2024-05-04_f4a8450b0e6abb26824ab53c68d80ce0_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-04_f4a8450b0e6abb26824ab53c68d80ce0_ryuk
Size

1.4MB
MD5

f4a8450b0e6abb26824ab53c68d80ce0
SHA1

dfdf15acae60324e599ade6080ed6b3bc755e215
SHA256

e50bd4919bbb1f42adaeaf3ee7848f8b2cd175343702f4dc1eb3aca849146805
SHA512

df91abc3be6a48b240132d437d5f49e00e12b22f63c00de1c5956b37cc6471fcf72a27c82a6472d5db85f3f7db82d8fa23bab91eba389c77699038ffeff981e1
SSDEEP

24576:5rppoa2pzltSRHw6+wEz3uvwRyAztc+qNgPsQ3isX17wjz6Y:1oa3O6+wEz3V5c+qNgPsQ3ia17aH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-04_f4a8450b0e6abb26824ab53c68d80ce0_ryuk

Files

2024-05-04_f4a8450b0e6abb26824ab53c68d80ce0_ryuk
.exe windows:6 windows x64 arch:x64

15093aaf1208b23aa30b4deeee1b0919

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\jenkins\workspace\BioStar 2 Release AC CGI master\server\app\biostar-server\bin64\unifiedgateway-service.pdb

Imports

kernel32

WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
PostQueuedCompletionStatus
CreateEventW
FormatMessageW
GetLastError
TerminateThread
TlsAlloc
QueryPerformanceFrequency
QueueUserAPC
LocalFree
DeleteCriticalSection
VerSetConditionMask
GetProcessHeap
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
EnterCriticalSection
TlsFree
FormatMessageA
QueryPerformanceCounter
CreateIoCompletionPort
AreFileApisANSI
GetCurrentProcess
RegisterWaitForSingleObject
TerminateProcess
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentDirectoryA
DuplicateHandle
OpenProcess
MultiByteToWideChar
Sleep
UnregisterWaitEx
CreateProcessA
GetTickCount
GetExitCodeProcess
SetLastError
HeapFree
TlsSetValue
SetWaitableTimer
CreateEventA
GetSystemTimeAsFileTime
AcquireSRWLockShared
ReleaseSRWLockShared
CloseHandle
WaitForSingleObjectEx
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockExclusive
GetCurrentThreadId
TlsGetValue
InitializeSRWLock
HeapSize
ReadConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
ReadFile
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
HeapReAlloc
ExitThread
TryEnterCriticalSection
EncodePointer
DecodePointer
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
HeapAlloc
GetCurrentProcessId
WakeAllConditionVariable
SleepConditionVariableSRW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
DeviceIoControl
CopyFileW
ResetEvent
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
GetSystemInfo
GetLogicalProcessorInformation
GetModuleHandleA
CreateWaitableTimerA
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
FreeLibrary
GetUserDefaultLCID
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
OutputDebugStringW
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
LoadLibraryW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
ExitProcess

advapi32

RegisterServiceCtrlHandlerExW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
SetServiceStatus
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
StartServiceCtrlDispatcherW
OpenServiceW

ws2_32

WSACleanup
WSAStartup

libeay32

ord3171
ord3106

Sections

.text
Size: 930KB - Virtual size: 930KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15093aaf1208b23aa30b4deeee1b0919

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

libeay32

Sections

.text Size: 930KB - Virtual size: 930KB

.rdata Size: 418KB - Virtual size: 417KB

.data Size: 30KB - Virtual size: 43KB

.pdata Size: 52KB - Virtual size: 52KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 930KB - Virtual size: 930KB

.rdata
Size: 418KB - Virtual size: 417KB

.data
Size: 30KB - Virtual size: 43KB

.pdata
Size: 52KB - Virtual size: 52KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 9KB - Virtual size: 9KB