2024-04-21_4a6401724986485b31c3a34ec37e6126_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-21_4a6401724986485b31c3a34ec37e6126_ryuk
Size

588KB
MD5

4a6401724986485b31c3a34ec37e6126
SHA1

757d5ad08b2acf69db9681853bd851d2bc86a1d4
SHA256

b7030828e3d6f9bb3c1ca1f5606ed7d66f6291e7ed74fd8f243b97279ad798bd
SHA512

5a21a9a92cd6b276d2dda8148be915f3f5a21afce905eaaa67bfddd798bf393c374e641a2279c0201b19e6fffcc59071b6eab08e3918d2cd93eaa5caef7d3f7c
SSDEEP

12288:7hSKmgFyQuNKIshpF2X/IusK/MzeKoHR:EK9wQiKl2wusK/MyK6R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-21_4a6401724986485b31c3a34ec37e6126_ryuk

Files

2024-04-21_4a6401724986485b31c3a34ec37e6126_ryuk
.exe windows:6 windows x64 arch:x64

eeb189b51809f81bcb52f4aa61b2b9e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\build\workspace\megaglest-source_w64\mk\windoze\xml2gx64.pdb

Imports

kernel32

GetModuleHandleA
GetModuleFileNameA
CloseHandle
DuplicateHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexA
MultiByteToWideChar
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
HeapSize
RaiseException
GetTimeZoneInformation
SetEndOfFile
WriteConsoleW
SetFilePointerEx
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetStdHandle
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
SetLastError
CreateFileW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
WideCharToMultiByte
GetCommandLineA
GetCommandLineW
GetACP
ReadFile
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFullPathNameW
GetFullPathNameA
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetStringTypeW
HeapReAlloc
FlushFileBuffers
GetVersionExA

wsock32

listen
getsockname
bind
WSAGetLastError
WSASetLastError
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
socket
send
select
recv
ntohs
inet_addr
ioctlsocket
htons
htonl
getsockopt
inet_ntoa
connect
closesocket
__WSAFDIsSet

advapi32

SystemFunction036

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eeb189b51809f81bcb52f4aa61b2b9e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

wsock32

advapi32

Sections

.text Size: 384KB - Virtual size: 383KB

.rdata Size: 160KB - Virtual size: 160KB

.data Size: 9KB - Virtual size: 18KB

.pdata Size: 25KB - Virtual size: 24KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 384KB - Virtual size: 383KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 9KB - Virtual size: 18KB

.pdata
Size: 25KB - Virtual size: 24KB

.reloc
Size: 8KB - Virtual size: 7KB