2024-06-07_2c63e2121ef07e7a8a5650980ef047e2_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-07_2c63e2121ef07e7a8a5650980ef047e2_ryuk
Size

7.6MB
MD5

2c63e2121ef07e7a8a5650980ef047e2
SHA1

604007fa25542b0fb5057934a5fc67f4a35934f8
SHA256

68592edbad3f01a8265d4d461f1a2ed6e71e2e38be8df381159490ac8dad89eb
SHA512

3f4a81ed4b85f94258f4974333872b23852efc4bc2bd19fe24d1749acc644838e1f1eae2f3c81be97bda4ebf207ee01db1267b1e45da8d317b1b01f3d36b0523
SSDEEP

98304:PhC7pA2Fvr8ohvszmPgzx+sBL9nwJOgw+78aYNdsZ:P9I5mzwOLpwJfw+Ic

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-07_2c63e2121ef07e7a8a5650980ef047e2_ryuk

Files

2024-06-07_2c63e2121ef07e7a8a5650980ef047e2_ryuk
.exe windows:5 windows x64 arch:x64

2883374f7ca542350a0b7651e533dfc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\data\landun\workspace\CommonComponent\ACE-Guard\1.compile_source\output\x64\Release\SGuard64.pdb

Imports

psapi

GetModuleInformation
GetMappedFileNameW
GetModuleFileNameExW

userenv

ExpandEnvironmentStringsForUserW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathRemoveFileSpecW
PathFindFileNameA
PathFileExistsW
StrStrIW
PathFindFileNameW
PathAppendW

wtsapi32

WTSQueryUserToken

ws2_32

WSAStartup
htonl
htons
freeaddrinfo
inet_addr
getaddrinfo
select
__WSAFDIsSet
WSACleanup
getsockname
getsockopt
WSAGetLastError
accept
bind
listen
setsockopt
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
ioctlsocket
sendto
recv
recvfrom
connect
socket
send
closesocket
gethostname
WSAEventSelect
getpeername
WSAIoctl
ntohs
WSASetLastError

wldap32

ord301
ord79
ord30
ord200
ord22
ord41
ord143
ord217
ord46
ord26
ord27
ord32
ord35
ord33
ord60
ord50
ord211

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
DuplicateHandle
EncodePointer
GetCPInfo
OutputDebugStringW
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
ExitThread
FreeLibraryAndExitThread
GetFileAttributesExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
WriteConsoleW
SetConsoleCtrlHandler
GetACP
GetConsoleCP
IsValidLocale
FlushFileBuffers
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
SetStdHandle
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
CreateFileW
GetFileAttributesW
AreFileApisANSI
CloseHandle
RaiseException
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexA
CreateMutexW
CreateEventW
Sleep
GetProcessTimes
TerminateProcess
GetThreadTimes
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetVersionExW
GetLogicalProcessorInformation
VirtualAlloc
VirtualProtect
VirtualFree
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
MapViewOfFileEx
UnmapViewOfFile
CreateTimerQueueTimer
DeleteTimerQueueTimer
InterlockedPopEntrySList
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
LocalAlloc
LocalFree
SetThreadAffinityMask
CreateFileMappingA
RegisterWaitForSingleObject
UnregisterWait
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLCID
EnumSystemLocalesW
GetEnvironmentVariableW
ResumeThread
OpenProcess
ExitProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
WriteFile
SetFilePointer
GetFileSize
GetModuleHandleW
HeapSize
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
SwitchToThread
GetCurrentProcessId
SizeofResource
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
LockResource
LoadResource
FindResourceW
GetWindowsDirectoryA
GetLogicalDriveStringsA
GetTempPathW
GetTempFileNameW
CreateThread
OpenEventW
SetCurrentDirectoryW
SystemTimeToFileTime
GetSystemTime
TryEnterCriticalSection
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetUserDefaultUILanguage
CreateDirectoryW
ExpandEnvironmentStringsW
DeleteFileW
GetNativeSystemInfo
VerSetConditionMask
VerifyVersionInfoW
ReadFile
GetFileSizeEx
EnumResourceNamesW
SetFilePointerEx
GetFileTime
TerminateThread
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetProcessId
GlobalAlloc
GlobalFree
GetModuleFileNameA
Module32FirstW
Module32NextW
SetUnhandledExceptionFilter
GetCommandLineA
UnhandledExceptionFilter
OpenMutexW
GetModuleHandleA
LoadLibraryA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileType
GetStdHandle
OutputDebugStringA
DeleteFiber
FindFirstFileA
FindNextFileA
FormatMessageA
ConvertFiberToThread
QueryPerformanceCounter
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetExitCodeThread
InitializeCriticalSection
SleepEx
FormatMessageW
MoveFileExA
PeekNamedPipe
WaitForMultipleObjects
QueryDepthSList
UnregisterWaitEx
HeapCreate
GetDiskFreeSpaceW
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
GetModuleHandleExW

user32

GetClassNameW
EnumChildWindows
IsWindowEnabled
GetAncestor
GetWindowThreadProcessId
GetWindowInfo
SendMessageTimeoutW
GetWindow
GetWindowLongW
LookupIconIdFromDirectory
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
UpdateWindow
TranslateMessage
DispatchMessageW
GetMessageW
DefWindowProcW
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
GetDesktopWindow
GetLayeredWindowAttributes
IsWindow
IsWindowVisible
RegisterClassExW

advapi32

DeleteService
RegCloseKey
ImpersonateLoggedOnUser
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
FreeSid
CryptEncrypt
OpenProcessToken
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenServiceW
ChangeServiceConfigW
ControlService
OpenSCManagerW
CloseServiceHandle
OpenEventLogW
ReadEventLogW
CloseEventLog
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey

shell32

CommandLineToArgvW

pdh

PdhCloseQuery
PdhAddCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCollectQueryData
PdhOpenQueryW

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2883374f7ca542350a0b7651e533dfc8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

userenv

version

shlwapi

wtsapi32

ws2_32

wldap32

kernel32

user32

advapi32

shell32

pdh

dbghelp

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 81KB - Virtual size: 108KB

.pdata Size: 163KB - Virtual size: 162KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 36KB - Virtual size: 36KB

.tvm0 Size: 3.1MB - Virtual size: 3.1MB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 81KB - Virtual size: 108KB

.pdata
Size: 163KB - Virtual size: 162KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 36KB - Virtual size: 36KB

.tvm0
Size: 3.1MB - Virtual size: 3.1MB