2024-04-29_194b2a72075b6be7b2e2d7f65726b6dd_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-29_194b2a72075b6be7b2e2d7f65726b6dd_ryuk
Size

3.1MB
MD5

194b2a72075b6be7b2e2d7f65726b6dd
SHA1

90b0a6fc93df296d7538414a925e9583f0212350
SHA256

4f58042197662abc4b9f11791d9da0d5b3e804c520f64434e7e24a729adae47a
SHA512

db734be19c0684eb264c824f6e86997042c3b8163be3ed37fc3a7b9d9cff3cd4f2bead552064e8380c666b2127ccbedb51a1ac6f0a45f6e017686f5ef27c8b64
SSDEEP

49152:tCrHMFtkGBa+r0Wv/pBWyWHHR5xPhQeoNfLvd5LAX4DTnCBPL2sFK7mCsko:tCA5Lh41TC5LSl2sFyw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-29_194b2a72075b6be7b2e2d7f65726b6dd_ryuk

Files

2024-04-29_194b2a72075b6be7b2e2d7f65726b6dd_ryuk
.exe windows:5 windows x64 arch:x64

5bb89c7a46e65c4e89554bd2e5d323c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Landun\workspace\CommonComponent\ACE-Service\1.compile_source\output\x64\ACE_pub\ACE-Service64.pdb

Imports

shlwapi

UrlEscapeA
PathFindFileNameW
PathRemoveFileSpecA
PathRemoveBackslashA
PathIsRootA
PathFileExistsA
PathRemoveFileSpecW
SHGetValueA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW

ws2_32

sendto
shutdown
getpeername
WSAIoctl
htonl
htons
recvfrom
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
socket
setsockopt
listen
connect
closesocket
bind
accept
WSASetLastError
send
recv
getnameinfo
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
ntohs
getsockopt
getsockname
ioctlsocket
WSAResetEvent
__WSAFDIsSet
select
gethostname
WSAWaitForMultipleEvents

wldap32

ord60
ord211
ord143
ord217
ord46
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord301
ord200
ord30
ord79

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertCloseStore
CertFreeCertificateContext

netapi32

Netbios

dbghelp

SymFunctionTableAccess64
StackWalk64
SymGetModuleBase64
SymInitialize

kernel32

GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
ResumeThread
SwitchToThread
GetCurrentProcess
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
Process32FirstW
CloseHandle
LocalFree
GetTickCount
InitializeCriticalSectionAndSpinCount
OpenEventW
RaiseException
DecodePointer
DeleteCriticalSection
CreateFileW
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
ReadFile
SetNamedPipeHandleState
WriteFile
GetModuleFileNameW
CreateNamedPipeW
WaitForSingleObject
CreateEventW
SetEvent
SetCurrentDirectoryW
ConnectNamedPipe
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
CreateProcessW
VirtualFree
VirtualAlloc
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
GetModuleHandleA
LoadLibraryExA
FindResourceA
LockResource
LoadResource
FreeLibrary
lstrcmpiW
CreateMutexW
GetFileAttributesW
ReleaseMutex
GetSystemDirectoryW
SetFileAttributesW
DeleteFileW
MultiByteToWideChar
GetCurrentProcessId
CreateThread
FindClose
CreateEventA
GetModuleFileNameA
ExpandEnvironmentStringsA
GetPrivateProfileIntA
GetPrivateProfileStringA
UnregisterWait
GetFileAttributesA
DeleteFileA
FindFirstFileA
GlobalMemoryStatusEx
GetSystemInfo
GetCurrentThreadId
CreateFileA
WerUnregisterRuntimeExceptionModule
LoadLibraryW
SetUnhandledExceptionFilter
GetCurrentThread
ReadProcessMemory
LoadLibraryA
AddVectoredExceptionHandler
VirtualQuery
SetEndOfFile
SetFilePointerEx
IsBadReadPtr
Module32FirstW
OutputDebugStringA
RtlCaptureContext
InitializeCriticalSection
VirtualProtect
ResetEvent
UnhandledExceptionFilter
VerSetConditionMask
OpenMutexW
MapViewOfFileEx
VerifyVersionInfoW
GetTickCount64
SetLastError
GetFileType
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageA
CreateFiber
DeleteFiber
SwitchToFiber
GetSystemTimeAsFileTime
QueryPerformanceCounter
ConvertThreadToFiber
ConvertFiberToThread
FindNextFileA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
LoadLibraryExW
ReleaseSemaphore
CreateSemaphoreA
CreateMutexA
SleepEx
GetSystemDirectoryA
QueryPerformanceFrequency
FormatMessageW
MoveFileExA
CompareFileTime
GetEnvironmentVariableA
WaitForMultipleObjects
PeekNamedPipe
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
WaitForSingleObjectEx
GetThreadTimes
FreeLibraryAndExitThread
GetVersionExW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlPcToFileHeader
RtlUnwindEx
ExitThread
GetModuleHandleExW
GetFileAttributesExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
SetConsoleCtrlHandler
GetACP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
CreateDirectoryA
ReadConsoleA
TryEnterCriticalSection
GetStringTypeW

user32

MessageBoxA
GetUserObjectInformationW
GetSystemMetrics
EnumDisplayDevicesA
GetProcessWindowStation

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
SetNamedSecurityInfoA
GetNamedSecurityInfoA
SetEntriesInAclA
RegDeleteKeyValueW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
OpenProcessToken
StartServiceW
ChangeServiceConfigW
OpenServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
CryptAcquireContextA

psapi

GetModuleBaseNameA
GetModuleInformation

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 831KB - Virtual size: 831KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bb89c7a46e65c4e89554bd2e5d323c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

version

ws2_32

wldap32

crypt32

netapi32

dbghelp

kernel32

user32

shell32

advapi32

psapi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 831KB - Virtual size: 831KB

.data Size: 46KB - Virtual size: 66KB

.pdata Size: 116KB - Virtual size: 116KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 30KB

.tvm0 Size: 164KB - Virtual size: 164KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 831KB - Virtual size: 831KB

.data
Size: 46KB - Virtual size: 66KB

.pdata
Size: 116KB - Virtual size: 116KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 30KB

.tvm0
Size: 164KB - Virtual size: 164KB