2024-05-31_4ce0594bad38886c2d4b8a4e85421106_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-31_4ce0594bad38886c2d4b8a4e85421106_ryuk
Size

4.8MB
MD5

4ce0594bad38886c2d4b8a4e85421106
SHA1

93b40baa071942fdda2cc6a108cedecfcf6304e6
SHA256

3274d2169f6451fcdbf756e95f2a2e064070334f61c445ccdf400edd5309c1e3
SHA512

b4ed06e28318a2474348f689063ef2fadfecf19ba6223bfcb5c9ba4c10da6b841b5cd86bdf736a464d8fef7e891a35b1f176098517f79c4c4f141d86bb199b1a
SSDEEP

49152:Xq3FhRU9sdZ7fhrhL6IgSe0kRxZC1cr2pfU3DLwTAHdQP3Y/tnKiR5sElnP4YtWG:IUOZzTU0+rr2pczLDXIjEUEKq4+9z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-31_4ce0594bad38886c2d4b8a4e85421106_ryuk

Files

2024-05-31_4ce0594bad38886c2d4b8a4e85421106_ryuk
.exe windows:5 windows x64 arch:x64

c8a1da3a0ab13b6e65f5f60bdcd7a9ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\b\c\b\win_x64_archive\src\out\Release_x64\initialexe\chrome.exe.pdb

Imports

chrome_elf

GetInstallDetailsPayload
SignalInitializeCrashReporting
SignalChromeElf

advapi32

ImpersonateNamedPipeClient
GetSecurityInfo
SetEntriesInAclW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SystemFunction036
OpenProcessToken
GetTokenInformation
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
SetSecurityInfo
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
RegDisablePredefinedCache
CopySid
CreateWellKnownSid
CreateRestrictedToken
DuplicateToken
DuplicateTokenEx
EqualSid
LookupPrivilegeValueW
CreateProcessAsUserW
SetThreadToken
ConvertSidToStringSidW

gdi32

SelectObject
CreateFontIndirectW
CreateCompatibleDC
DeleteDC
DeleteObject
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
GetTextMetricsW
SetWorldTransform
CreateDIBSection
ExtTextOutW
GetTextFaceW
GdiFlush

kernel32

GetThreadLocale
Wow64GetThreadContext
GetSystemDefaultLCID
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetLastError
SetLastError
CreateEventW
GetCurrentThreadId
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetProcessId
SetCurrentDirectoryW
SetProcessShutdownParameters
LoadLibraryExW
VirtualAlloc
VirtualFree
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
HeapCreate
HeapDestroy
GetCurrentDirectoryW
CreateFileW
DeleteFileW
WriteFile
OutputDebugStringA
CloseHandle
GetCurrentProcessId
GetLocalTime
GetTickCount
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSRWLockExclusive
Sleep
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetSystemTimeAsFileTime
QueryThreadCycleTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCommandLineW
LocalFree
GetModuleHandleW
ExpandEnvironmentStringsW
GetVersionExW
GetNativeSystemInfo
TerminateProcess
GetExitCodeProcess
OpenProcess
FlushFileBuffers
GetFileInformationByHandle
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointerEx
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
IsDebuggerPresent
RaiseException
CreateThread
GetThreadId
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
AcquireSRWLockExclusive
GetSystemDirectoryW
GetWindowsDirectoryW
CreateDirectoryW
GetFileAttributesW
GetLongPathNameW
QueryDosDeviceW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
MoveFileW
ReplaceFileW
UnregisterWaitEx
RegisterWaitForSingleObject
GetUserDefaultLangID
TlsGetValue
GetModuleHandleExW
GetProcessTimes
LoadLibraryW
FlushViewOfFile
FindClose
FindFirstFileExW
FindNextFileW
TlsAlloc
TlsSetValue
TlsFree
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetInformationJobObject
GetSystemInfo
VirtualQueryEx
HeapSetInformation
SetEvent
ResetEvent
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
DecodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateProcessW
ReleaseSemaphore
CreateSemaphoreW
InitOnceExecuteOnce
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
OutputDebugStringW
GetComputerNameExW
LockFileEx
UnlockFileEx
SetConsoleCtrlHandler
TerminateJobObject
GetUserDefaultLCID
WriteProcessMemory
AssignProcessToJobObject
GetFileType
SetHandleInformation
ProcessIdToSessionId
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
CreateMutexW
VirtualProtectEx
QueryFullProcessImageNameW
VirtualAllocEx
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW
CreateRemoteThread
ReadProcessMemory
DebugBreak
lstrlenW
SearchPathW
VirtualProtect
LoadLibraryExA
GetThreadContext
SuspendThread
SleepEx
GetVersion
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
IsWow64Process
GetFileInformationByHandleEx
DisconnectNamedPipe
ConnectNamedPipe
ResumeThread
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
ReadConsoleW
GetStdHandle
GetACP
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
PeekNamedPipe
GetDriveTypeW
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
FreeLibrary

psapi

GetMappedFileNameW
GetProcessMemoryInfo
GetPerformanceInfo

shell32

SHGetKnownFolderPath
SHGetFolderPathW
CommandLineToArgvW

shlwapi

PathMatchSpecW

user32

GetMessageW
RegisterClassW
GetUserObjectInformationW
GetProcessWindowStation
SetProcessWindowStation
CreateWindowStationW
GetThreadDesktop
CreateDesktopW
CloseWindowStation
TranslateMessage
DispatchMessageW
PostMessageW
CloseDesktop
SystemParametersInfoW
wsprintfW
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindow
SendMessageTimeoutW
FindWindowExW
SetWindowLongPtrW
GetWindowLongPtrW
DestroyWindow
CreateWindowExW
UnregisterClassW
DefWindowProcW

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpSendRequest

Exports

Exports

GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_text32
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 757KB - Virtual size: 757KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8a1da3a0ab13b6e65f5f60bdcd7a9ce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

chrome_elf

advapi32

gdi32

kernel32

psapi

shell32

shlwapi

user32

usp10

version

winmm

winhttp

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

_text32 Size: 134KB - Virtual size: 133KB

.rdata Size: 757KB - Virtual size: 757KB

.data Size: 16KB - Virtual size: 52KB

.pdata Size: 198KB - Virtual size: 198KB

.didat Size: 512B - Virtual size: 120B

CPADinfo Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 33B

_RDATA Size: 32KB - Virtual size: 32KB

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 3.5MB - Virtual size: 3.5MB

_text32
Size: 134KB - Virtual size: 133KB

.rdata
Size: 757KB - Virtual size: 757KB

.data
Size: 16KB - Virtual size: 52KB

.pdata
Size: 198KB - Virtual size: 198KB

.didat
Size: 512B - Virtual size: 120B

CPADinfo
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 33B

_RDATA
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 20KB - Virtual size: 19KB