2024-04-19_18b9bdaac21d3b57bc39973c4278154a_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-19_18b9bdaac21d3b57bc39973c4278154a_ryuk
Size

679KB
MD5

18b9bdaac21d3b57bc39973c4278154a
SHA1

b660436cdba39a3f30ebaa805c0fae8c7c302fec
SHA256

df4cf2f6d71657b9fef7fcac6d079088936bbe18ba64a22c4a4150271284a33d
SHA512

a2f9856af75de347f03276bd09786888a2551d7db34dd0262a735500f2b16570d76067e3ba10d113e16d0945a3afd322c86bc2d111cac25943287b4601f00c45
SSDEEP

12288:5b8HnXjaXH4FZKr0nXtsDSrJkgSzvsB3o:OXjaXSm4tsDSrp26o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-19_18b9bdaac21d3b57bc39973c4278154a_ryuk

Files

2024-04-19_18b9bdaac21d3b57bc39973c4278154a_ryuk
.exe windows:6 windows x64 arch:x64

e8df684bd8b3d8f30821be531e1b7bfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Jenkins\jobs\NV9000_Release_Builds\workspace\CtrlSys\ExternalItf\NvSonyROT16SBus\Release_x64\NvSonyROT16SBus.pdb

Imports

ws2_32

connect
closesocket
WSAStartup
ioctlsocket
ntohs
__WSAFDIsSet
listen
accept
gethostbyname
WSACleanup
bind
shutdown
setsockopt
sendto
recvfrom
select
WSAGetLastError
socket
send
recv
ntohl
inet_addr
htons
htonl

kernel32

GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
HeapSize
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
GetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleW
MultiByteToWideChar
GetLocalTime
MoveFileExW
CreateThread
SetCurrentDirectoryW
CreateDirectoryW
ResumeThread
IsDebuggerPresent
OutputDebugStringW
FlushFileBuffers
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindNextFileA
GetFileType
SetStdHandle
WriteConsoleW
ReadConsoleW
CreateFileW
SetEndOfFile
HeapFree
HeapReAlloc
CreateSemaphoreW
GetUserDefaultLCID
IsValidLocale
HeapAlloc
GetACP
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
WriteFile
GetStdHandle
ExitProcess
DeleteFileW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
EncodePointer
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LocalFree
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW

advapi32

ReportEventW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
SystemFunction036
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
CloseServiceHandle
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayDestroy
SysStringLen
SysAllocString
SysFreeString
VariantInit

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8df684bd8b3d8f30821be531e1b7bfb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 436KB - Virtual size: 435KB

.rdata Size: 201KB - Virtual size: 200KB

.data Size: 8KB - Virtual size: 17KB

.pdata Size: 25KB - Virtual size: 25KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 436KB - Virtual size: 435KB

.rdata
Size: 201KB - Virtual size: 200KB

.data
Size: 8KB - Virtual size: 17KB

.pdata
Size: 25KB - Virtual size: 25KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB