2024-06-05_638f13cea9d3e6630249fd7d57149f8e_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-05_638f13cea9d3e6630249fd7d57149f8e_ryuk
Size

5.2MB
MD5

638f13cea9d3e6630249fd7d57149f8e
SHA1

8befc1db0a5da7380c904bfcb1312e77a6a1b511
SHA256

498019268cd262c69dfeb321d7462f6134b2787aeb33d4e8676f4e94a4d6d8f3
SHA512

118b62a63e1bc8da4ef892affd8eaf078e3109b0db07c95d1d4c95f8ba93276c3eb7c15d8487b2e302a9712bf3c80956d33b015e8ed0ee72e9f227191637d2aa
SSDEEP

98304:IP2UgzJMSU8+DuXRaZN7xrWxvaLdxYZzNV9F/wuHiXMJnUCkikb5l:IP2UglU88VrWxvaLdxAV3vHi8JnUCkjD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-05_638f13cea9d3e6630249fd7d57149f8e_ryuk

Files

2024-06-05_638f13cea9d3e6630249fd7d57149f8e_ryuk
.exe windows:6 windows x64 arch:x64

b12c412a98cdd5e1608baffb72baadbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\workspace\MetaTrader5\Build\Servers\MetaTrader5ServerDeployer\Release64\srvdeployer.pdb

Imports

kernel32

AcquireSRWLockExclusive
AddVectoredExceptionHandler
CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DosDateTimeToFileTime
EncodePointer
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetActiveProcessorCount
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileSizeEx
GetFileType
GetLastError
GetLocalTime
GetLogicalProcessorInformationEx
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHandleCount
GetProcessHeap
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadContext
GetTickCount
GetTickCount64
GetTimeZoneInformation
GetUserDefaultUILanguage
GetVersionExW
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
K32GetProcessMemoryInfo
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LoadResource
LocalFree
LockResource
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
OpenEventW
OpenProcess
OpenThread
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
ReleaseSRWLockExclusive
RemoveDirectoryW
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

ws2_32

FreeAddrInfoW
GetAddrInfoW
InetPtonW
WSACleanup
WSAConnect
WSAGetLastError
WSAIoctl
WSARecv
WSASend
WSASocketW
WSAStartup
bind
closesocket
gethostbyname
getpeername
htons
inet_addr
ioctlsocket
recv
select
send
setsockopt
shutdown

user32

CharLowerW
PostMessageA

shell32

SHGetFileInfoW
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW

advapi32

CloseServiceHandle
EnumServicesStatusW
GetTokenInformation
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatusEx
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueW
RegSetValueExW

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear

dbghelp

MiniDumpWriteDump
StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
SymGetOptions
SymInitialize
SymLoadModule64
SymSetOptions

shlwapi

PathFindExtensionW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 60.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 156B

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cod0
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cod1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cod2
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b12c412a98cdd5e1608baffb72baadbe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

user32

shell32

advapi32

ole32

oleaut32

dbghelp

shlwapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 706KB - Virtual size: 706KB

.data Size: 5KB - Virtual size: 60.1MB

.pdata Size: 19KB - Virtual size: 18KB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 9KB - Virtual size: 8KB

.retplne Size: 512B - Virtual size: 156B

_RDATA Size: 512B - Virtual size: 500B

.cod0 Size: 1.6MB - Virtual size: 1.6MB

.cod1 Size: 3KB - Virtual size: 3KB

.cod2 Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 10KB - Virtual size: 9KB

.rsrc Size: 77KB - Virtual size: 76KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 706KB - Virtual size: 706KB

.data
Size: 5KB - Virtual size: 60.1MB

.pdata
Size: 19KB - Virtual size: 18KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 9KB - Virtual size: 8KB

.retplne
Size: 512B - Virtual size: 156B

_RDATA
Size: 512B - Virtual size: 500B

.cod0
Size: 1.6MB - Virtual size: 1.6MB

.cod1
Size: 3KB - Virtual size: 3KB

.cod2
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 77KB - Virtual size: 76KB