2024-06-30_a2e5501af01270b25cbc3a72498d22f1_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-30_a2e5501af01270b25cbc3a72498d22f1_ryuk
Size

2.4MB
MD5

a2e5501af01270b25cbc3a72498d22f1
SHA1

902ef73d2f112ddc63692bd53699a6e21c99100a
SHA256

8b1ddecda5447232e4114e579d35337a9c6571779b69efcb3f47ac17ecd30095
SHA512

566f90d6e03742717cf71ed7aea06457baac37a5d275447e9302601e709209dfe79abdc651436dcaa16663d61eba3dc081790b666746123624eb6208a98ceac9
SSDEEP

49152:b9b0ZZy+yucAxIZqSiM71MIcGThgFIDRRAubt5M:xb0ZZyBafUf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-30_a2e5501af01270b25cbc3a72498d22f1_ryuk

Files

2024-06-30_a2e5501af01270b25cbc3a72498d22f1_ryuk
.exe windows:5 windows x64 arch:x64

fb890080847d09e89dffa290990ca00c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\b\c\b\win64_pgo\src\out\Release_x64\setup.exe.pdb

Imports

netapi32

NetGetJoinInformation
NetApiBufferFree

advapi32

RevertToSelf
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
EqualSid
GetAce
GetAclInformation
RegEnumValueA
RegEnumValueW
RegEnumKeyExW
RegLoadKeyW
RegUnLoadKeyW
GetLengthSid
InitializeAcl
AddAce
IsValidSid
InitializeSid
GetNamedSecurityInfoW
CopySid
SetNamedSecurityInfoW
GetSidLengthRequired
GetSidSubAuthority
CreateProcessAsUserW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
GetSidSubAuthorityCount
SystemFunction036
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetFileSecurityW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
ImpersonateNamedPipeClient
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids

kernel32

QueueUserAPC
GetPriorityClass
GetProcAddress
VirtualAllocEx
WTSGetActiveConsoleSessionId
CreateProcessW
GetModuleHandleW
CreateEventW
HeapFree
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
CreateDirectoryW
GetCommandLineW
GetUserDefaultLangID
SetEnvironmentVariableW
GetEnvironmentVariableW
GetFileAttributesW
MultiByteToWideChar
OutputDebugStringW
WideCharToMultiByte
GetTempPathW
LoadLibraryW
FreeLibrary
VirtualProtect
GetModuleFileNameW
DuplicateHandle
OpenProcess
GetExitCodeProcess
HeapSetInformation
ReadFile
GetLongPathNameW
WriteFile
RemoveDirectoryW
CreateFileW
UnmapViewOfFile
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
MoveFileExW
ReplaceFileW
CopyFileW
CreateFileMappingW
MapViewOfFile
MoveFileW
SetHandleInformation
GetStdHandle
AssignProcessToJobObject
GetProcessId
GetCurrentThreadId
Sleep
CreateThread
IsDebuggerPresent
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetSystemInfo
GetProcessTimes
VirtualQueryEx
FileTimeToSystemTime
QueryPerformanceFrequency
WriteProcessMemory
QueryPerformanceCounter
HeapCreate
OutputDebugStringA
GetLocalTime
FormatMessageA
GetTickCount
FindFirstFileExW
FindNextFileW
FindClose
AcquireSRWLockExclusive
SetEvent
ResetEvent
GetVersionExW
GetNativeSystemInfo
VirtualFree
VirtualAlloc
FlushViewOfFile
GetFileSizeEx
SetFileTime
SetEndOfFile
GetFileInformationByHandle
SetFilePointerEx
FlushFileBuffers
GetModuleHandleExW
RegisterWaitForSingleObject
ResumeThread
GetWindowsDirectoryW
SizeofResource
LockResource
LoadResource
FindResourceW
TlsGetValue
VirtualQuery
TlsSetValue
TlsAlloc
TlsFree
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
LoadLibraryExW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CompareStringW
GetShortPathNameW
SetFilePointer
GetDateFormatW
InitOnceExecuteOnce
EnterCriticalSection
LeaveCriticalSection
RtlVirtualUnwind
GetVersion
SleepEx
GetFileType
UnlockFileEx
LockFileEx
Wow64GetThreadContext
SuspendThread
GetThreadContext
ReadProcessMemory
GetSystemDefaultLCID
GetThreadLocale
GetUserDefaultLCID
SetConsoleCtrlHandler
SetProcessShutdownParameters
WaitNamedPipeW
TransactNamedPipe
CreateNamedPipeW
SetNamedPipeHandleState
InitializeCriticalSection
GetUserDefaultUILanguage
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
ReadConsoleW
GetACP
GetConsoleMode
GetConsoleCP
SetStdHandle
ExitProcess
GetFullPathNameW
PeekNamedPipe
GetDriveTypeW
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
EncodePointer
GetStringTypeW
FreeConsole
GetConsoleDisplayMode
AttachConsole
GetCurrentProcess
GetLastError
GetSystemDirectoryW
CloseHandle
ReleaseMutex
TerminateProcess
ExpandEnvironmentStringsW
UnregisterWaitEx
SetPriorityClass
WaitForSingleObject
CreateMutexW
GetSystemTimeAsFileTime
GetCurrentProcessId
ReleaseSRWLockExclusive
LocalFree
GetModuleHandleA
SetLastError
GetFileInformationByHandleEx
DisconnectNamedPipe
ConnectNamedPipe
IsWow64Process
ReleaseSemaphore
CreateSemaphoreW
LoadLibraryExA
SystemTimeToTzSpecificLocalTime

ole32

CoTaskMemFree
CoAllowSetForegroundWindow
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
PropVariantClear

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantInit
VariantClear

psapi

GetPerformanceInfo
GetProcessMemoryInfo

shell32

ShellExecuteW
SHOpenWithDialog
ord680
SHChangeNotify
SHQueryUserNotificationState
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHGetKnownFolderPath

shlwapi

UrlCanonicalizeW
PathMatchSpecW

user32

MonitorFromRect
EqualRect
GetWindowRect
GetWindowThreadProcessId
GetWindowLongW
UnregisterClassW
GetSystemMetrics
TranslateMessage
DispatchMessageW
SendMessageW
CallNextHookEx
UnhookWindowsHookEx
LoadIconW
SetWindowsHookExW
MonitorFromWindow
MoveWindow
SetForegroundWindow
DefWindowProcW
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
GetForegroundWindow
IntersectRect
MessageBoxW
RegisterClassW
GetMessageW
GetMonitorInfoW
PostMessageW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime

ws2_32

ntohl

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

urlmon

CreateURLMonikerEx

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpWriteData
WinHttpOpenRequest
WinHttpReadData
WinHttpOpen
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpSendRequest

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb890080847d09e89dffa290990ca00c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

advapi32

kernel32

ole32

oleaut32

psapi

shell32

shlwapi

user32

version

winmm

ws2_32

userenv

urlmon

wtsapi32

winhttp

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 241KB - Virtual size: 240KB

.data Size: 5KB - Virtual size: 37KB

.pdata Size: 51KB - Virtual size: 51KB

.didat Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 29B

CPADinfo Size: 512B - Virtual size: 48B

.rsrc Size: 311KB - Virtual size: 310KB

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 241KB - Virtual size: 240KB

.data
Size: 5KB - Virtual size: 37KB

.pdata
Size: 51KB - Virtual size: 51KB

.didat
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 29B

CPADinfo
Size: 512B - Virtual size: 48B

.rsrc
Size: 311KB - Virtual size: 310KB

.reloc
Size: 576KB - Virtual size: 580KB