2024-07-04_093d9ad16ebad271510cd433471741e6_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-04_093d9ad16ebad271510cd433471741e6_ryuk
Size

9.4MB
MD5

093d9ad16ebad271510cd433471741e6
SHA1

87a244914080f14ec159c7eb1af2705d334d8460
SHA256

9060b8f0aec96d7b35b6d035be2bd0f3173d800547360d06d630880cb64ff236
SHA512

f829df19c5ad6efe372c7d2823f0a7a71d918ee42abd1136c3d65ccb74c8ec13c27f52726b70f3176788830851589897b0962692b9b5bb19f52e190d2b8f92b8
SSDEEP

98304:87ztwoOCXsexRKddYAFo7Ll+2vhmKtKl76nPJHAsYnpi9BJaEWm9S:GtDxU/TFoA2vhmAI2hHAcIN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-04_093d9ad16ebad271510cd433471741e6_ryuk

Files

2024-07-04_093d9ad16ebad271510cd433471741e6_ryuk
.exe windows:6 windows x64 arch:x64

cf8eab49c0df6dc3e31fc069b8f199e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

gethostbyname
__WSAFDIsSet
socket
sendto
closesocket
setsockopt
send
inet_ntoa
gethostbyaddr
inet_addr
WSACleanup
select
connect
recv
htons
getpeername
bind
WSAStartup
recvfrom
gethostname

crypt32

CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CryptMsgClose
CryptQueryObject
CertFreeCertificateContext
CertGetNameStringW
CertGetNameStringA

ntdll

RtlVirtualUnwind
RtlRemoveVectoredExceptionHandler
RtlAddVectoredExceptionHandler
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwind

kernel32

EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
InterlockedPushEntrySList
InterlockedFlushSList
GetProcessHeap
HeapCreate
HeapAlloc
GetCurrentProcess
GetStartupInfoW
LoadLibraryA
GetProcAddress
GetModuleHandleA
Process32First
Process32Next
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetCPInfo
CreateThread
ExitThread
FindClose
FreeLibraryAndExitThread
SetLastError
GetCurrentThreadId
HeapFree
ReadFile
GetStdHandle
SetFilePointerEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
FlushFileBuffers
WriteFile
GetConsoleCP
GetFileSizeEx
RaiseException
WideCharToMultiByte
GetCommandLineW
GetFullPathNameW
MultiByteToWideChar
SetStdHandle
GetStringTypeW
GetTimeZoneInformation
HeapReAlloc
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetModuleFileNameW
WriteConsoleW
SetEndOfFile
OutputDebugStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
FindFirstFileExW
FindNextFileW
GetCommandLineA
LocalFree
SleepConditionVariableSRW
GetCurrentDirectoryW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
QueryPerformanceCounter
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
FormatMessageA
QueryPerformanceFrequency
Sleep

user32

wsprintfA

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

psapi

GetModuleFileNameExA

powrprof

PowerReadFriendlyName

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wintrust

WinVerifyTrust

Sections

__wibu00
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu01
Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu02
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu03
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu04
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu05
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu06
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

__wibu07
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu08
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

__wibu09
Size: 181KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu0a
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu0b
Size: 804KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu0c
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu0d
Size: 415KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf8eab49c0df6dc3e31fc069b8f199e9

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

ntdll

kernel32

user32

advapi32

psapi

powrprof

version

wintrust

Sections

__wibu00 Size: 84KB - Virtual size: 84KB

__wibu01 Size: 488KB - Virtual size: 488KB

__wibu02 Size: 1024B - Virtual size: 1KB

__wibu03 Size: 1KB - Virtual size: 1KB

__wibu04 Size: 512B - Virtual size: 9B

__wibu05 Size: 512B - Virtual size: 64B

.rsrc Size: 102KB - Virtual size: 102KB

__wibu06 Size: 512B - Virtual size: 416B

__wibu07 Size: 6.3MB - Virtual size: 6.3MB

__wibu08 Size: 1.0MB - Virtual size: 1.0MB

__wibu09 Size: 181KB - Virtual size: 184KB

__wibu0a Size: 6KB - Virtual size: 8KB

__wibu0b Size: 804KB - Virtual size: 836KB

__wibu0c Size: 512B - Virtual size: 4KB

__wibu0d Size: 415KB - Virtual size: 416KB

__wibu00
Size: 84KB - Virtual size: 84KB

__wibu01
Size: 488KB - Virtual size: 488KB

__wibu02
Size: 1024B - Virtual size: 1KB

__wibu03
Size: 1KB - Virtual size: 1KB

__wibu04
Size: 512B - Virtual size: 9B

__wibu05
Size: 512B - Virtual size: 64B

.rsrc
Size: 102KB - Virtual size: 102KB

__wibu06
Size: 512B - Virtual size: 416B

__wibu07
Size: 6.3MB - Virtual size: 6.3MB

__wibu08
Size: 1.0MB - Virtual size: 1.0MB

__wibu09
Size: 181KB - Virtual size: 184KB

__wibu0a
Size: 6KB - Virtual size: 8KB

__wibu0b
Size: 804KB - Virtual size: 836KB

__wibu0c
Size: 512B - Virtual size: 4KB

__wibu0d
Size: 415KB - Virtual size: 416KB