

81ed9f18d739550debb543a230f6caeaf74cfb7f
SHA256

38a89a654b2b07b753714472913219ed658fc09f0125665731b4dff4abcecf8d
SHA512

58b5e52650745197f21defe25a8abb7c3a57406824acf3ca41edb88fdac4d385f922119233b56678c8a032c3a23e9b8995eb6b6c188772cfa1ae3d49264ebb52
SSDEEP

24576:OAO2eygTZXTV4togOnGj9u50nk13Y4qk5YC6eDuBsKF7:cqwZXJ4thk+C6eiBH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-19_80f0aca4b8d98b917c54deef2d8ce7af_ryuk

Files

2024-04-19_80f0aca4b8d98b917c54deef2d8ce7af_ryuk
.exe windows:6 windows x64 arch:x64

51526174ecc18b4fe778e70b758a561f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Jenkins\jobs\NV9000_Release_Builds\workspace\CtrlSys\Server\NvMasterCO\Release_x64\NvMasterCO.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

send
select
recv
ntohl
htons
ioctlsocket
connect
closesocket
bind
recvfrom
getsockname
gethostbyname
ntohs
inet_ntoa
inet_addr
htonl
WSAGetLastError
WSACleanup
WSAStartup
socket
shutdown
setsockopt
sendto

iphlpapi

GetIpAddrTable
DeleteIPAddress
GetAdaptersInfo
AddIPAddress

kernel32

LoadLibraryW
WideCharToMultiByte
FormatMessageA
FormatMessageW
WaitForSingleObject
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleW
MultiByteToWideChar
CloseHandle
InitializeCriticalSection
SetEvent
CreateEventW
GetCurrentProcessId
CreateThread
TerminateThread
GetLocalTime
MoveFileExW
CreateFileW
GetDriveTypeW
GetLogicalDrives
GetLogicalDriveStringsW
DeviceIoControl
ReleaseSemaphore
GetLastError
GetTickCount
CreateSemaphoreW
GetProcAddress
GetCurrentProcess
GetCurrentThread
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
InitializeCriticalSectionEx
GetComputerNameW
SetCurrentDirectoryW
CreateDirectoryW
ReadFile
WriteFile
ClearCommBreak
GetCommState
GetCommTimeouts
SetCommBreak
SetCommState
SetCommTimeouts
CreateProcessA
GetExitCodeProcess
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
RaiseException
DecodePointer
FreeLibrary
Sleep
DeleteCriticalSection
GetCommandLineW
InitializeCriticalSectionAndSpinCount
CreateProcessW
GetFileAttributesExW
HeapSize
GetProcessHeap
SetConsoleCtrlHandler
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetCommandLineA
OutputDebugStringA
FindClose
RtlPcToFileHeader
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEndOfFile
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GlobalMemoryStatusEx
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapReAlloc
HeapFree
HeapAlloc
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
LocalFree
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
EncodePointer
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
DeleteFileW

user32

UnregisterClassW
MessageBoxW
CharNextW
PeekMessageW
PostThreadMessageW
LoadStringW
GetMessageW
DispatchMessageW

advapi32

RegisterEventSourceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
SystemFunction036
DeleteService
CreateServiceW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
ReportEventW
DeregisterEventSource
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
IsValidSid
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
ChangeServiceConfigW
RegEnumValueW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx
StringFromCLSID
CoRegisterClassObject
CoRevokeClassObject
CoInitializeSecurity
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoDisconnectObject

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocStringByteLen
VariantClear
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayDestroy
VariantInit
SysAllocString
SysStringLen
SysFreeString
CreateErrorInfo
GetErrorInfo
VariantChangeType
SetErrorInfo

Sections

.text
Size: 978KB - Virtual size: 977KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51526174ecc18b4fe778e70b758a561f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

iphlpapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 978KB - Virtual size: 977KB

.rdata Size: 382KB - Virtual size: 381KB

.data Size: 15KB - Virtual size: 26KB

.pdata Size: 56KB - Virtual size: 55KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 978KB - Virtual size: 977KB

.rdata
Size: 382KB - Virtual size: 381KB

.data
Size: 15KB - Virtual size: 26KB

.pdata
Size: 56KB - Virtual size: 55KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 8KB - Virtual size: 7KB