2024-07-05_21a78b7337008d5d5b6956dfebf677e8_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-05_21a78b7337008d5d5b6956dfebf677e8_ryuk
Size

724KB
MD5

21a78b7337008d5d5b6956dfebf677e8
SHA1

7820138dd800e60857ebf18579c58edfd8b3f0fe
SHA256

ff713242dc395c0cc05de56a93fc0a8868512de47cbf144504252645d082e250
SHA512

aead72248665285dd423d9320bc67bf6052a97809ac73bce3482bfd5fb57e29632ba89caa8c329b29be9487dd86b8b3710254f0a1755d9f0a7faa9303e4b3065
SSDEEP

12288:BqhW5sQlzH8xE1NySoGvXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wlb:BqhRQlzH8xE1NySvvsqjnhMgeiCl7G0Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-05_21a78b7337008d5d5b6956dfebf677e8_ryuk

Files

2024-07-05_21a78b7337008d5d5b6956dfebf677e8_ryuk
.exe windows:5 windows x64 arch:x64

11f57a930c6c1c353c2d1d9f9b8cb448

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GoogleUpdateComRegisterShell64_unsigned.pdb

Imports

advapi32

RegCloseKey
RegOverridePredefKey
RegOpenKeyExW

kernel32

FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetFileType
GetACP
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
GetCommandLineW
GetModuleHandleExW
VirtualQuery
GetModuleFileNameW
GetCurrentProcessId
CloseHandle
LocalFree
LoadLibraryW
GetCurrentProcess
SetLastError
GetTickCount
GetEnvironmentVariableW
lstrcmpiW
FreeLibrary
FindClose
TerminateProcess
Sleep
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
GetCurrentThreadId
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
OutputDebugStringW
CreateFileW
WriteFile
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FlushFileBuffers
IsDebuggerPresent
ExitProcess
GetStdHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
GetStartupInfoW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
GetModuleFileNameA

user32

CharLowerBuffW
MessageBoxW
wsprintfW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard

shlwapi

PathStripPathW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAppendW

shell32

CommandLineToArgvW

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

11f57a930c6c1c353c2d1d9f9b8cb448

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

shlwapi

shell32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 5KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 268B

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 5KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 268B

.reloc
Size: 568KB - Virtual size: 572KB