2024-06-29_57a8192359670fcfaab01b7dcc317c2b_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-29_57a8192359670fcfaab01b7dcc317c2b_ryuk
Size

10.0MB
MD5

57a8192359670fcfaab01b7dcc317c2b
SHA1

b5f9c97db33ad8432b94df38ed5add2c355ba9c4
SHA256

f2803faed220865ccc711d95d68f0b3363bf32d1b17f81281025ecbce720752c
SHA512

6b6f61cf178a894fe07a55aba63af24453c351d007af7fe7ce9387b8939261d0cbb7f4004a7529b5807dc77c2589bf2ba9a13e223fe7b80c0685050444df7fa9
SSDEEP

196608:H09s9Rjo6awvxw0sRK5kKRIQ8iuST8OeoZGh4tQD4ZIc4k6+XVa:U9I2ST8tt4ZIc4wla

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-29_57a8192359670fcfaab01b7dcc317c2b_ryuk

Files

2024-06-29_57a8192359670fcfaab01b7dcc317c2b_ryuk
.exe windows:5 windows x64 arch:x64

ed90cfd83a7faec58e88611b1d687717

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
StartServiceCtrlDispatcherA
GetSecurityDescriptorDacl
ConvertStringSidToSidA
LookupAccountSidA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegOpenKeyA
SetServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenServiceA
CloseServiceHandle
ChangeServiceConfig2A
QueryServiceObjectSecurity
SetServiceObjectSecurity
GetTokenInformation
DuplicateTokenEx
ConvertSidToStringSidA
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyExW
RegQueryValueExW
CryptGenRandom
CryptGetHashParam
CryptAcquireContextA

ws2_32

ioctlsocket
gethostname
htonl
ntohl
WSAStartup
WSACleanup
WSAGetLastError
socket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet

crypt32

CertFreeCertificateContext

wldap32

ord143
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26

normaliz

IdnToAscii
IdnToUnicode

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FreeEnvironmentStringsW
FindClose
GetFullPathNameA
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEndOfFile
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
OutputDebugStringA
GetFileAttributesExW
WriteConsoleW
CreateEventW
RtlCaptureContext
GetTimeFormatW
GetDateFormatW
FlushFileBuffers
GetCurrentThread
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
InterlockedFlushSList
ResetEvent
OutputDebugStringW
InterlockedPushEntrySList
RtlUnwindEx
RtlLookupFunctionEntry
RtlVirtualUnwind
FindFirstFileExA
SetLastError
RtlPcToFileHeader
CreateProcessW
VerifyVersionInfoW
IsDebuggerPresent
GetFullPathNameW
LoadLibraryExW
lstrcmpA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
GetLastError
GetTickCount
lstrcmpiA
CreateMutexA
GetModuleFileNameA
GetModuleHandleW
LocalFree
SetEvent
GetCurrentProcess
WTSGetActiveConsoleSessionId
CloseHandle
CreateToolhelp32Snapshot
Process32First
ProcessIdToSessionId
Process32Next
Sleep
OpenProcess
GetModuleHandleA
WaitForSingleObject
CreateThread
CreateEventA
GetSystemPowerStatus
CreateDirectoryA
CreateFileA
SetFilePointer
WriteFile
DeleteFileA
ReadFile
CreateProcessA
CopyFileA
FindResourceA
GetFileSize
SetUnhandledExceptionFilter
VirtualProtect
IsBadReadPtr
VirtualAlloc
VirtualFree
GetNativeSystemInfo
GetThreadLocale
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
FindFirstVolumeW
MultiByteToWideChar
GetVolumeInformationW
GetTickCount64
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
SleepEx
FormatMessageA
WaitForSingleObjectEx
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
CreateFileW
GetFileAttributesW
GetSystemDirectoryW
LocalAlloc
InitializeCriticalSection
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
FormatMessageW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
UnhandledExceptionFilter

user32

UnregisterClassA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

CreateErrorInfo
SysAllocString
SysFreeString
VariantClear
GetErrorInfo
VariantInit
VariantChangeType
SetErrorInfo

shlwapi

PathAppendA
PathRemoveFileSpecA
StrToIntA
PathFindFileNameA
SHGetValueA
SHSetValueA
PathRemoveExtensionA
PathFileExistsA

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA
WTSQueryUserToken
WTSQuerySessionInformationA

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sddx2g
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ipysms
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmvvrl
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.znhw7t
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nbci5d
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gq1c0w
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed90cfd83a7faec58e88611b1d687717

Headers

DLL Characteristics

File Characteristics

Imports

version

setupapi

advapi32

ws2_32

crypt32

wldap32

normaliz

userenv

kernel32

user32

shell32

ole32

oleaut32

shlwapi

wtsapi32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.sddx2g Size: 9KB - Virtual size: 8KB

.ipysms Size: 2KB - Virtual size: 1KB

.vmvvrl Size: 8KB - Virtual size: 8KB

.znhw7t Size: 1KB - Virtual size: 1KB

.nbci5d Size: 1024B - Virtual size: 812B

.gq1c0w Size: 1024B - Virtual size: 744B

.rdata Size: 269KB - Virtual size: 269KB

.data Size: 8KB - Virtual size: 21KB

.pdata Size: 64KB - Virtual size: 64KB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 8.6MB - Virtual size: 8.6MB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.sddx2g
Size: 9KB - Virtual size: 8KB

.ipysms
Size: 2KB - Virtual size: 1KB

.vmvvrl
Size: 8KB - Virtual size: 8KB

.znhw7t
Size: 1KB - Virtual size: 1KB

.nbci5d
Size: 1024B - Virtual size: 812B

.gq1c0w
Size: 1024B - Virtual size: 744B

.rdata
Size: 269KB - Virtual size: 269KB

.data
Size: 8KB - Virtual size: 21KB

.pdata
Size: 64KB - Virtual size: 64KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 8.6MB - Virtual size: 8.6MB

.reloc
Size: 7KB - Virtual size: 6KB