2024-06-04_c693d53dacdfab5fc4bd95f1c0202de8_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-04_c693d53dacdfab5fc4bd95f1c0202de8_ryuk
Size

1.2MB
MD5

c693d53dacdfab5fc4bd95f1c0202de8
SHA1

37d33415a385646a5e1da740812fc579d4ad9f06
SHA256

ba44d724d1e9c5eeb878b78cfa9845b357eafa61787934a3d8e7e1cbae3401d7
SHA512

383b5809219ef794ca51ec9e52d43ef4c5691c82264e7e1ad205046f9138f15470b96f7c517053d7209d8b3c38877f92a0393cc537035c509ee15e7d9b9bf08d
SSDEEP

24576:bNKpfF/wATJMMt+tcWv5kGhW61O8kmJOBrV4dvePyi6iQtX:pK19wATWBtMrcePn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-04_c693d53dacdfab5fc4bd95f1c0202de8_ryuk

Files

2024-06-04_c693d53dacdfab5fc4bd95f1c0202de8_ryuk
.exe windows:6 windows x64 arch:x64

42e8ae55d23e542f85beb463a6c09f9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\quickbuild\workspace\16868\sprint_87\agent\native\generic\ruxitdumpproc\build\binaries\windows-x64-release\ruxitdumpproc.pdb

Imports

kernel32

FileTimeToSystemTime
GetEnvironmentVariableA
CreateFileA
CloseHandle
DeviceIoControl
GetCurrentProcess
OpenThread
GetProcessId
GetThreadContext
OpenProcess
ReadProcessMemory
IsWow64Process
FreeLibrary
GetModuleFileNameA
SystemTimeToTzSpecificLocalTime
LocalFree
Wow64GetThreadContext
FormatMessageA
CreateJobObjectA
AssignProcessToJobObject
SetInformationJobObject
CreateToolhelp32Snapshot
Process32First
Process32Next
Thread32First
Thread32Next
HeapSize
WriteConsoleW
LoadLibraryA
GetProcAddress
GetLastError
GetModuleHandleA
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
CreateThread
OutputDebugStringW
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
GetSystemTime
MultiByteToWideChar
Sleep
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCommandLineW
GetFullPathNameA
GetModuleFileNameW
WideCharToMultiByte
ExpandEnvironmentStringsA
GetCurrentProcessId
GetModuleHandleW
GetComputerNameExA
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
CreateFileW
GetFileType
ExitProcess
GetModuleHandleExW
SetStdHandle
GetDriveTypeW
PeekNamedPipe
GetFullPathNameW
HeapAlloc
HeapFree
HeapReAlloc
GetStdHandle
WriteFile
GetCommandLineA
GetACP
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
GetCurrentThread
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
SetCurrentDirectoryW
GetCurrentDirectoryW
GetProcessHeap
CreateDirectoryA

shell32

SHFileOperationA

advapi32

SystemFunction036
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

dbghelp

SymGetModuleInfo64
SymCleanup
StackWalk64
SymGetModuleBase64
SymInitialize
SymSrvIsStore
SymFunctionTableAccess64
SymFromAddr
MiniDumpWriteDump
EnumerateLoadedModules64

Sections

.text
Size: 893KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42e8ae55d23e542f85beb463a6c09f9b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

advapi32

version

dbghelp

Sections

.text Size: 893KB - Virtual size: 892KB

.rdata Size: 238KB - Virtual size: 238KB

.data Size: 11KB - Virtual size: 199KB

.pdata Size: 52KB - Virtual size: 51KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 893KB - Virtual size: 892KB

.rdata
Size: 238KB - Virtual size: 238KB

.data
Size: 11KB - Virtual size: 199KB

.pdata
Size: 52KB - Virtual size: 51KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 5KB - Virtual size: 5KB