2024-05-21_852cd5235b24b06f7abd9a017dc4f1ac_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-21_852cd5235b24b06f7abd9a017dc4f1ac_ryuk
Size

2.5MB
MD5

852cd5235b24b06f7abd9a017dc4f1ac
SHA1

6788949fdb49569d14541e4918a713d738748e87
SHA256

1d178c19de0010a4fa1e5b540998403a82f34a94f90dd798e8c9b02051dab3f4
SHA512

bd788cc34cce6d3969a4569bb2ce77d9cae485c5ecdb097c40f84dd1ed011003fd7491b995b0464fa58b16f47cd8cec7bda1f915d10a644db35477f2ad76672c
SSDEEP

24576:m30xLCKR5Lvx35eWNvnfmat6Y4TyJdxrCfVw+Rtz2tjoCJqzLK8pm9:m30xLC8PFr0WbW9vtz2RoCJ3K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-21_852cd5235b24b06f7abd9a017dc4f1ac_ryuk

Files

2024-05-21_852cd5235b24b06f7abd9a017dc4f1ac_ryuk
.exe windows:6 windows x64 arch:x64

0013af14b6d086763d54f2f520a626a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\Project\Git\Xenia\build\bin\Release\xe-cpu-ppc-test.pdb

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwindEx
RtlAddGrowableFunctionTable
RtlGrowFunctionTable
RtlDeleteGrowableFunctionTable

wsock32

bind
inet_ntoa
htons
socket
listen
WSAStartup

kernel32

GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetProcessHeap
HeapSize
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
ReadConsoleW
GetStdHandle
FindFirstFileW
FindNextFileW
FindClose
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
UnmapViewOfFile
MapViewOfFileEx
GetCurrentThread
SuspendThread
CreateFileMappingW
VirtualFree
VirtualAlloc
VirtualProtect
CloseHandle
OutputDebugStringA
GetSystemInfo
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
Sleep
RaiseException
GetCurrentThreadId
FreeEnvironmentStringsW
IsDebuggerPresent
GetCurrentProcessId
RemoveVectoredContinueHandler
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
SetThreadPriority
GetLastError
CreateThread
GetThreadPriority
SetThreadAffinityMask
SignalObjectAndWait
WaitForSingleObjectEx
CreateFileW
FlushInstructionCache
GetCurrentProcess
ResetEvent
CreateEventW
SetEvent
ReleaseSemaphore
ReadFile
WriteFile
GetConsoleMode
EnumSystemLocalesW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
SwitchToThread
HeapFree
HeapReAlloc
GetUserDefaultLCID
SetEndOfFile
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
TryEnterCriticalSection
DuplicateHandle
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetProcAddress
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
CreateTimerQueue
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
SetStdHandle
GetFileType
ExitProcess
GetModuleHandleExW
HeapAlloc
GetCommandLineA

user32

wsprintfW

advapi32

SystemFunction036

ole32

CoInitializeEx

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 661KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 364KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 369B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0013af14b6d086763d54f2f520a626a5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

wsock32

kernel32

user32

advapi32

ole32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 661KB - Virtual size: 661KB

.data Size: 364KB - Virtual size: 2.9MB

.pdata Size: 62KB - Virtual size: 62KB

.tls Size: 512B - Virtual size: 369B

.rsrc Size: 1024B - Virtual size: 744B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 661KB - Virtual size: 661KB

.data
Size: 364KB - Virtual size: 2.9MB

.pdata
Size: 62KB - Virtual size: 62KB

.tls
Size: 512B - Virtual size: 369B

.rsrc
Size: 1024B - Virtual size: 744B

.reloc
Size: 13KB - Virtual size: 13KB