2024-04-25_a74514a8689c48fdd73fe4a340802ed0_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-25_a74514a8689c48fdd73fe4a340802ed0_ryuk
Size

1.3MB
MD5

a74514a8689c48fdd73fe4a340802ed0
SHA1

aa6b986f6307efe38d25e2140ed3b1c3ef396c4b
SHA256

dc79c213a28493bb4ba2c8e274696a41530a5983c7a3586b31ff69a5291754e6
SHA512

ecc1df7a4b1534494b306391e522cdead6000fb3dddea45f985ee4ffa0b08aee33f789d4380a27e14459233120e812f006d5494fb0191f40531ad62940dd824a
SSDEEP

12288:ZOdMlcPltvWG+ktEmwjbmmIXlBJLZYcmIfPizEjKNxis7EiUfF/RlZKvyJQSZVYN:muc3vWq2NbEEEiUN9KvyJHVYw02lZ5i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-25_a74514a8689c48fdd73fe4a340802ed0_ryuk

Files

2024-04-25_a74514a8689c48fdd73fe4a340802ed0_ryuk
.exe windows:6 windows x64 arch:x64

4af58f90bf89d80e9b252aae09d25711

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareStringEx
CompareStringW
CreateEventExW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreatePipe
CreateProcessW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoEx
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
K32GetModuleBaseNameW
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadpoolTimer
SetThreadpoolWait
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SubmitThreadpoolWork
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
WaitForSingleObject
WaitForSingleObjectEx
WaitForThreadpoolTimerCallbacks
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

wsprintfW

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

ole32

CoTaskMemFree

urlmon

FindMimeFromData

wininet

HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetQueryOptionA
InternetReadFile
InternetSetCookieA
InternetSetOptionA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4af58f90bf89d80e9b252aae09d25711

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

urlmon

wininet

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 189KB - Virtual size: 189KB

.data Size: 8KB - Virtual size: 112KB

.pdata Size: 57KB - Virtual size: 57KB

.00cfg Size: 512B - Virtual size: 40B

.gehcont Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 189KB - Virtual size: 189KB

.data
Size: 8KB - Virtual size: 112KB

.pdata
Size: 57KB - Virtual size: 57KB

.00cfg
Size: 512B - Virtual size: 40B

.gehcont
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 4KB - Virtual size: 3KB