2024-06-01_59ecadf85f0e68aa8c656d7fa35d69b6_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-01_59ecadf85f0e68aa8c656d7fa35d69b6_ryuk
Size

1.0MB
MD5

59ecadf85f0e68aa8c656d7fa35d69b6
SHA1

7b00c742d13196eba87f73dd4a07c25520299024
SHA256

161435d309db396d4d3335b74b27abf25f09dd2cbb6ff08213d6f4edf120085c
SHA512

ff3bc7e9cef497d04a24a1205df5a7c2cefd15229a9193c2e14b8c7c3efea36b96c150c5a6a5985069660220a4280b88aeb50db78dd8097eb5a8e13f37c08d8e
SSDEEP

24576:4xbwkD7bkOFrGluZEKtNORt13kaTlkurMq:4xbwkMzBTl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-01_59ecadf85f0e68aa8c656d7fa35d69b6_ryuk

Files

2024-06-01_59ecadf85f0e68aa8c656d7fa35d69b6_ryuk
.exe windows:5 windows x64 arch:x64

279454457b03e823e2df527687c8981b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\MichaelPerregaard\code\31.01\Optimizer\opt\optimizer.pdb

Imports

tcl84

Tcl_Alloc
Tcl_GlobalEval
Tcl_CommandComplete
Tcl_Main
Tcl_VarTraceInfo
Tcl_UntraceVar
Tcl_DeleteCommand
Tcl_CreateCommand
Tcl_UnsetVar
Tcl_GetDouble
Tcl_ResetResult
Tcl_GetStringResult
Tcl_SetResult
Tcl_TranslateFileName
Tcl_TraceVar
Tcl_GetInt
Tcl_GetVar
Tcl_DStringFree
Tcl_Gets
Tcl_DStringInit
Tcl_Exit
Tcl_EvalFile
Tcl_SetVar
Tcl_RegisterObjType
Tcl_CreateExitHandler
Tcl_Preserve
Tcl_Eval
Tcl_Release
Tcl_GetStdChannel
Tcl_Flush
Tcl_WriteChars

xprs

XPRS_msp_getcalistsol
XPRS_msp_getcalist
XPRS_mse_getcalist
XPRS_ptb_getcalist
XPRS_msp_getcalistprob
XPRS_msp_getcalistprobsol
XPRSsetprobname
XPRSgetcalist_o
XPRSreadprob
XPRSgetprobname
XPRScheckproblemconvex
XPRSchgobjsense
XPRSgetintcontrol
XPRSsetintattrib
XPRSgetcomlist_o
XPRSgetcbnames_d
XPRSgetcalist_c
XPRSgetcalist_d
XPRSgetcomlist
XPRSgetcomlist_d
XPRSgetcbnames
XPRSsetcb
XPRSgetcb
XPRSset_in_crashed_state
XPRSfreeconsolefunctor
XPRSgetconsolefunctorresultstr
XPRSgetconsolefunctor
XPRScommandhelpprint
XPRSfree
XPRS_ptb_destroy
XPRS_mse_destroy
XPRS_msp_destroy
XPRSdestroyprob
XPRSget_in_crashed_state
XPRSgetbanner
XPRSgetintattrib
XPRSsetcbinput
XPRSenablemessages
XPRS_ge_setcbmsghandler
XPRS_ptb_create
XPRS_mse_create
XPRS_msp_create
XPRScreateprob
XPRSgetlicerrmsg
XPRSinit
XPRSinterrupt_from_console
XPRSgetobjecttypename
XPRS_msp_probdetach
XPRS_msp_probattach
XPRSsetintcontrol64
XPRSsetdblcontrol
XPRSsetstrcontrol
XPRSgetintcontrol64
XPRSgetintattrib64
XPRSgetdblcontrol
XPRSgetdblattrib
XPRSgetstrcontrol
XPRSgetstrattrib
XPRS_ptb_setintcontrol
XPRS_ptb_setdblcontrol
XPRS_ptb_getintcontrol
XPRS_ptb_getintattrib
XPRS_ptb_getdblcontrol
XPRS_ptb_getdblattrib
XPRS_mse_setintcontrol
XPRS_mse_setdblcontrol
XPRS_mse_getintcontrol
XPRS_mse_getintattrib
XPRS_mse_getdblcontrol
XPRS_mse_getdblattrib
XPRS_msp_setintcontrol
XPRS_msp_setdblcontrol
XPRS_msp_getintcontrol
XPRS_msp_getintattrib
XPRS_msp_getdblcontrol
XPRS_msp_getdblattrib
XPRS_msp_setintcontrolsol
XPRS_msp_setdblcontrolsol
XPRS_msp_getintcontrolsol
XPRS_msp_getintattribsol
XPRS_msp_getdblcontrolsol
XPRS_msp_getdblattribsol
XPRS_msp_getintattribprob
XPRS_msp_getdblattribprob
XPRS_msp_getintattribprobsol
XPRS_msp_getdblattribprobsol
XPRS_msp_getintattribprobextreme
XPRS_msp_getdblattribprobextreme
XPRS_mse_getsolmetric

kernel32

RaiseException
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetConsoleMode
WriteConsoleA
GetCurrentThread
VirtualQuery
TlsSetValue
TlsAlloc
GetLastError
CloseHandle
Sleep
GetCurrentProcess
TerminateProcess
TlsGetValue
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
SetConsoleCtrlHandler
GetStdHandle
GetConsoleMode
GetModuleFileNameA
ReadConsoleInputA
FindFirstFileA
GetCurrentDirectoryA
FindClose
ReadConsoleW
ReadFile
SetEndOfFile
HeapSize
WriteConsoleW
SetFilePointerEx
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindFirstFileExA
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
GetTimeZoneInformation
HeapReAlloc
GetProcessHeap
GetStringTypeW
GetConsoleCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetFullPathNameA
GetFullPathNameW
GetDriveTypeW
GetACP
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
WriteFile
WideCharToMultiByte
MultiByteToWideChar
HeapValidate
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetEnvironmentVariableA
GetModuleHandleExA
LoadLibraryExA
GetThreadLocale
FormatMessageA
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileAttributesA
FindNextFileA
WriteConsoleOutputCharacterA

xprl

SECLIB_exports

Sections

.text
Size: 629KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

279454457b03e823e2df527687c8981b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

tcl84

xprs

kernel32

xprl

Sections

.text Size: 629KB - Virtual size: 629KB

.rdata Size: 278KB - Virtual size: 277KB

.data Size: 31KB - Virtual size: 111KB

.pdata Size: 25KB - Virtual size: 24KB

.data1 Size: 63KB - Virtual size: 63KB

.gfids Size: 512B - Virtual size: 376B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 629KB - Virtual size: 629KB

.rdata
Size: 278KB - Virtual size: 277KB

.data
Size: 31KB - Virtual size: 111KB

.pdata
Size: 25KB - Virtual size: 24KB

.data1
Size: 63KB - Virtual size: 63KB

.gfids
Size: 512B - Virtual size: 376B

.reloc
Size: 2KB - Virtual size: 2KB