2024-04-26_c676eeb59fdccdd8e74de976fe7bf19e_ryuk | Triage

Sharing

General

Target

2024-04-26_c676eeb59fdccdd8e74de976fe7bf19e_ryuk
Size

264KB
MD5

c676eeb59fdccdd8e74de976fe7bf19e
SHA1

d58937220391b4e09b444b05ac4f0b6009b7e837
SHA256

3e82cb9221edcf33adcb26ed9b6a98e6b4bd127ba4eeb93c7cdd6c3a6e595090
SHA512

6ae326efd363acb13d41e8e1b260bfb976dfd10aef6023c0ff5c82273e1eb999b8b4356eb6489470ce5f08a7247ea6c1955032f4a26d7a99be0f19f856cf4204
SSDEEP

3072:M2DkGUbuOit0zFRbd091pWVbmeIuZzZmUQw:MRGUaOit0zF1AXabmePI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-26_c676eeb59fdccdd8e74de976fe7bf19e_ryuk

Files

2024-04-26_c676eeb59fdccdd8e74de976fe7bf19e_ryuk
.exe windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ