2024-05-03_d5b69a4ed7325d9c1eff47bb6baaa8c8_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-03_d5b69a4ed7325d9c1eff47bb6baaa8c8_ryuk
Size

10.0MB
MD5

d5b69a4ed7325d9c1eff47bb6baaa8c8
SHA1

053d34d694dffbd8eb080ddcb431aabd01b551d2
SHA256

f45b577e67d621054f5ca710b745e40d680ed276d682673f5d8577afba7f23af
SHA512

3d4031eb7008cdb9681a019df4d5d07692ff6bf25a8facf7e90188df27653cabdb88026630fd0ccc38af033178fdb76f97d6fb8f52b5b0890ce8c8777007252e
SSDEEP

98304:RX8AFX44UdY9oNiJOhTZduQqIhS2p9gicveld:Rb19oN8Qqsld

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-03_d5b69a4ed7325d9c1eff47bb6baaa8c8_ryuk

Files

2024-05-03_d5b69a4ed7325d9c1eff47bb6baaa8c8_ryuk
.exe windows:6 windows x64 arch:x64

3e2f121d69f8700a4aaf91556708794c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\VSProjects\Project-Alice\out\build\x64-release-win-clang-optimize\Alice.pdb

Imports

opengl32

glBindTexture
glBlendFunc
glClear
glClearColor
glCullFace
glDeleteTextures
glDepthRange
glDisable
glDrawArrays
glDrawElements
glEnable
glGenTextures
glGetError
glGetIntegerv
glGetString
glLineWidth
glPixelStorei
glTexImage2D
glTexParameteri
glTexSubImage2D
glViewport
wglCreateContext
wglDeleteContext
wglGetCurrentDC
wglGetProcAddress
wglMakeCurrent

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
htons
inet_pton
ioctlsocket
listen
recv
select
send
setsockopt
shutdown
socket

kernel32

AcquireSRWLockExclusive
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
CompareStringW
CreateDirectoryW
CreateEventExW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateProcessW
CreateSemaphoreExW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
DeleteCriticalSection
DuplicateHandle
EncodePointer
EnterCriticalSection
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesW
GetFileSizeEx
GetFileType
GetLastError
GetLogicalProcessorInformationEx
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNumaHighestNodeNumber
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadGroupAffinity
GetThreadPriority
GetThreadTimes
GetTickCount64
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
QueryDepthSList
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseSRWLockExclusive
ReleaseSemaphore
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadGroupAffinity
SetThreadPriority
SetThreadpoolTimer
SetThreadpoolWait
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
SleepConditionVariableSRW
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
WaitForSingleObject
WaitForSingleObjectEx
WaitForThreadpoolTimerCallbacks
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

AdjustWindowRectExForDpi
BeginPaint
CreateWindowExW
DefWindowProcW
DestroyWindow
DispatchMessageW
EndPaint
GetClientRect
GetDC
GetDpiForWindow
GetKeyState
GetMonitorInfoW
GetSystemMetrics
GetWindowLongPtrW
LoadCursorFromFileW
LoadCursorW
LoadImageW
MessageBoxA
MessageBoxW
MonitorFromWindow
PeekMessageW
PostMessageW
PostQuitMessage
RegisterClassExW
ReleaseCapture
ReleaseDC
SetCapture
SetClassLongPtrW
SetCursor
SetProcessDpiAwarenessContext
SetUserObjectInformationA
SetWindowLongPtrW
SetWindowLongW
SetWindowPos
SetWindowRgn
ShowWindow
TranslateMessage
UpdateWindow

gdi32

ChoosePixelFormat
SetPixelFormat
SwapBuffers

shell32

CommandLineToArgvW
SHGetKnownFolderPath

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 25.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e2f121d69f8700a4aaf91556708794c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

ws2_32

kernel32

user32

gdi32

shell32

ole32

Sections

.text Size: 7.5MB - Virtual size: 7.5MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 23KB - Virtual size: 25.7MB

.pdata Size: 294KB - Virtual size: 293KB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 6KB - Virtual size: 6KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 181KB - Virtual size: 181KB

.text
Size: 7.5MB - Virtual size: 7.5MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 23KB - Virtual size: 25.7MB

.pdata
Size: 294KB - Virtual size: 293KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 6KB - Virtual size: 6KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 181KB - Virtual size: 181KB