2024-06-03_cb8d3e039db5fc6e720e8c1f9c513327_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-03_cb8d3e039db5fc6e720e8c1f9c513327_ryuk
Size

15.4MB
MD5

cb8d3e039db5fc6e720e8c1f9c513327
SHA1

579211487b83c92fda35cc2a7410aa317f2f31f0
SHA256

95050e6c2d5ed6e628f2061d45559dd3158572ac5820230f82f52c68fce0b3cb
SHA512

be87b8028b5373b95147549d9950929095133242e4f4584930c327d34efcda84d7b0d13cb896e403fdccc4ae38318181192e5f313dc5712367c5d4e376ab6a91
SSDEEP

98304:TSa/WC7qgPYe2h8oMSE+FMOV9b0w2o+VNc:GqWoq+w2D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-03_cb8d3e039db5fc6e720e8c1f9c513327_ryuk

Files

2024-06-03_cb8d3e039db5fc6e720e8c1f9c513327_ryuk
.exe windows:6 windows x64 arch:x64

b22e491f048c70ce323e1d2135348b50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\src\print3\Installer\PrintInstaller\Debug-x64\BuildServer.pdb

Imports

kernel32

GetCurrentThreadId
ReleaseMutex
CreateMutexW
OpenMutexW
InitializeCriticalSection
CreateDirectoryExW
GetWindowsDirectoryW
DeviceIoControl
SetFileTime
GetFileTime
GetFileAttributesW
FindFirstFileW
GetEnvironmentVariableW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetFilePointer
CreateFileA
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
LocalFree
FormatMessageA
Sleep
SetConsoleCtrlHandler
GetEnvironmentVariableA
CreateDirectoryA
GetFileAttributesA
RaiseException
GetLastError
GetModuleFileNameA
GetComputerNameA
CreateDirectoryW
GetDynamicTimeZoneInformation
CloseHandle
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
FormatMessageW
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
GetTempPathW
CopyFileW
CreateHardLinkW
AreFileApisANSI
RtlPcToFileHeader
EncodePointer
DecodePointer
QueueUserWorkItem
RtlCaptureStackBackTrace
IsProcessorFeaturePresent
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
SetProcessAffinityMask
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
LoadLibraryW
WaitForSingleObject
RtlUnwindEx
GetModuleHandleExW
GetStdHandle
GetFileType
WriteConsoleW
HeapSize
HeapValidate
GetSystemInfo
ReadFile
ExitThread
ResumeThread
GetDriveTypeW
GetFullPathNameW
GetFullPathNameA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
RemoveDirectoryW
MoveFileExW
DeleteFileW
ExitProcess
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
OutputDebugStringA
HeapReAlloc
HeapQueryInformation
GetExitCodeProcess
CreateProcessA
CreateProcessW
FlushFileBuffers
GetTimeZoneInformation
ReadConsoleW
CreateSemaphoreW

ws2_32

freeaddrinfo
getaddrinfo
WSAGetLastError
socket
shutdown
setsockopt
WSAStartup
WSACleanup
sendto
send
select
recvfrom
recv
__WSAFDIsSet
accept
bind
listen
ioctlsocket
connect
closesocket

dbgeng

DebugCreate

ole32

CoUninitialize
CoInitializeEx

Sections

.textbss
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 819KB - Virtual size: 819KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b22e491f048c70ce323e1d2135348b50

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

dbgeng

ole32

Sections

.textbss Size: - Virtual size: 5.2MB

.text Size: 10.8MB - Virtual size: 10.8MB

.rdata Size: 3.6MB - Virtual size: 3.6MB

.data Size: 115KB - Virtual size: 176KB

.pdata Size: 819KB - Virtual size: 819KB

.idata Size: 9KB - Virtual size: 9KB

.gfids Size: 7KB - Virtual size: 7KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 94KB - Virtual size: 94KB

.textbss
Size: - Virtual size: 5.2MB

.text
Size: 10.8MB - Virtual size: 10.8MB

.rdata
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 115KB - Virtual size: 176KB

.pdata
Size: 819KB - Virtual size: 819KB

.idata
Size: 9KB - Virtual size: 9KB

.gfids
Size: 7KB - Virtual size: 7KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 94KB - Virtual size: 94KB