2024-06-16_867f70df9fe1525df0fe5eac268b79b2_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_867f70df9fe1525df0fe5eac268b79b2_ryuk
Size

32.9MB
MD5

867f70df9fe1525df0fe5eac268b79b2
SHA1

714d2624b374cfa8868411ddbc6f3fd03770ed1e
SHA256

48c8044d5ffd8cfc2abc73eeb9d15e9e6f196fbd7a744ea41d965bcc7f237bb1
SHA512

952bea6608f967ca494ebde2acaa1d124e17f83017c5a01e25e161d786ff0a15234fdd817eed2de1db4ae79f84c7edf2fa6bb1983789b39580824330e20ba994
SSDEEP

786432:JffBAVH6xfgWsW7YCx6YPjldGUauMJTDIicW16m:JnBCofgWsWECLlIUPMpDu06

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-16_867f70df9fe1525df0fe5eac268b79b2_ryuk

Files

2024-06-16_867f70df9fe1525df0fe5eac268b79b2_ryuk
.exe windows:6 windows x64 arch:x64

16c0b996a278326d41143ec7824eb23d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\bigdo\source\repos\BeanTech\x64\Release\Animal Well.pdb

Imports

kernel32

CancelIo
CloseHandle
CreateEventA
CreateEventW
CreateFileW
CreateSemaphoreW
CreateThread
DebugBreak
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesW
GetFileSizeEx
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoEx
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetOverlappedResultEx
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSemaphore
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpiW
lstrlenA

ole32

CLSIDFromString
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal

user32

AdjustWindowRect
AttachThreadInput
CreateWindowExA
DefWindowProcA
DispatchMessageA
GetCursorInfo
GetCursorPos
GetForegroundWindow
GetKeyboardState
GetMonitorInfoA
GetWindowLongA
GetWindowPlacement
GetWindowRect
LoadCursorA
LoadIconA
MessageBoxA
MonitorFromWindow
PeekMessageA
PostQuitMessage
RegisterClassExA
ScreenToClient
SetCursor
SetFocus
SetForegroundWindow
SetWindowLongA
SetWindowPlacement
SetWindowPos
ShowCursor
ShowWindow
TranslateMessage

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath

winspool.drv

EnumPrintersW

propsys

PropVariantToGUID

steam_api64

SteamAPI_GetHSteamUser
SteamAPI_Init
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamInternal_ContextInit
SteamInternal_FindOrCreateUserInterface

xinput9_1_0

XInputGetState
XInputSetState

xaudio2_9

ord2

d3d12

ord101
D3D12SerializeRootSignature

dxgi

CreateDXGIFactory1

xpsprint

StartXpsPrintJob

winmm

timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime

hid

HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetFeature
HidD_GetHidGuid
HidD_GetManufacturerString
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidD_SetFeature
HidP_GetCaps
HidP_GetValueCaps

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
setupGame
updateGame

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31.6MB - Virtual size: 31.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 12.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 52B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16c0b996a278326d41143ec7824eb23d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

user32

shell32

winspool.drv

propsys

steam_api64

xinput9_1_0

xaudio2_9

d3d12

dxgi

xpsprint

winmm

hid

setupapi

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 31.6MB - Virtual size: 31.6MB

.data Size: 50KB - Virtual size: 12.8MB

.pdata Size: 25KB - Virtual size: 24KB

.00cfg Size: 512B - Virtual size: 40B

.gehcont Size: 512B - Virtual size: 60B

.tls Size: 512B - Virtual size: 9B

.voltbl Size: 512B - Virtual size: 52B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 31.6MB - Virtual size: 31.6MB

.data
Size: 50KB - Virtual size: 12.8MB

.pdata
Size: 25KB - Virtual size: 24KB

.00cfg
Size: 512B - Virtual size: 40B

.gehcont
Size: 512B - Virtual size: 60B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 512B - Virtual size: 52B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 4KB - Virtual size: 3KB