2024-05-04_800713a5786fc919cc324793c086090e_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-04_800713a5786fc919cc324793c086090e_ryuk
Size

1.0MB
MD5

800713a5786fc919cc324793c086090e
SHA1

8f4b419fee8fdd18bcf44f92103656775f4ece8d
SHA256

b111069bd08895a5e43e32e9cd641d6e491c83760c49ab3b8e4d07c6f5d72ebf
SHA512

dd55545de611e8547549c169db05bea04f205c9c834b0c84766abb47dff261ce2432cc5dcf76f92ec44b23b086c9909178a12c9b470614faa1ce67b53d7c26c5
SSDEEP

24576:zl1f2JUk3tGmRAoip66KfwOI4GofidEE8h+9o4:mUoAmR37hfw34Gof3E8p4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-04_800713a5786fc919cc324793c086090e_ryuk

Files

2024-05-04_800713a5786fc919cc324793c086090e_ryuk
.exe windows:6 windows x64 arch:x64

1857152a54aa217edc376fc3b8f29348

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\Workspace\nisraely\gitlab\cphs\IntelCpHeciSvc\x64\one_core_release\IntelCpHeciSvc.pdb

Imports

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle
ExpandEnvironmentStringsW
SetStdHandle
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW

api-ms-win-core-file-l1-1-0

GetFileType
FlushFileBuffers
SetFilePointerEx
WriteFile
CreateDirectoryW
SetEndOfFile
ReadFile
FindClose
FindFirstFileExW
FindNextFileW
CreateFileW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
WaitForSingleObjectEx
TryEnterCriticalSection
DeleteCriticalSection
ResetEvent
LeaveCriticalSection
CreateEventW
WaitForMultipleObjectsEx
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
InitializeCriticalSection
SetEvent

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
CreateThread
ResumeThread
TlsGetValue
ExitProcess
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId
GetStartupInfoW
TlsSetValue
TlsFree
TlsAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleExW
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
SizeofResource

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperW

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoInitializeEx
CoRevokeClassObject
CoCreateInstance
CoResumeClassObjects
CoAddRefServerProcess
CoTaskMemFree
CoReleaseServerProcess
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeSecurity

oleaut32

SafeArrayGetLBound
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SafeArrayLock
SafeArrayUnlock
SafeArrayCopy
SafeArrayGetVartype
VariantInit
VariantClear
SafeArrayCreate

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Register_Notification
CM_Get_Device_Interface_ListW
CM_Unregister_Notification

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapFree
HeapSize
HeapAlloc

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
MakeAbsoluteSD

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceConfigW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle
CreateServiceW
DeleteService

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

user32

DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW

api-ms-win-core-localization-l1-2-0

GetCPInfo
GetLocaleInfoW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
IsValidCodePage
GetOEMCP

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlUnwindEx
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode
GetConsoleCP
ReadConsoleW

Exports

Exports

MessageBoxW

Sections

.text
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1857152a54aa217edc376fc3b8f29348

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-io-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-security-sddl-l1-1-0

user32

api-ms-win-core-localization-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-console-l1-1-0

Exports

Exports

Sections

.text Size: 295KB - Virtual size: 294KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 8KB - Virtual size: 15KB

.pdata Size: 16KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 295KB - Virtual size: 294KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 16KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 572KB - Virtual size: 576KB