2024-06-27_f7d8001876afd8cd66e82286f4106503_poet-rat_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-27_f7d8001876afd8cd66e82286f4106503_poet-rat_ryuk
Size

3.2MB
MD5

f7d8001876afd8cd66e82286f4106503
SHA1

3f2d0e4b8862d13c0c09a3dffab54721c77aeb99
SHA256

61bfae27bc0557fa786610b653954720aea17aeb7f2055e3372d6e4e21a78d12
SHA512

291f9c9842f372b7b31991e087c48c4bac7dc09a60ed8806fb8f3eba4964a06e872f77f66abc8332b5f70dde1cf99ac3e694875ef0d8de6cb4c17e382d129e35
SSDEEP

49152:q8s1vCuEJ8XKv0wb7rxIuU/a7zJJYB2KmQr9bUYYmxxniAUXZXjTjvaX:9Hb7re/aGr9bpniAUhS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-27_f7d8001876afd8cd66e82286f4106503_poet-rat_ryuk

Files

2024-06-27_f7d8001876afd8cd66e82286f4106503_poet-rat_ryuk
.exe windows:6 windows x64 arch:x64

5ad9d6bb57276aa2ecc72f539b109506

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvfw32

ICDecompress
ICSendMessage
ICClose
ICOpen

avifil32

AVIFileGetStream
AVIStreamInfoA
AVIStreamGetFrameClose
AVIStreamRelease
AVIStreamGetFrame
AVIFileOpenA
AVIFileRelease
AVIFileInit
AVIStreamGetFrameOpen

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

kernel32

GetModuleHandleA
GetProcAddress
LoadLibraryA
GetTickCount
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GetSystemTimeAsFileTime
CreateMutexW
ReleaseMutex
CreateEventW
SleepEx
CancelIo
GetCurrentProcess
WaitForMultipleObjects
DuplicateHandle
VerifyVersionInfoA
ReleaseSemaphore
WriteFile
DeviceIoControl
CreateFileA
GetVersionExA
GetOverlappedResult
VerSetConditionMask
GetCurrentProcessId
FreeLibrary
CreateSemaphoreA
SetThreadAffinityMask
GetProcessAffinityMask
TerminateThread
FormatMessageA
GetTempFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetACP
GetCommandLineW
GetCommandLineA
ExitProcess
HeapReAlloc
HeapFree
HeapAlloc
WriteConsoleW
GetModuleFileNameA
GetStdHandle
SetFilePointerEx
GetModuleHandleExW
ResumeThread
ExitThread
GetTempPathA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileA
CreateNamedPipeA
DisconnectNamedPipe
ConnectNamedPipe
GetLastError
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateFileW
RtlUnwindEx
RtlPcToFileHeader
GetStartupInfoW
IsDebuggerPresent
CloseHandle
ReadFile
GetCurrentThreadId
Sleep
RaiseException
HeapSize
GetTempPathW
DeleteFileW
SetEnvironmentVariableA
WideCharToMultiByte
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
LoadLibraryW
InitializeSListHead
UnregisterWaitEx
RegisterWaitForSingleObject
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
UnregisterWait
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent

user32

SetCapture
DestroyWindow
IsWindow
GetMonitorInfoA
MonitorFromRect
LoadIconA
LoadCursorA
GetClassLongPtrA
SetWindowLongPtrA
GetWindowLongPtrA
OffsetRect
SubtractRect
ScreenToClient
SetCursor
GetWindowRect
GetClientRect
GetWindowTextA
InvalidateRect
GetMessageA
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
EndPaint
GetKeyState
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetWindowPos
MoveWindow
ShowWindow
CreateWindowExA
UnregisterClassA
RegisterClassA
DefWindowProcA
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage

gdi32

GdiFlush
GetObjectA
SetDIBColorTable
SetStretchBltMode
StretchBlt
SelectObject
GetStockObject
GetCurrentObject
FillRgn
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
BitBlt
CreateDIBSection

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VariantInit
VariantClear
OleCreatePropertyFrame

comdlg32

GetSaveFileNameA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegCloseKey

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 983KB - Virtual size: 983KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ad9d6bb57276aa2ecc72f539b109506

Headers

DLL Characteristics

File Characteristics

Imports

msvfw32

avifil32

avicap32

kernel32

user32

gdi32

ole32

oleaut32

comdlg32

advapi32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 983KB - Virtual size: 983KB

.data Size: 61KB - Virtual size: 720KB

.pdata Size: 96KB - Virtual size: 95KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 983KB - Virtual size: 983KB

.data
Size: 61KB - Virtual size: 720KB

.pdata
Size: 96KB - Virtual size: 95KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 17KB - Virtual size: 17KB