2024-06-14_9340bd41d6c2a16f8a995785378b70d2_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_9340bd41d6c2a16f8a995785378b70d2_ryuk
Size

3.8MB
MD5

9340bd41d6c2a16f8a995785378b70d2
SHA1

1827110d9f989192b8e62d650ae47c8bb27e9a63
SHA256

05d6d7ddad15e0d0ca90b333dac9184273c80fd52cfa7a3becd6dd9c84edd068
SHA512

7445afc11cfac5658d7c3534bb1d6ceccbeba3d820991f9002376c720cfd9c699cf7870b6d98165c926a9f997a7ea9d3570ed9ea3ea8e9eac595f622a9269b50
SSDEEP

49152:f9CmznMl3kekWxXPu6DsB7Ba8jcEwPXx4yH:EgeD/XCM8oEm4yH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-14_9340bd41d6c2a16f8a995785378b70d2_ryuk

Files

2024-06-14_9340bd41d6c2a16f8a995785378b70d2_ryuk
.exe windows:6 windows x64 arch:x64

b66565fb7cc88a3e863014a4f169be64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r367\r367_00\drivers\nvwmi\_out\winnext_amd64_release\nvwmi64.pdb

Imports

kernel32

LoadLibraryExW
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
HeapFree
HeapAlloc
GetCurrentThread
MultiByteToWideChar
GetACP
WideCharToMultiByte
GetStdHandle
GetFileType
GetStartupInfoW
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetStringTypeW
SetConsoleCtrlHandler
GetProcessHeap
IsValidCodePage
GetOEMCP
GetCPInfo
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
GetModuleFileNameW
WriteConsoleW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
HeapSize
HeapReAlloc
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetCurrentProcessId
InitializeSListHead
GetTickCount
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetLocalTime
FindClose
FindFirstFileW
LoadLibraryW
WaitNamedPipeW
CreateFileA
DeleteFileA
FileTimeToLocalFileTime
GetFileInformationByHandle
LocalFileTimeToFileTime
SetFileInformationByHandle
SetFilePointer
GetTempPathA
GetTempFileNameA
FileTimeToDosDateTime
DosDateTimeToFileTime
QueryPerformanceFrequency
GetFullPathNameW
CreateProcessA
CreateProcessW
LocalAlloc
lstrcmpA
GetFullPathNameA
GetCurrentDirectoryW
SetEndOfFile
SetCurrentDirectoryW
ReadConsoleW
GetTimeZoneInformation
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetCommandLineA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetModuleFileNameA
SetLastError
InterlockedFlushSList
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
TlsAlloc
InterlockedPushEntrySList
RtlUnwindEx
RtlLookupFunctionEntry
EncodePointer
RtlPcToFileHeader
InitializeCriticalSectionEx
RaiseException
DecodePointer
LocalFree
FormatMessageW
K32GetProcessImageFileNameW
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
WTSGetActiveConsoleSessionId
VerifyVersionInfoW
GetProcAddress
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
VerSetConditionMask
GetModuleHandleW
GetSystemDirectoryW
OpenProcess
GetCurrentProcess
SignalObjectAndWait
Sleep
CreateEventW
ResetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetCommandLineW
RegisterWaitForSingleObject
OpenEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
SetEvent
CloseHandle
GetCurrentThreadId
CreateFileW
GetFileAttributesW

user32

DefWindowProcW
RegisterClassW
LoadIconW
LoadStringW
OpenDesktopW
OpenInputDesktop
CreateWindowExW
DestroyWindow
PostMessageW
TranslateMessage
GetMessageW
DispatchMessageW
ChangeDisplaySettingsExA
SetThreadDesktop
CloseDesktop
GetThreadDesktop
EnumDisplayDevicesW
SendMessageW
UnregisterClassW
GetUserObjectInformationW
LoadCursorW

gdi32

GetDeviceGammaRamp
DeleteDC
CreateDCA
SetDeviceGammaRamp

advapi32

PerfSetCounterSetInfo
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
ChangeServiceConfig2W
RegQueryValueExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDisablePredefinedCacheEx
RegOpenCurrentUser
RegCloseKey
RevertToSelf
ImpersonateLoggedOnUser
SystemFunction036
PerfSetULongCounterValue
PerfDeleteInstance
PerfCreateInstance
CreateProcessAsUserW
PerfStopProvider
PerfStartProvider
RegGetValueW
CreateProcessWithTokenW
LookupAccountSidW
GetTokenInformation
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle

shell32

SHGetFolderPathA
SHGetFolderPathW
CommandLineToArgvW

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

SafeArrayPutElement
CreateErrorInfo
SetErrorInfo
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
SysStringByteLen
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayDestroy
GetErrorInfo
SafeArrayCreateVector

shlwapi

PathFindFileNameW
PathFindExtensionW
PathAppendA
PathIsFileSpecW
PathAddExtensionW
PathAppendW
PathFindExtensionA
PathAddBackslashW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

cabinet

ord20
ord14
ord13
ord10
ord22
ord23
ord11

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1001KB - Virtual size: 1001KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b66565fb7cc88a3e863014a4f169be64

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

version

cabinet

userenv

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 1001KB - Virtual size: 1001KB

.data Size: 48KB - Virtual size: 91KB

.pdata Size: 195KB - Virtual size: 195KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 163KB - Virtual size: 163KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 1001KB - Virtual size: 1001KB

.data
Size: 48KB - Virtual size: 91KB

.pdata
Size: 195KB - Virtual size: 195KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 163KB - Virtual size: 163KB

.reloc
Size: 12KB - Virtual size: 11KB