2024-06-12_9c279f27a54965c3e2da3dc326fc652b_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-12_9c279f27a54965c3e2da3dc326fc652b_ryuk
Size

1.2MB
MD5

9c279f27a54965c3e2da3dc326fc652b
SHA1

2dc58e1908fc9f5b1367ca5d83a9f5ff0c631da4
SHA256

83c2f34b587531e85df3c49ec90c7a64f6272ed98e41d221200544eaf23ac7f3
SHA512

20afd41c4d34ebe2ab6264755caaf676900431663a57457ed773ff1565e5751a3d8315edd12175bbcdbce567d9701ce7de6effe602e25ef61b79486a1f1e6533
SSDEEP

24576:10+jqwpIhSFnM67pbpSLexL2gyX6WH1Mr3nQzh:y+LAWM67pbpSsLUX6WH1aUh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-12_9c279f27a54965c3e2da3dc326fc652b_ryuk

Files

2024-06-12_9c279f27a54965c3e2da3dc326fc652b_ryuk
.exe windows:6 windows x64 arch:x64

78da55e5f01bb1b2eff0f7207a264ee6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BWA\CA78D21A-408D-0\iTunesWin-1200.12.6.1.25\srcroot\iTunes\iPodSupport\(Win32)\BuildResults\Release64\bin\iPodService.exe.pdb

Imports

cfgmgr32

CM_Get_Parent
CM_Get_DevNode_Status
CMP_WaitNoPendingInstallEvents
CM_Get_Device_ID_Size
CM_Get_Device_IDA
CM_Setup_DevNode
CM_Query_And_Remove_SubTreeW

setupapi

SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstallParamsA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

rpcrt4

UuidFromStringW

kernel32

SetDllDirectoryA
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByte
OutputDebugStringA
SetEvent
WaitForSingleObject
CreateEventA
Sleep
GetCurrentProcess
CreateThread
GetCurrentThread
WaitForMultipleObjects
lstrcpyA
CreateToolhelp32Snapshot
Process32First
Process32Next
InitializeCriticalSection
OpenEventA
ResetEvent
TerminateThread
GetExitCodeThread
CreateFileA
GetOverlappedResult
DeviceIoControl
LoadLibraryA
GetFileSize
ReadFile
GetTickCount
GetVolumeInformationA
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetLocalTime
FlushFileBuffers
WriteFile
TryEnterCriticalSection
GetFileAttributesA
GetLogicalDrives
GetDiskFreeSpaceExA
GetFileAttributesExA
InitializeCriticalSectionAndSpinCount
GetLogicalDriveStringsA
CreateFileW
SetFilePointer
GetModuleFileNameW
CopyFileW
ReleaseSemaphore
CreateSemaphoreA
VerSetConditionMask
HeapSetInformation
LoadLibraryW
VerifyVersionInfoA
GlobalAlloc
GlobalFree
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLCID
LocalFree
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetCPInfo
GetStringTypeW
GetFileType
FindResourceA
OpenMutexA
lstrcmpiA
SizeofResource
LoadResource
LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetCurrentThreadId
CreateMutexA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetErrorMode
GetLastError
RaiseException
CloseHandle
DecodePointer
GetCommandLineA
LCMapStringW
CompareStringW
HeapReAlloc
HeapSize
HeapAlloc
HeapFree
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwindEx
EncodePointer
RtlPcToFileHeader
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
CreateEventW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
OutputDebugStringW
IsDebuggerPresent

user32

LoadStringA
PostThreadMessageA
CharUpperA
CharNextA
CharNextW
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SendMessageA
RegisterDeviceNotificationA
UnregisterDeviceNotification
DefWindowProcA
PostQuitMessage
RegisterClassA
GetPropA
SetPropA
SetTimer
DestroyWindow
CreateWindowExA

advapi32

RegCloseKey
SetSecurityDescriptorDacl
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegQueryValueExW
RegOpenKeyExW
UnlockServiceDatabase
QueryServiceStatusEx
LockServiceDatabase
ChangeServiceConfig2A
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
InitializeSecurityDescriptor

ole32

IIDFromString
CoInitializeSecurity
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateInstance
StringFromGUID2

oleaut32

VariantClear
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

78da55e5f01bb1b2eff0f7207a264ee6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cfgmgr32

setupapi

version

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 364KB - Virtual size: 364KB

.rdata Size: 154KB - Virtual size: 153KB

.data Size: 11KB - Virtual size: 16KB

.pdata Size: 22KB - Virtual size: 22KB

.gfids Size: 512B - Virtual size: 264B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 102KB - Virtual size: 102KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 364KB - Virtual size: 364KB

.rdata
Size: 154KB - Virtual size: 153KB

.data
Size: 11KB - Virtual size: 16KB

.pdata
Size: 22KB - Virtual size: 22KB

.gfids
Size: 512B - Virtual size: 264B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 102KB - Virtual size: 102KB

.reloc
Size: 572KB - Virtual size: 576KB