2024-04-22_b3747a65170eaa6ef0d57e43a15e29ea_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-22_b3747a65170eaa6ef0d57e43a15e29ea_ryuk
Size

2.5MB
MD5

b3747a65170eaa6ef0d57e43a15e29ea
SHA1

7cf7dd988ba806baeba329c2f4b7bdb9f27fb8bb
SHA256

1d9d47b8a43c2a5b4fbc5eb70aea66b1de61894d96c7fc266b18545b2d858263
SHA512

d88058fba983583374dcf99dedef86e9a2617ce30242e18f79318178aaabd34b3875f7e4d3a91d508f1b4ccffb820ae88684dede9202b2680379d4de87c6ac0e
SSDEEP

49152:Nu2kHjjzO+okyOF2bSDBf51tNb8ThIU6idojj:A2kDyN29/boW+do

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-22_b3747a65170eaa6ef0d57e43a15e29ea_ryuk

Files

2024-04-22_b3747a65170eaa6ef0d57e43a15e29ea_ryuk
.exe windows:6 windows x64 arch:x64

de830023a6362f932b4640fb4f61163c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_aligned_free
_aligned_malloc
_amsg_exit
_assert
_beginthreadex
_cexit
_chmod
_chsize
_commode
_errno
_fileno
_fmode
_initterm
_localtime64
_lock
_mkdir
_mktime64
_onexit
_stat64
_sys_nerr
_time64
_unlock
_utime
_vscprintf
_vsnprintf
abort
calloc
exit
fclose
fflush
fopen
fprintf
fputc
fputwc
fread
free
freopen
fseek
ftell
fwprintf
fwrite
getenv
islower
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
realloc
remove
signal
strcat
strcmp
strcpy
strerror
strlen
strncmp
strncpy
vfprintf
wcslen

kernel32

AcquireSRWLockExclusive
CloseHandle
DeleteCriticalSection
EnterCriticalSection
FlsAlloc
FlsGetValue
FlsSetValue
FreeLibrary
GetLastError
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
InitOnceExecuteOnce
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
RaiseException
ReleaseSRWLockExclusive
RtlLookupFunctionEntry
RtlRestoreContext
RtlUnwindEx
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WakeAllConditionVariable
WideCharToMultiByte

Sections

.text
Size: 764KB - Virtual size: 763KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de830023a6362f932b4640fb4f61163c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 764KB - Virtual size: 763KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 15KB - Virtual size: 14KB

.rodata Size: 1.7MB - Virtual size: 1.7MB

.tls Size: 512B - Virtual size: 384B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 764KB - Virtual size: 763KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 15KB - Virtual size: 14KB

.rodata
Size: 1.7MB - Virtual size: 1.7MB

.tls
Size: 512B - Virtual size: 384B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB