2024-05-30_aa9e2717ad4677eedf0b56b4aaf3c430_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-30_aa9e2717ad4677eedf0b56b4aaf3c430_ryuk
Size

2.0MB
MD5

aa9e2717ad4677eedf0b56b4aaf3c430
SHA1

62cb11eed4bca93de3d1dc34d0e3bf63365c8978
SHA256

59bcbdb73ff5e4951680da9e2867af2a2dde45005dab0bd0c7ba356c5cb8b8b6
SHA512

deb0618539c09f36aeff68cf96f001d5cb6c267c0f7323953aa1289e6efca8f97205025c3c9a2119cdf2ba7d15b46f5dee5c69f71f743a835381df86b7d0d477
SSDEEP

49152:E28Qz+ZDeASoeL0I04rbr+R1zqunQOFEfy4avwAXp:B06AS/5unsevw6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-30_aa9e2717ad4677eedf0b56b4aaf3c430_ryuk

Files

2024-05-30_aa9e2717ad4677eedf0b56b4aaf3c430_ryuk
.exe windows:5 windows x64 arch:x64

005b2aad4fb51a08f784335bd3a1b92a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\hdemers\coding\bitbucket_hg\mcxray\Dev\bin\McXRayLite_Release_64.pdb

Imports

comctl32

ord6
InitCommonControlsEx

kernel32

LeaveCriticalSection
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetStdHandle
HeapReAlloc
HeapFree
HeapAlloc
ReadFile
SetEnvironmentVariableA
GetLocalTime
GetModuleHandleExW
ExitProcess
GetFullPathNameA
GetDriveTypeW
LoadLibraryExW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
WaitForSingleObjectEx
ResetEvent
SetEvent
AreFileApisANSI
DeviceIoControl
SetFilePointerEx
SetEndOfFile
GetFileAttributesW
QueryPerformanceFrequency
WaitForSingleObject
ResumeThread
TerminateThread
CreateThread
CreateFileA
WriteFile
LocalAlloc
GlobalFree
GlobalAlloc
LoadLibraryA
FormatMessageA
GetLastError
LocalFree
GlobalMemoryStatus
GetProcAddress
FreeLibrary
GlobalDeleteAtom
GetTickCount
GetCurrentThreadId
SetThreadPriority
QueryPerformanceCounter
GetCurrentDirectoryA
Sleep
CloseHandle
GetModuleFileNameA
WideCharToMultiByte
EnterCriticalSection
HeapSize
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
GetCurrentProcessId
GetModuleHandleA
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose

user32

SendMessageA
SendDlgItemMessageA
GetDlgCtrlID
SetFocus
MessageBoxA
GetClassNameA
PostMessageA
SetWindowPos
IsIconic
IsZoomed
GetMenu
GetSubMenu
AppendMenuA
GetDC
ReleaseDC
GetSysColor
LoadImageA
EnumChildWindows
EndDialog
DialogBoxParamA
CreateDialogParamA
GetClassInfoExA
GetScrollInfo
SetScrollInfo
UnionRect
IntersectRect
FillRect
ScreenToClient
GetWindowRect
GetClientRect
ShowScrollBar
GetScrollPos
SetScrollPos
RedrawWindow
EndPaint
BeginPaint
SetMenuItemInfoA
GetMenuItemInfoA
DrawMenuBar
GetSystemMetrics
GetDlgItem
SetWindowLongPtrA
GetWindowLongPtrA
DestroyWindow
CreateWindowExA
CallWindowProcA
IsDialogMessageA
LoadIconA
LoadCursorA
RegisterClassExA
UnregisterClassA
DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
GetParent
GetWindowInfo
SetWindowTextA
InvalidateRect
UpdateWindow
EnableMenuItem
CheckMenuItem
EnableWindow
MoveWindow
AnimateWindow
ShowWindow
PostQuitMessage
SystemParametersInfoA
GetWindowLongA

gdi32

StretchBlt
GetDIBits
CreateDCA
CreateCompatibleBitmap
CreateBitmapIndirect
SetPixelV
GetPixel
TextOutA
MoveToEx
SetPixel
LineTo
DeleteDC
CreatePen
CreateCompatibleDC
BitBlt
GetObjectA
SetWorldTransform
GetWorldTransform
SetGraphicsMode
SelectObject
GetDeviceCaps
CreateFontIndirectA
SetTextColor
SetBkMode
SetBkColor
GetStockObject
DeleteObject
CreateSolidBrush

comdlg32

CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 491KB - Virtual size: 491KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

005b2aad4fb51a08f784335bd3a1b92a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

comdlg32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 491KB - Virtual size: 491KB

.data Size: 42KB - Virtual size: 395KB

.pdata Size: 70KB - Virtual size: 70KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 491KB - Virtual size: 491KB

.data
Size: 42KB - Virtual size: 395KB

.pdata
Size: 70KB - Virtual size: 70KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 11KB - Virtual size: 11KB