2024-07-05_2f18746df2eb5457d09096d9e022521c_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-05_2f18746df2eb5457d09096d9e022521c_ryuk
Size

375KB
MD5

2f18746df2eb5457d09096d9e022521c
SHA1

0b314bda09d6ab787c3971b30c57b666a0ba55b2
SHA256

677d89e0bf63b8710c44a8b16819e1348bbcb658a7d3c6aadbd8e667ef7bab3a
SHA512

f8e632bc4dbc31f6dd95403365243f41562e57b24a591712250ff73252dfe4b3e9ec7e50b95793fe5290964659cdb31abcfc8a3ec905956ad9020d952e6a8c5c
SSDEEP

6144:0YlJImureyrQgVtgsIsubj+n4/4UXZMx84niL8F+kfoho3A8zt5Lifx+utu7sW:VAmceyrQit7duHVXm84niLjkfo23A8nX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-05_2f18746df2eb5457d09096d9e022521c_ryuk

Files

2024-07-05_2f18746df2eb5457d09096d9e022521c_ryuk
.exe windows:5 windows x64 arch:x64

5a813d6e69e4d2d08a12daec52be8759

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bookingDesktopAppCrashHandler64_unsigned.pdb

Imports

kernel32

GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCurrentThread
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetFileType
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
CreateFileW
CloseHandle
WriteConsoleW
LoadLibraryW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalFree
GetCurrentThreadId
DeleteFileW
RemoveDirectoryW
GetTickCount
WaitForMultipleObjects
WaitForSingleObject
GetExitCodeProcess
DuplicateHandle
ReleaseMutex
GetEnvironmentVariableW
lstrcmpiW
VirtualQuery
GetTempPathW
GetLocalTime
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
Sleep
lstrcmpW
lstrlenW
SetFilePointer
CreateMutexW
CreateEventW
GetCurrentProcessId
TryEnterCriticalSection
SetEvent
ResetEvent
GetFileAttributesExW
VerifyVersionInfoW
VerSetConditionMask
MoveFileExW
GetFileTime
DeviceIoControl
SetProcessWorkingSetSize
OpenProcess
CreateProcessW
ReadProcessMemory
lstrcpynW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateThread
WaitForDebugEvent
GetProcessId
DebugActiveProcessStop
ContinueDebugEvent
GetSystemInfo
GetThreadContext
DebugActiveProcess
VirtualQueryEx
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LeaveCriticalSection
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
ReleaseSemaphore
CreateSemaphoreW
EnterCriticalSection
OutputDebugStringW
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
IsDebuggerPresent
InitializeCriticalSection
GetUserDefaultLangID
GetSystemDefaultLangID
GetComputerNameExW
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
UnregisterWait
GetProcessTimes
UnregisterWaitEx
RegisterWaitForSingleObject
VirtualProtect
VirtualAlloc
EncodePointer
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
CreateDirectoryW
HeapFree

user32

SetClipboardData
EmptyClipboard
OpenClipboard
GetProcessWindowStation
CloseDesktop
CloseClipboard
CharUpperW
DispatchMessageW
GetMessageW
PeekMessageW
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
wvsprintfW
PostThreadMessageW
CreateWindowStationW
SetProcessWindowStation
CreateDesktopW
GetThreadDesktop
SetThreadDesktop
CharLowerW
wsprintfW
MessageBoxW
CloseWindowStation

advapi32

GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetAce
MakeSelfRelativeSD
GetSecurityDescriptorLength
EqualSid
SetNamedSecurityInfoW
ConvertStringSidToSidW
OpenThreadToken
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetSecurityDescriptorSacl
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
SetTokenInformation

ole32

CoCreateGuid
StringFromGUID2

shell32

SHGetFolderPathW

netapi32

NetWkstaGetInfo
NetApiBufferFree

rpcrt4

UuidCreate

shlwapi

PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
PathCanonicalizeW
PathIsRelativeW
SHQueryValueExW
PathAppendW

userenv

UnloadUserProfile

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a813d6e69e4d2d08a12daec52be8759

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

netapi32

rpcrt4

shlwapi

userenv

version

Sections

.text Size: 221KB - Virtual size: 220KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 5KB - Virtual size: 16KB

.pdata Size: 11KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 288B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 31KB - Virtual size: 32KB

.text
Size: 221KB - Virtual size: 220KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 5KB - Virtual size: 16KB

.pdata
Size: 11KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 288B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 31KB - Virtual size: 32KB