2024-06-01_b9baa8d29ee2196c7d06b87de0ffb1cc_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-01_b9baa8d29ee2196c7d06b87de0ffb1cc_ryuk
Size

2.0MB
MD5

b9baa8d29ee2196c7d06b87de0ffb1cc
SHA1

069073fc575813d0b65874586bf76670cfa38267
SHA256

81f9d76dd088dcadc50875719b18c743963a2da0613c47360bb702ba79ca81f7
SHA512

949491c19b192378f8f33b38470b5405ae7ec4fbfabb7c2e6df34c158a86ed0ec8849b5e0277243b636eab951b5849e49a9d713a62fcc8feffbef0859fc98c30
SSDEEP

49152:szTGdLjfGSOyJ1Qe7x2FNnyGRbZ6hXb8U2X/ZT:ACpB2LndRbQQ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-01_b9baa8d29ee2196c7d06b87de0ffb1cc_ryuk

Files

2024-06-01_b9baa8d29ee2196c7d06b87de0ffb1cc_ryuk
.exe windows:5 windows x64 arch:x64

d588afe69fc2b393c97137f752cedac2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\data\landun\workspace\CommonComponent\ACE-Guard\1.compile_source\output\x64\Release\SGuardSvc64.pdb

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shlwapi

PathRemoveFileSpecW
PathFindFileNameA
PathAppendW
PathFindFileNameW
PathFileExistsW

wtsapi32

WTSQueryUserToken

ws2_32

htonl
htons
freeaddrinfo
WSAStartup
getaddrinfo
WSACleanup
sendto
socket

crypt32

CryptMsgGetParam
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgClose
CertCloseStore
CryptQueryObject

kernel32

FreeLibraryAndExitThread
GetCurrentThread
CreateThread
RtlPcToFileHeader
RtlUnwindEx
ExitThread
GetFileAttributesExW
ExitProcess
GetStdHandle
CreateFileW
GetFileAttributesW
AreFileApisANSI
CloseHandle
RaiseException
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexA
CreateMutexW
CreateEventW
Sleep
TerminateProcess
GetThreadTimes
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GetACP
LocalFree
CreateFileMappingA
GetTimeZoneInformation
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
GetPrivateProfileIntW
WaitForMultipleObjects
SwitchToThread
GetCurrentProcessId
OpenEventW
GetExitCodeProcess
GetCurrentProcess
SetCurrentDirectoryW
GetFileSize
CreateDirectoryW
FindNextFileW
GetModuleHandleExW
ExpandEnvironmentStringsW
FindClose
OpenProcess
DeleteFileW
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
Process32NextW
Process32FirstW
WTSGetActiveConsoleSessionId
GetModuleFileNameA
Module32FirstW
Module32NextW
SetUnhandledExceptionFilter
GetCommandLineA
ResumeThread
ReadFile
WriteFile
SetFilePointerEx
SystemTimeToFileTime
GetSystemTime
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
OutputDebugStringW
IsDebuggerPresent
GetFileType
IsValidLocale
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
OutputDebugStringA
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEndOfFile
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
UnlockFileEx
GetTempPathW
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
LoadLibraryA
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
FormatMessageA
LocalAlloc
CreateToolhelp32Snapshot
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
EncodePointer
GetCurrentThreadId
TryEnterCriticalSection
GetStringTypeW
FormatMessageW

advapi32

SetServiceStatus
StartServiceCtrlDispatcherW
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
SetTokenInformation
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
CreateProcessAsUserW
ConvertSidToStringSidW
OpenServiceW
DuplicateTokenEx
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerExW

wintrust

WinVerifyTrust

Sections

.text
Size: 897KB - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 848KB - Virtual size: 848KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d588afe69fc2b393c97137f752cedac2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

userenv

shlwapi

wtsapi32

ws2_32

crypt32

kernel32

advapi32

wintrust

Sections

.text Size: 897KB - Virtual size: 896KB

.rdata Size: 202KB - Virtual size: 201KB

.data Size: 38KB - Virtual size: 47KB

.pdata Size: 50KB - Virtual size: 49KB

.gfids Size: 1024B - Virtual size: 644B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 5KB

.tvm0 Size: 848KB - Virtual size: 848KB

.text
Size: 897KB - Virtual size: 896KB

.rdata
Size: 202KB - Virtual size: 201KB

.data
Size: 38KB - Virtual size: 47KB

.pdata
Size: 50KB - Virtual size: 49KB

.gfids
Size: 1024B - Virtual size: 644B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 5KB

.tvm0
Size: 848KB - Virtual size: 848KB