2024-05-07_8999ae8a9ea8b312d14ee96b2e95f77d_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-07_8999ae8a9ea8b312d14ee96b2e95f77d_ryuk
Size

1.6MB
MD5

8999ae8a9ea8b312d14ee96b2e95f77d
SHA1

ede290223da1fa102431500cfb3e614f51663362
SHA256

df4d77db569b10cd55dec7de7f12138802cac2a3456764b74cb9f9af97079b00
SHA512

f6a9ee2e7e39f0d5ac8aeaf67fa16a85ab9df556bf6d7ba1ba907430bd0aeb1e79ca6d27e9ffa1d482c93582c2728eed95403c7df4d2d4bb69d8fb25d775ce89
SSDEEP

24576:l+iefhlpO0bDS8n2nt604r5tUR2fP+I2ZmJ9UWokUE57ClbiMYFXEp88:kfhlpOgDS8nSt8nGw+9Xk957ClO70pt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-07_8999ae8a9ea8b312d14ee96b2e95f77d_ryuk

Files

2024-05-07_8999ae8a9ea8b312d14ee96b2e95f77d_ryuk
.exe windows:6 windows x64 arch:x64

fd0b78fab59b636c7ebb740c931bfa52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\build\output\unity\fmod\_builds\fsbtool\win64\vs2015\release\FSBTool64.pdb

Imports

ole32

PropVariantClear
CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
CoInitializeEx

shell32

CommandLineToArgvW

user32

GetDesktopWindow

winmm

waveOutGetNumDevs
timeGetTime
waveOutReset
waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInOpen
waveInGetDevCapsW
waveInGetDevCapsA
waveInGetNumDevs
waveOutGetPosition
waveOutGetDevCapsA
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetDevCapsW

ws2_32

inet_addr
__WSAFDIsSet
closesocket
connect
ioctlsocket
recv
select
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAGetLastError
WSACleanup
listen
htons
send
socket
WSAStartup
accept
bind
htonl

shlwapi

ord219

kernel32

SetWaitableTimer
SetEndOfFile
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCurrentDirectoryW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
HeapFree
HeapReAlloc
HeapAlloc
GetACP
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameA
GetFullPathNameA
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
MoveFileExW
DeleteFileW
GetFileType
GetDriveTypeW
CreateDirectoryW
LoadLibraryExW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetCommandLineW
CreateFileW
GetFileSizeEx
GetTempFileNameW
CloseHandle
WideCharToMultiByte
GetLastError
HeapSetInformation
SetEvent
WaitForSingleObject
CreateEventW
GetProcAddress
LoadLibraryA
CreateFileA
GetFileSize
ReadFile
SetFilePointer
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetCurrentThreadId
SetThreadPriority
FreeLibrary
LoadLibraryW
GetSystemInfo
SetLastError
ResetEvent
CreateEventA
OpenEventA
HeapSize
CreateWaitableTimerA
GetSystemDirectoryA
MultiByteToWideChar
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo

Exports

Exports

FSBank_Build
FSBank_BuildCancel
FSBank_FetchNextProgressItem
FSBank_Init
FSBank_MemoryGetStats
FSBank_MemoryInit
FSBank_Release
FSBank_ReleaseProgressItem
FSBank_SetLibraryPath

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd0b78fab59b636c7ebb740c931bfa52

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

shell32

user32

winmm

ws2_32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 374KB - Virtual size: 374KB

.data Size: 60KB - Virtual size: 325KB

.pdata Size: 44KB - Virtual size: 44KB

.gfids Size: 512B - Virtual size: 372B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 36KB - Virtual size: 35KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 374KB - Virtual size: 374KB

.data
Size: 60KB - Virtual size: 325KB

.pdata
Size: 44KB - Virtual size: 44KB

.gfids
Size: 512B - Virtual size: 372B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 36KB - Virtual size: 35KB

.reloc
Size: 7KB - Virtual size: 7KB