2024-07-04_ce498373925abf0d8a6d21f92048ff1a_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-04_ce498373925abf0d8a6d21f92048ff1a_ryuk
Size

1.6MB
MD5

ce498373925abf0d8a6d21f92048ff1a
SHA1

0f0324b95b7130fc0e06d7ef1bdf7558b2fb0b7c
SHA256

f2f833b7ef6500f6766dfc7d63ad7281a3ff771a6294d0b90f8aa1abfd49af2a
SHA512

147d95a91af08271c8f2e72a7a91bc7556d93eeeb4d3aad5818ee2abe759190a3e40ec6d95e4789a6388c7b19461c0f4c382891e40d246e256c780f5055a3f93
SSDEEP

24576:BChhQlzH8xE1NySvXCks7WE9F5pwg8zmdqQjC60jiHkU:BChhQlzH8xEiAXCks7R9L58UqFJjskU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-04_ce498373925abf0d8a6d21f92048ff1a_ryuk

Files

2024-07-04_ce498373925abf0d8a6d21f92048ff1a_ryuk
.exe windows:5 windows x64 arch:x64

11f57a930c6c1c353c2d1d9f9b8cb448

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GoogleUpdateComRegisterShell64_unsigned.pdb

Imports

advapi32

RegCloseKey
RegOverridePredefKey
RegOpenKeyExW

kernel32

FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetFileType
GetACP
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
GetCommandLineW
GetModuleHandleExW
VirtualQuery
GetModuleFileNameW
GetCurrentProcessId
CloseHandle
LocalFree
LoadLibraryW
GetCurrentProcess
SetLastError
GetTickCount
GetEnvironmentVariableW
lstrcmpiW
FreeLibrary
FindClose
TerminateProcess
Sleep
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
GetCurrentThreadId
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
OutputDebugStringW
CreateFileW
WriteFile
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FlushFileBuffers
IsDebuggerPresent
ExitProcess
GetStdHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
GetStartupInfoW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
GetModuleFileNameA

user32

CharLowerBuffW
MessageBoxW
wsprintfW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard

shlwapi

PathStripPathW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAppendW

shell32

CommandLineToArgvW

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

11f57a930c6c1c353c2d1d9f9b8cb448

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

shlwapi

shell32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 5KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 268B

.reloc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 5KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 268B

.reloc
Size: 1.5MB - Virtual size: 1.5MB