2024-04-23_0629a1dd34e93cae89df8321fd9d1b3b_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-23_0629a1dd34e93cae89df8321fd9d1b3b_ryuk
Size

1.2MB
MD5

0629a1dd34e93cae89df8321fd9d1b3b
SHA1

3f61df5c8b301f8d0064a91f26631754ca677ea7
SHA256

acba9bd3b0bd87cd1d2ad86728f603604ca834186db0754427246928d862843a
SHA512

fa8647105c17d329df47d5e308048fb3bf96ccc00eaad27b92e1afb9ca572b0a4529e6e3e187ec962a55a6560d0e38ececf91cd5ae353e19559dead7ae4252e1
SSDEEP

12288:aJcwFPbR3n6HBcTxPe/cjRVXGi/PKueN1iMUbh1uHW92hOBKoz3+Ba2f:axR3ntTN3nnKuenWbh1uW9TBK8oas

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-23_0629a1dd34e93cae89df8321fd9d1b3b_ryuk

Files

2024-04-23_0629a1dd34e93cae89df8321fd9d1b3b_ryuk
.exe windows:5 windows x64 arch:x64

0229e730909bc20705454924caf52ee4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

chrome_elf

SignalChromeElf

advapi32

GetUserNameW
ImpersonateNamedPipeClient
RevertToSelf
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
CreateProcessAsUserW
SystemFunction036
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
SetSecurityInfo
ConvertStringSidToSidW
RegDisablePredefinedCache
CopySid
CreateWellKnownSid
CreateRestrictedToken
DuplicateToken
DuplicateTokenEx
EqualSid
LookupPrivilegeValueW
SetThreadToken
ConvertSidToStringSidW
SetEntriesInAclW
GetSecurityInfo

kernel32

GetLastError
SetLastError
CreateEventW
GetCurrentThreadId
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetProcessId
SetCurrentDirectoryW
SetProcessShutdownParameters
LoadLibraryExW
VirtualAlloc
VirtualFree
GetModuleHandleW
CloseHandle
GetProcessTimes
OpenProcess
GetSystemTimeAsFileTime
ReadProcessMemory
UnregisterWaitEx
CreateFileW
WriteFile
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
SetEvent
ResetEvent
GetCurrentProcessId
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateMutexW
Sleep
RegisterWaitForSingleObject
FreeLibrary
LoadLibraryW
RtlCaptureContext
SetUnhandledExceptionFilter
ReleaseSemaphore
CreateSemaphoreW
CreateThread
SuspendThread
ResumeThread
GetThreadContext
VirtualQueryEx
MultiByteToWideChar
WideCharToMultiByte
RtlAddFunctionTable
RtlDeleteFunctionTable
CreateRemoteThread
VirtualProtect
GetModuleFileNameW
HeapAlloc
HeapReAlloc
HeapFree
GetComputerNameExW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
LockFileEx
SetEndOfFile
UnlockFileEx
GetStdHandle
PeekNamedPipe
SetHandleInformation
RaiseException
CreatePipe
SleepEx
TerminateProcess
CreateProcessW
GetVersion
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
SetFilePointerEx
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
LocalFree
GetProcAddress
GetSystemDefaultLCID
GetUserDefaultLCID
Wow64GetThreadContext
IsProcessorFeaturePresent
GetVersionExW
GetTimeZoneInformation
ExitProcess
GetCurrentDirectoryW
OutputDebugStringA
GetTickCount
GetCurrentThread
SetThreadPriority
GetThreadPriority
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCommandLineW
ExpandEnvironmentStringsW
GetNativeSystemInfo
GetExitCodeProcess
FlushFileBuffers
GetFileInformationByHandle
GetFileSizeEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
IsDebuggerPresent
GetLongPathNameW
QueryDosDeviceW
GetTempPathW
GetDriveTypeW
AssignProcessToJobObject
SetInformationJobObject
GetEnvironmentVariableW
SetEnvironmentVariableW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FindClose
FindFirstFileExW
FindNextFileW
VirtualQuery
RtlCaptureStackBackTrace
GetUserDefaultLangID
GetModuleHandleExW
LoadResource
LockResource
SizeofResource
FindResourceW
RtlLookupFunctionEntry
RtlVirtualUnwind
OutputDebugStringW
CompareStringW
DecodePointer
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetWindowsDirectoryW
InitOnceExecuteOnce
HeapSetInformation
TerminateJobObject
ProcessIdToSessionId
GetProcessHandleCount
SignalObjectAndWait
VirtualFreeEx
CreateJobObjectW
DebugBreak
lstrlenW
SearchPathW
GetThreadId
LoadLibraryExA
GetProcessHeap
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
EncodePointer
GetStringTypeW
GetModuleHandleA
GetCommandLineA
GetThreadLocale
GetFileType
GetConsoleMode
GetFullPathNameW
SetStdHandle
GetACP
ReadConsoleW
IsValidLocale
EnumSystemLocalesW
HeapSize
WriteConsoleW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetUserDefaultUILanguage
GetConsoleCP

shell32

SHGetKnownFolderPath
SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW

user32

GetUserObjectInformationW
GetProcessWindowStation
SetProcessWindowStation
CreateWindowStationW
GetThreadDesktop
CreateDesktopW
CloseWindowStation
CloseDesktop
FindWindowExW
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindow
SendMessageTimeoutW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

rpcrt4

UuidCreate

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders

Exports

Exports

ClearCrashKeyValueImpl
CrashForException
DumpProcessWithoutCrash
GetCrashReportsImpl
GetHandleVerifier
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
IsSandboxedProcess
RegisterNonABICompliantCodeRange
SetCrashKeyValueImpl
UnregisterNonABICompliantCodeRange

Sections

.text
Size: 826KB - Virtual size: 826KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0229e730909bc20705454924caf52ee4

Headers

DLL Characteristics

File Characteristics

Imports

chrome_elf

advapi32

kernel32

shell32

user32

version

winmm

wtsapi32

rpcrt4

winhttp

Exports

Exports

Sections

.text Size: 826KB - Virtual size: 826KB

.rdata Size: 230KB - Virtual size: 230KB

.data Size: 5KB - Virtual size: 46KB

.pdata Size: 39KB - Virtual size: 39KB

CPADinfo Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 25B

.gfids Size: 1024B - Virtual size: 816B

_RDATA Size: 32KB - Virtual size: 32KB

.rsrc Size: 123KB - Virtual size: 122KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 826KB - Virtual size: 826KB

.rdata
Size: 230KB - Virtual size: 230KB

.data
Size: 5KB - Virtual size: 46KB

.pdata
Size: 39KB - Virtual size: 39KB

CPADinfo
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 25B

.gfids
Size: 1024B - Virtual size: 816B

_RDATA
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 123KB - Virtual size: 122KB

.reloc
Size: 6KB - Virtual size: 6KB