2024-04-21_1f280cf8990d3660017cfa7ba7889ee1_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-21_1f280cf8990d3660017cfa7ba7889ee1_ryuk
Size

92KB
MD5

1f280cf8990d3660017cfa7ba7889ee1
SHA1

aa2acb6a4b2ad63d3f076bbe02a3ede842137290
SHA256

a105267eb5494bb27335638750b8539679b3f6ae10f2b23ae003b13e5caacd1c
SHA512

58f954adf28c8dc3fb9b6cbe300f4953a324d65b955cf7da0d343f1371099c75db8f6c955230fc5110534ebd2721b477db220dbebbc3e270d999ef9f993d70f4
SSDEEP

1536:AuSNyPAK/+nq/K6E0h7udkB+vugH3sWMd09dl4KmQBEHYGMNl96MMsNbaKJSIz0q:bSNOAKmn4K6EgydkB+m6AMRiKJSIz1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-21_1f280cf8990d3660017cfa7ba7889ee1_ryuk

Files

2024-04-21_1f280cf8990d3660017cfa7ba7889ee1_ryuk
.exe windows:6 windows x64 arch:x64

f9f96584066b64b84bbf7ebfdf7f4f03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\adobe\AIR\code\build\win\results\Release\info\ExtendedAppEntry.vc2015.pdb

Imports

kernel32

SetStdHandle
WriteConsoleW
GetProcAddress
ExitProcess
HeapAlloc
GetProcessHeap
GetModuleHandleW
LoadLibraryW
CreateFileW
GetUserDefaultUILanguage
GetStdHandle
GetCommandLineW
RaiseException
SetFilePointerEx
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
FlushFileBuffers
WriteFile
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
RtlUnwindEx
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileType
GetCurrentProcess
GetModuleFileNameA
TerminateProcess
GetModuleHandleExW
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetConsoleCP
GetConsoleMode
HeapFree

shell32

CommandLineToArgvW

user32

MessageBoxExW

shlwapi

StrCmpW
PathAppendW
PathRemoveFileSpecW

msi

ord90

Exports

Exports

AmdPowerXpressRequestBetterBatteryLife
NvOptimusDisablement

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9f96584066b64b84bbf7ebfdf7f4f03

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

user32

shlwapi

msi

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 2KB - Virtual size: 1KB