2024-07-04_ef4e1b5d0906e43520340714b11bddce_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-04_ef4e1b5d0906e43520340714b11bddce_ryuk
Size

1.6MB
MD5

ef4e1b5d0906e43520340714b11bddce
SHA1

82233bee4c13356bb20d4ae7078b7961615186bd
SHA256

5b5d8fbafa5f3248fd5b0acc86e55072190c9e6874041fcb584a075136d9835e
SHA512

326704065de6e6b073845dca7a9a0c880eebfa6ee837ece16661cbd19ac5d890a09a7e966f5e6c36e7d62dbff42916adbc0e9754fa5bd0217b5836d734c50efb
SSDEEP

24576:BLhnQlzH8xE1NySvyVg9N9JMlDlfjRiVuVsWt5MJMs:BLhnQlzH8xEiAegFIDRRAubt5M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-04_ef4e1b5d0906e43520340714b11bddce_ryuk

Files

2024-07-04_ef4e1b5d0906e43520340714b11bddce_ryuk
.exe windows:5 windows x64 arch:x64

11f57a930c6c1c353c2d1d9f9b8cb448

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GoogleUpdateComRegisterShell64_unsigned.pdb

Imports

advapi32

RegCloseKey
RegOverridePredefKey
RegOpenKeyExW

kernel32

FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetFileType
GetACP
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
GetCommandLineW
GetModuleHandleExW
VirtualQuery
GetModuleFileNameW
GetCurrentProcessId
CloseHandle
LocalFree
LoadLibraryW
GetCurrentProcess
SetLastError
GetTickCount
GetEnvironmentVariableW
lstrcmpiW
FreeLibrary
FindClose
TerminateProcess
Sleep
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
GetCurrentThreadId
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
OutputDebugStringW
CreateFileW
WriteFile
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FlushFileBuffers
IsDebuggerPresent
ExitProcess
GetStdHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
GetStartupInfoW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
GetModuleFileNameA

user32

CharLowerBuffW
MessageBoxW
wsprintfW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard

shlwapi

PathStripPathW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAppendW

shell32

CommandLineToArgvW

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.5MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

11f57a930c6c1c353c2d1d9f9b8cb448

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

shlwapi

shell32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 5KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 268B

.reloc Size: 1.5MB - Virtual size: 2.4MB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 5KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 268B

.reloc
Size: 1.5MB - Virtual size: 2.4MB