2024-07-03_aef2e19e4c51a0167888fea7f9e06b29_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-03_aef2e19e4c51a0167888fea7f9e06b29_ryuk
Size

2.6MB
MD5

aef2e19e4c51a0167888fea7f9e06b29
SHA1

33eeda6a7afa1850ecf257b7bf2908b6ddc560bb
SHA256

e0dd1d8da3af51763c580eeb11d7d9676edb0b679dea4cfa122e256368c038f8
SHA512

b8aca3ff50ad12fd9a62914f1738a83a22d36e6060cb3bd9248e895abce8fd93ef75c3704e5b67e4225b9ecbedd6821e3ba7e776a649e2707ba6e54a8c929f5c
SSDEEP

49152:6b2PWsZakRRcvUuZPfrAuux+0iwIks5sckCjD0xvrw+0eeLzA:+2+EcJhAp+H5sdCn0ZCfLU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-03_aef2e19e4c51a0167888fea7f9e06b29_ryuk

Files

2024-07-03_aef2e19e4c51a0167888fea7f9e06b29_ryuk
.exe windows:6 windows x64 arch:x64

db9e963dfc8c70b493824f8b4bec0756

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

MessageBoxA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

comctl32

ord17

kernel32

InterlockedFlushSList
GetLocaleInfoW
GetLastError
GetProcAddress
SearchPathA
VirtualAlloc
VirtualFree
GetModuleFileNameA
LoadLibraryA
FormatMessageA
GetUserDefaultLCID
GetModuleHandleA
ExpandEnvironmentStringsA
FreeLibrary
GetFileAttributesA
LoadLibraryExA
GetPrivateProfileStringA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetLastError
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
GetACP
HeapAlloc
HeapFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
RaiseException
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
GetProcessHeap
WideCharToMultiByte
HeapSize
HeapReAlloc
RtlUnwindEx
InterlockedPushEntrySList
CreateFileW
WriteConsoleW
SetFilePointerEx
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
GetStdHandle
WriteFile
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
CloseHandle
WaitForSingleObjectEx
CreateThread
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db9e963dfc8c70b493824f8b4bec0756

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

comctl32

kernel32

version

Sections

.text Size: 275KB - Virtual size: 275KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 3KB - Virtual size: 23KB

.pdata Size: 16KB - Virtual size: 16KB

.gfids Size: 512B - Virtual size: 360B

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 275KB - Virtual size: 275KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 3KB - Virtual size: 23KB

.pdata
Size: 16KB - Virtual size: 16KB

.gfids
Size: 512B - Virtual size: 360B

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 2KB - Virtual size: 2KB