2024-06-27_4177255726a54cb9fac7cd7d35b12b24_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-27_4177255726a54cb9fac7cd7d35b12b24_ryuk
Size

2.8MB
MD5

4177255726a54cb9fac7cd7d35b12b24
SHA1

9eb99f4a8c360a60c6b34079d3eb1e146ff989c2
SHA256

ca48629ae6786d8680e26c6221ee758d155f721100a1eff0f62c5daf26b5d83b
SHA512

94abe5090359193296e7f47baa9b3323e21e5b56c8a430c523259a5c9ef8dd010b6ad0b48ed719cbfda1108807601f091e671622cb7882bafc6034cd947bb825
SSDEEP

49152:k2AnP0ny6BKau7kcSKI/a8QgSrlbsbrJoonScyG7y00ibS:k2AnCy6BFcmMwJAcC00ibS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-27_4177255726a54cb9fac7cd7d35b12b24_ryuk

Files

2024-06-27_4177255726a54cb9fac7cd7d35b12b24_ryuk
.exe windows:6 windows x64 arch:x64

ee62cc497ed5283421c7690a8bc454e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

ws2_32

inet_addr
WSAGetLastError
WSAAddressToStringA
socket
gethostbyaddr
recv
inet_ntoa
gethostname
ntohl
freeaddrinfo
getaddrinfo
WSAStringToAddressA
gethostbyname
shutdown
setsockopt
sendto
send
select
recvfrom
listen
htons
getsockopt
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
WSACleanup
WSAStartup
ntohs
getsockname

advapi32

SystemFunction036
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
GetUserNameW
AddAccessAllowedAceEx
CreateWellKnownSid
InitializeAcl
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ChangeServiceConfig2A

user32

MessageBoxW
GetDesktopWindow
GetUserObjectInformationW
GetProcessWindowStation
GetSystemMetrics

kernel32

GetConsoleCP
GetConsoleMode
ReadConsoleW
GetCommandLineW
GetACP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetStringTypeW
FlushFileBuffers
CreateDirectoryW
SetStdHandle
GetFileAttributesExW
SetFileAttributesW
MoveFileExW
DeleteFileW
WriteConsoleW
GetCPInfo
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
SetFilePointerEx
SetEndOfFile
FreeLibraryAndExitThread
ResumeThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetEvent
Sleep
GetModuleFileNameA
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
GetLastError
WaitForSingleObject
CreateEventA
CreateThread
ExitThread
FreeEnvironmentStringsW
CreateProcessW
CreateSemaphoreA
GetVersionExA
CloseHandle
CreateProcessA
MultiByteToWideChar
WideCharToMultiByte
ReleaseSemaphore
CreateFileA
DeviceIoControl
GetVolumeInformationA
GetFileAttributesA
GetFileInformationByHandle
CreateDirectoryA
FindFirstFileW
FindNextFileW
GlobalFree
GetFileType
GetCurrentThreadId
GetVersion
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GetVersionExW
FreeLibrary
GetProcAddress
GlobalMemoryStatus
LoadLibraryW
LocalFree
LocalAlloc
CreateMutexA
ReleaseMutex
FormatMessageA
GetEnvironmentVariableA
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
TlsSetValue
TlsGetValue
TlsAlloc
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
GetCurrentProcess
TlsFree
HeapFree
GetProcessHeap
HeapAlloc
GetModuleHandleA
ReadFile
WriteFile
GetFileSize
GetLocalTime
SetErrorMode
HeapReAlloc
SearchPathA
OpenSemaphoreA
GetTimeZoneInformation
GetFullPathNameA
GetFullPathNameW
GetDriveTypeW
CreateFileW
UnlockFileEx
LockFileEx
GetExitCodeProcess
GetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableW
SetEnvironmentVariableA
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
SetLastError
GetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetModuleFileNameW
HeapSize

shell32

SHGetSpecialFolderPathA

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 263KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ee62cc497ed5283421c7690a8bc454e0

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

ws2_32

advapi32

user32

kernel32

shell32

winhttp

ole32

oleaut32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 197KB - Virtual size: 196KB

.data Size: 263KB - Virtual size: 1.4MB

.pdata Size: 62KB - Virtual size: 61KB

_RDATA Size: 512B - Virtual size: 116B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 197KB - Virtual size: 196KB

.data
Size: 263KB - Virtual size: 1.4MB

.pdata
Size: 62KB - Virtual size: 61KB

_RDATA
Size: 512B - Virtual size: 116B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 580KB - Virtual size: 584KB