2024-05-02_157d4a40d59dab6c6e4fb915d8df9009_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-02_157d4a40d59dab6c6e4fb915d8df9009_ryuk
Size

3.5MB
MD5

157d4a40d59dab6c6e4fb915d8df9009
SHA1

992f782ead39e8e325f5158bb7ce81e909815308
SHA256

be3f34ce73b6bcb118cbde129c71ddaf36ad9c2ed0936a26d615aa5a6e9ca463
SHA512

2e5d7db98b9c1a0979c569868598075578731a3e8d74b74cfdc3a85b52f386b887ce2ac12f39c449833c0dcb2934d5dc154169d010a407cfdb84cb9c822d6bc5
SSDEEP

49152:lUU7h0P0YyPIdJ3cfv07gt5GGp45gjTgy2EFGx8oVclw5FnBRksPH4cLTwERo7qe:llmPJMk7gqSBFY82cuXEyL27qb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-02_157d4a40d59dab6c6e4fb915d8df9009_ryuk

Files

2024-05-02_157d4a40d59dab6c6e4fb915d8df9009_ryuk
.exe windows:5 windows x64 arch:x64

c9634f1f0071373fae9aef53d00451b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\projects\vim-win32-installer\vim\src\vim.pdb

Imports

kernel32

SetConsoleTitleW
VirtualQuery
GlobalSize
GlobalAlloc
GlobalFree
GetModuleFileNameA
FillConsoleOutputCharacterA
SetConsoleCtrlHandler
MoveFileA
SearchPathW
Process32First
SetHandleInformation
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCommandLineW
GetFullPathNameW
GetCurrentProcess
SetConsoleScreenBufferSize
GetStdHandle
ScrollConsoleScreenBufferA
WriteFile
SetConsoleMode
GetConsoleCursorInfo
AssignProcessToJobObject
GetNumberOfConsoleMouseButtons
TerminateProcess
WriteConsoleOutputCharacterA
WaitForMultipleObjects
SetConsoleWindowInfo
GetProcessId
CreatePipe
SetErrorMode
GetFullPathNameA
GetConsoleTitleW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentDirectoryA
ResumeThread
OpenProcess
SetCurrentDirectoryA
SetFileAttributesW
CreateToolhelp32Snapshot
GetConsoleMode
GetFileInformationByHandle
GetLargestConsoleWindowSize
AttachConsole
GetFileAttributesA
SetConsoleCursorInfo
MulDiv
CreateFileA
ReadConsoleOutputW
LoadLibraryA
GetVersionExA
DeleteFileW
Process32Next
CloseHandle
WriteConsoleOutputAttribute
FreeConsole
SetFileAttributesA
GetCurrentDirectoryW
FillConsoleOutputAttribute
SearchPathA
SetCurrentDirectoryW
PeekConsoleInputW
CreateJobObjectA
GetComputerNameW
GlobalMemoryStatusEx
CreateProcessW
GetConsoleWindow
GetTempFileNameW
CreateProcessA
GetFileType
TerminateJobObject
BackupRead
SetConsoleCursorPosition
BackupSeek
WriteConsoleInputA
GetEnvironmentStringsW
FreeEnvironmentStringsA
WriteConsoleOutputW
MoveFileW
GenerateConsoleCtrlEvent
GetComputerNameA
ReadConsoleOutputAttribute
WriteConsoleOutputCharacterW
GetExitCodeProcess
GetStartupInfoA
CreateNamedPipeA
ConnectNamedPipe
ReadFile
PeekNamedPipe
DisconnectNamedPipe
GlobalUnlock
IsBadReadPtr
FormatMessageA
GetCurrentProcessId
LocalFree
GlobalLock
IsDBCSLeadByte
GetSystemInfo
GetConsoleTitleA
Sleep
GetModuleHandleA
SetConsoleTitleA
HeapSize
OutputDebugStringW
OutputDebugStringA
GetProcessHeap
FindFirstFileExW
GetLocaleInfoA
GetTickCount
FindClose
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
GetConsoleCP
GetShortPathNameA
FreeLibrary
GetProcAddress
GetLastError
IsValidCodePage
GetACP
GetCPInfo
IsDBCSLeadByteEx
GetTempFileNameA
WideCharToMultiByte
DeleteFileA
GetTempPathA
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
GetLongPathNameA
ReadConsoleInputW
FindFirstFileExA
WriteConsoleW
MoveFileExW
SetEndOfFile
FreeEnvironmentStringsW
GetOEMCP
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetCurrentThread
HeapAlloc
HeapFree
GetCommandLineA
GetModuleFileNameW
DuplicateHandle
ReadConsoleW
SetStdHandle
GetFileAttributesExW
GetStringTypeW
RemoveDirectoryW
CreateDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
VirtualProtect
VirtualAlloc
GetModuleHandleExW
ExitProcess
SetFilePointerEx
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException

advapi32

GetUserNameW
AdjustTokenPrivileges
GetAclInformation
OpenProcessToken
GetNamedSecurityInfoA
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetUserNameA
LookupPrivilegeValueA
SetNamedSecurityInfoA
GetAce

shell32

CommandLineToArgvW
ShellExecuteA
ExtractIconA
ShellExecuteW

gdi32

SetBkMode
CreateFontIndirectA
SetBkColor
TextOutA
CreateDCA
GetTextMetricsA
SetTextAlign
SetAbortProc
EndPage
SetTextColor
GetTextExtentPoint32W
TextOutW
DeleteDC
GetDeviceCaps
EndDoc
StartDocA
StartPage
SelectObject
GetNearestColor
DeleteObject
EnumFontFamiliesA

comdlg32

PrintDlgA
CommDlgExtendedError

ole32

CoUninitialize
CoCreateInstance
CoInitialize

user32

MapVirtualKeyA
EnableWindow
ReleaseDC
SetForegroundWindow
FindWindowA
GetParent
SetDlgItemInt
GetCaretBlinkTime
GetSystemMetrics
MessageBeep
ToUnicode
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
RegisterClipboardFormatA
CharLowerBuffA
GetSystemMenu
LoadImageA
GetWindowRect
DestroyWindow
SetWindowPos
GetClassNameA
MsgWaitForMultipleObjects
wsprintfA
IsWindow
OffsetRect
GetDlgItemTextA
DispatchMessageW
IsDialogMessageW
CopyRect
PeekMessageW
GetWindowTextA
CharUpperBuffA
SetDlgItemTextW
SetWindowTextA
RegisterClassA
EnumWindows
DefWindowProcA
CreateWindowExA
BringWindowToTop
TranslateMessage
SendDlgItemMessageA
SetDlgItemTextA
SendMessageA
GetWindowDC
CreateDialogParamA
SystemParametersInfoA
GetDesktopWindow
EnableMenuItem

wsock32

WSAStartup
WSAGetLastError
inet_ntoa
htons
recv
connect
socket
select
send
gethostbyname
closesocket
__WSAFDIsSet

Exports

Exports

boot_VIM
scheme_external_get_thread_local_variables

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 302KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9634f1f0071373fae9aef53d00451b2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

gdi32

comdlg32

ole32

user32

wsock32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 301KB - Virtual size: 301KB

.data Size: 302KB - Virtual size: 367KB

.pdata Size: 135KB - Virtual size: 134KB

.tls Size: 512B - Virtual size: 17B

.gfids Size: 512B - Virtual size: 356B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 301KB - Virtual size: 301KB

.data
Size: 302KB - Virtual size: 367KB

.pdata
Size: 135KB - Virtual size: 134KB

.tls
Size: 512B - Virtual size: 17B

.gfids
Size: 512B - Virtual size: 356B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 17KB - Virtual size: 17KB