2024-07-04_0e9922d2363ca7585699434c1ce3fda3_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-04_0e9922d2363ca7585699434c1ce3fda3_ryuk
Size

9.2MB
MD5

0e9922d2363ca7585699434c1ce3fda3
SHA1

c8a16770de3f2c4ecc0f939ce54ffe2053b6d92c
SHA256

ec406007ccebc221e76c844d55bd4f2ee500e88b21a3af63d0922a4280794587
SHA512

fc40ddc5a74c96cd4009a42312577f58ebdd2b5c86625bad9340515912112274550f5d708904ebfaacbb4e307bc3cc682874fce3ac8db852ad7d91ed16819312
SSDEEP

98304:0585WosXsexRKddYAFo7Ll+2vhmKtKl76nPJHoEOLeGr2mAVvm:0SWTDxU/TFoA2vhmAI2hHoZimUvm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-04_0e9922d2363ca7585699434c1ce3fda3_ryuk

Files

2024-07-04_0e9922d2363ca7585699434c1ce3fda3_ryuk
.exe windows:6 windows x64 arch:x64

cf8eab49c0df6dc3e31fc069b8f199e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

gethostbyname
__WSAFDIsSet
socket
sendto
closesocket
setsockopt
send
inet_ntoa
gethostbyaddr
inet_addr
WSACleanup
select
connect
recv
htons
getpeername
bind
WSAStartup
recvfrom
gethostname

crypt32

CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CryptMsgClose
CryptQueryObject
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringA

ntdll

RtlVirtualUnwind
RtlRemoveVectoredExceptionHandler
RtlAddVectoredExceptionHandler
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwind

kernel32

EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
InterlockedPushEntrySList
InterlockedFlushSList
GetProcessHeap
HeapCreate
HeapAlloc
GetCurrentProcess
GetStartupInfoW
LoadLibraryA
GetProcAddress
GetModuleHandleA
Process32First
Process32Next
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetCPInfo
CreateThread
ExitThread
FindClose
FreeLibraryAndExitThread
SetLastError
GetCurrentThreadId
HeapFree
ReadFile
GetStdHandle
SetFilePointerEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
FlushFileBuffers
WriteFile
GetConsoleCP
GetFileSizeEx
RaiseException
WideCharToMultiByte
GetCommandLineW
GetFullPathNameW
MultiByteToWideChar
SetStdHandle
GetStringTypeW
GetTimeZoneInformation
HeapReAlloc
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetModuleFileNameW
WriteConsoleW
SetEndOfFile
OutputDebugStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
FindFirstFileExW
FindNextFileW
GetCommandLineA
LocalFree
SleepConditionVariableSRW
GetCurrentDirectoryW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
QueryPerformanceCounter
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
FormatMessageA
QueryPerformanceFrequency
Sleep

user32

wsprintfA

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

psapi

GetModuleFileNameExA

powrprof

PowerReadFriendlyName

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wintrust

WinVerifyTrust

Sections

__wibu00
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu01
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu02
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu03
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu04
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu05
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu06
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

__wibu07
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu08
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

__wibu09
Size: 181KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu0a
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu0b
Size: 804KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu0c
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu0d
Size: 404KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf8eab49c0df6dc3e31fc069b8f199e9

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

ntdll

kernel32

user32

advapi32

psapi

powrprof

version

wintrust

Sections

__wibu00 Size: 121KB - Virtual size: 121KB

__wibu01 Size: 257KB - Virtual size: 257KB

__wibu02 Size: 4KB - Virtual size: 5KB

__wibu03 Size: 7KB - Virtual size: 6KB

__wibu04 Size: 512B - Virtual size: 64B

__wibu05 Size: 512B - Virtual size: 9B

.rsrc Size: 147KB - Virtual size: 147KB

__wibu06 Size: 4KB - Virtual size: 3KB

__wibu07 Size: 6.3MB - Virtual size: 6.3MB

__wibu08 Size: 1.0MB - Virtual size: 1.0MB

__wibu09 Size: 181KB - Virtual size: 184KB

__wibu0a Size: 6KB - Virtual size: 8KB

__wibu0b Size: 804KB - Virtual size: 836KB

__wibu0c Size: 512B - Virtual size: 4KB

__wibu0d Size: 404KB - Virtual size: 408KB

__wibu00
Size: 121KB - Virtual size: 121KB

__wibu01
Size: 257KB - Virtual size: 257KB

__wibu02
Size: 4KB - Virtual size: 5KB

__wibu03
Size: 7KB - Virtual size: 6KB

__wibu04
Size: 512B - Virtual size: 64B

__wibu05
Size: 512B - Virtual size: 9B

.rsrc
Size: 147KB - Virtual size: 147KB

__wibu06
Size: 4KB - Virtual size: 3KB

__wibu07
Size: 6.3MB - Virtual size: 6.3MB

__wibu08
Size: 1.0MB - Virtual size: 1.0MB

__wibu09
Size: 181KB - Virtual size: 184KB

__wibu0a
Size: 6KB - Virtual size: 8KB

__wibu0b
Size: 804KB - Virtual size: 836KB

__wibu0c
Size: 512B - Virtual size: 4KB

__wibu0d
Size: 404KB - Virtual size: 408KB