2024-06-25_4d296c3187062d2aed1b883493c748df_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-25_4d296c3187062d2aed1b883493c748df_ryuk
Size

7.5MB
MD5

4d296c3187062d2aed1b883493c748df
SHA1

56d6fd20420579cced00e104e4e5fc0d0acb166c
SHA256

a946203a3655933cf9b8fcf6abeffd6566d7c7169790a53b7826515c46b048ed
SHA512

2815fa0c4d7e941be606380cd54fae4cc603c23057a370a674c7910dd1e18fe22b3ebcb826bf71d36bd798edaf2492644e68e3fb2e5d2d0b0fdffb41d958852d
SSDEEP

98304:pp49VW4bPJL0IuFLkBPaH3kbdfL59iwsU+/w:ppgxbBIjFL8PaUbdTLh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-25_4d296c3187062d2aed1b883493c748df_ryuk

Files

2024-06-25_4d296c3187062d2aed1b883493c748df_ryuk
.exe windows:6 windows x64 arch:x64

5540dd89abc017ee0e0f5c78fb5a5180

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAGetLastError
WSACleanup
WSAStartup
socket
send
recv
listen
inet_addr
closesocket
bind
accept
htons
htonl

kernel32

GetTempPathA
GetVersionExA
GetSystemTime
GetTempPathW
UnlockFile
AreFileApisANSI
LockFile
GetFileSize
GetFileAttributesW
GetFileAttributesA
DeleteFileA
LockFileEx
RegisterWaitForSingleObject
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFullPathNameW
GetVolumePathNameW
RemoveDirectoryW
GetLastError
Sleep
LocalFree
FormatMessageA
GetCurrentProcess
GlobalMemoryStatusEx
K32GetProcessMemoryInfo
GetComputerNameA
GetSystemTimeAsFileTime
GetFileInformationByHandle
SetEndOfFile
SetFilePointer
CreateFileA
GetFileSizeEx
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
WideCharToMultiByte
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
CreateFileW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateDirectoryW
DeleteFileW
ReadFile
GetFullPathNameA
SetEnvironmentVariableA
GetCurrentDirectoryW
GetTimeZoneInformation
SetStdHandle
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleCP
SetFilePointerEx
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
WriteConsoleW
GetProcessHeap
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5540dd89abc017ee0e0f5c78fb5a5180

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 64KB - Virtual size: 189KB

.pdata Size: 262KB - Virtual size: 261KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 64KB - Virtual size: 189KB

.pdata
Size: 262KB - Virtual size: 261KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 26KB - Virtual size: 25KB