2024-04-26_f65854d06803ca32fa8c4e39fd18ff1c_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-26_f65854d06803ca32fa8c4e39fd18ff1c_ryuk
Size

1.1MB
MD5

f65854d06803ca32fa8c4e39fd18ff1c
SHA1

a2ee024e3d0c50a8d5638441fc074f79910f59fe
SHA256

8b12174b822a944e1c60d627b30a69e134eeb2cc878bd78f42be654eb586d828
SHA512

82fde1e82e9b6f7506e721c2757879a6201b46df0eeb2a0930c731ba045c35d44467f2f9d1bde338e1dc25857ec529da4887b63df5e656b4b1fc89f978e01d88
SSDEEP

24576:UrUOAvVVhEJlsOAz1qR+WR2NZmDajohk5kc2XXFToy9:UrXKEJMz1qE3Yk5mX1Tb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-26_f65854d06803ca32fa8c4e39fd18ff1c_ryuk

Files

2024-04-26_f65854d06803ca32fa8c4e39fd18ff1c_ryuk
.exe windows:6 windows x64 arch:x64

663f409624257159ee8a618b1b4eb653

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
GetLastError
GetCurrentThread
GetThreadTimes
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
QueryPerformanceCounter
RtlPcToFileHeader
RaiseException
RtlUnwindEx
ReadFile
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetProcessHeap
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
FindClose
FindFirstFileExA
FindNextFileA
SetStdHandle
WriteConsoleW
CreateFileW
HeapSize
SetEndOfFile

advapi32

SystemFunction036

Sections

.text
Size: 823KB - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

663f409624257159ee8a618b1b4eb653

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 823KB - Virtual size: 822KB

.rdata Size: 228KB - Virtual size: 227KB

.data Size: 10KB - Virtual size: 18KB

.pdata Size: 33KB - Virtual size: 32KB

.gfids Size: 512B - Virtual size: 472B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 823KB - Virtual size: 822KB

.rdata
Size: 228KB - Virtual size: 227KB

.data
Size: 10KB - Virtual size: 18KB

.pdata
Size: 33KB - Virtual size: 32KB

.gfids
Size: 512B - Virtual size: 472B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB