2024-05-25_e219764fa7e2e1285d8b59d7f5e5ed9e_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-25_e219764fa7e2e1285d8b59d7f5e5ed9e_ryuk
Size

2.2MB
MD5

e219764fa7e2e1285d8b59d7f5e5ed9e
SHA1

ac7db1c5e34cbe911f15ca4d6cc3d7c518d5f586
SHA256

24973a83ef28fca9483630764d79b49801353384810faa048732411aa185e2d9
SHA512

3299a9e57d06fb1f56c5dd10c8df0fbe1ca6d6624cf37b8ffc94e4486066d3b217771ab13cc06e0197e16caf1303151d83f8377f080fa453c6520518ff6f4df2
SSDEEP

49152:NLUDFG7GuWo4PbYMSjtg9njcUbi5ZJsv6tWKFdu9Cw:FU+Gu+7cWYJsv6tWKFdu9Cw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-25_e219764fa7e2e1285d8b59d7f5e5ed9e_ryuk

Files

2024-05-25_e219764fa7e2e1285d8b59d7f5e5ed9e_ryuk
.exe windows:6 windows x64 arch:x64

eba26a6075a89381f4f851f0985df4a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CoCreateGuid
CoInitialize
CoCreateInstance
CoUninitialize

advapi32

SystemFunction036
RegSetValueExW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
CopySid
FreeSid
GetLengthSid
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW

kernel32

GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetFileAttributesW
GetSystemInfo
GetComputerNameW
CreateFileW
GetFileTime
SetFileTime
CloseHandle
GetLastError
LocalFree
FormatMessageW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
RemoveDirectoryW
GetTempPathW
SetErrorMode
DeviceIoControl
GetCurrentProcess
GetProcAddress
LoadLibraryW
CopyFileW
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindFirstFileExW
FindNextFileW
GetLocalTime
FlushFileBuffers
GetFileType
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetSystemDirectoryW
GetModuleHandleW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetUserDefaultUILanguage
GetUserDefaultLCID
CompareStringW
OutputDebugStringW
EnterCriticalSection
HeapSize
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LeaveCriticalSection
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
RtlPcToFileHeader
RaiseException
SetLastError
ExitProcess
GetModuleHandleExW
DuplicateHandle
CreateProcessA
PeekNamedPipe
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
SetFileAttributesW
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
LCMapStringW
WaitForSingleObject
GetExitCodeProcess
CreatePipe
HeapReAlloc
WriteConsoleW
GetCPInfo
SetEnvironmentVariableA
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 639KB - Virtual size: 639KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eba26a6075a89381f4f851f0985df4a9

Headers

DLL Characteristics

File Characteristics

Imports

ole32

advapi32

shell32

kernel32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 639KB - Virtual size: 639KB

.data Size: 14KB - Virtual size: 22KB

.pdata Size: 39KB - Virtual size: 38KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 512B - Virtual size: 208B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 639KB - Virtual size: 639KB

.data
Size: 14KB - Virtual size: 22KB

.pdata
Size: 39KB - Virtual size: 38KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 512B - Virtual size: 208B

.reloc
Size: 4KB - Virtual size: 4KB