2024-06-27_429978afbef4d5a21d707a382365f825_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-27_429978afbef4d5a21d707a382365f825_ryuk
Size

1.7MB
MD5

429978afbef4d5a21d707a382365f825
SHA1

ba3ac519634a9a1eaa30ef33a6a058f3d64cd701
SHA256

28aaf5b5d5f50408c7f0592d44bf75a0350ade68b4ed869979c36fdf44a25897
SHA512

1fa85eb1389bc6c40e4915ae2cd045d6e08f68466cd7df63410726aecfeb6263907a036ead6ad56f6525ec1e18ff2635c5d686b8604b1b4e38a6fe03e300e400
SSDEEP

24576:2am7L2Ff53JmuNLrh2lRgIGbGFBP8JUODHG0900ibGP:bZh2l3+G7y00ibS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-27_429978afbef4d5a21d707a382365f825_ryuk

Files

2024-06-27_429978afbef4d5a21d707a382365f825_ryuk
.exe windows:5 windows x64 arch:x64

7ea607bd9d3e5ea180919b096ff802e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Project\dtl_dep\PC\driverthelife8\trunk\dtldevapi\trunk\Release\dtldevcon64.pdb

Imports

advapi32

RegCloseKey
RegDeleteValueW
RegSetValueExW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitiateSystemShutdownExW

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetFileSize
WriteFile
SetFilePointer
CloseHandle
GetLocalTime
FormatMessageA
GetModuleFileNameA
CreateFileA
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
FindClose
GetTickCount
LoadLibraryW
GetWindowsDirectoryW
GetFullPathNameW
GetFileAttributesW
FindFirstFileW
FindNextFileW
LocalFree
GetCurrentProcess
FormatMessageW
FileTimeToSystemTime
GetDateFormatW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
SetStdHandle
GetStringTypeW
GetCurrentThread
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
HeapAlloc
HeapFree
GetACP
GetCommandLineW
GetCommandLineA
CreateFileW
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx

ole32

CLSIDFromString

setupapi

SetupDiOpenDeviceInfoW
SetupCopyOEMInfW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoW
CM_Get_Next_Res_Des_Ex
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_First_Log_Conf_Ex
CM_Free_Res_Des_Handle
CM_Free_Log_Conf_Handle
SetupDiGetDriverInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiGetDriverInfoDetailW
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupScanFileQueueW
SetupCloseFileQueue
SetupOpenFileQueue
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDriverInfoList
SetupDiCreateDeviceInfoListExW
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNode_ExW
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_ExW
CM_Disconnect_Machine
CM_Connect_MachineW
SetupDiClassGuidsFromNameExW
SetupDiClassNameFromGuidExW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiOpenClassRegKeyExW
SetupDiCallClassInstaller
SetupDiGetClassDescriptionExW
SetupDiBuildClassInfoListExW
SetupDiGetINFClassW
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

user32

CharNextW
LoadStringW

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7ea607bd9d3e5ea180919b096ff802e7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

setupapi

user32

shlwapi

Sections

.text Size: 398KB - Virtual size: 397KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 5KB - Virtual size: 12KB

.pdata Size: 20KB - Virtual size: 19KB

.idata Size: 8KB - Virtual size: 8KB

.gfids Size: 1024B - Virtual size: 1014B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 398KB - Virtual size: 397KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 20KB - Virtual size: 19KB

.idata
Size: 8KB - Virtual size: 8KB

.gfids
Size: 1024B - Virtual size: 1014B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB