2024-07-09_ab600fad8f396acf38dff6df46cbdc60_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-09_ab600fad8f396acf38dff6df46cbdc60_ryuk
Size

1.8MB
MD5

ab600fad8f396acf38dff6df46cbdc60
SHA1

0a46e08406358fe4c39f3b223f9ee4151ae00927
SHA256

c8078d44fc14127f931cf9c4323042febd5ec6d742b1fbc4434efc0a4c14ec9e
SHA512

4eaf48c05c33d34c95e164d81d10a79cec6ec571595d9b621db6601cb57ed386b97802e9bc6719a27f0ae1cadc28c44de85c4655ea7c5a4e5542db68b74abe79
SSDEEP

49152:KAOaCBYTpqzJFbv211uRI5HeHAXx3D6Ocd7p:KA9CBAkJ01fDB3DA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-09_ab600fad8f396acf38dff6df46cbdc60_ryuk

Files

2024-07-09_ab600fad8f396acf38dff6df46cbdc60_ryuk
.exe windows:6 windows x64 arch:x64

77bee3e1c5d63cdeb1e2a33a7b4a427f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

MessageBoxA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

comctl32

ord17

kernel32

GetLastError
GetProcAddress
SearchPathA
VirtualAlloc
VirtualFree
GetModuleFileNameA
LoadLibraryA
FormatMessageA
GetUserDefaultLCID
ExpandEnvironmentStringsA
FreeLibrary
GetFileAttributesA
LoadLibraryExA
GetPrivateProfileStringA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetLastError
GetCurrentThreadId
MultiByteToWideChar
GetACP
HeapAlloc
HeapFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
LCMapStringW
RaiseException
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
ExitProcess
GetModuleHandleExW
GetProcessHeap
WideCharToMultiByte
HeapSize
HeapReAlloc
RtlUnwindEx
CreateFileW
WriteConsoleW
SetFilePointerEx
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
GetStdHandle
WriteFile
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77bee3e1c5d63cdeb1e2a33a7b4a427f

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

comctl32

kernel32

version

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 3KB - Virtual size: 21KB

.pdata Size: 3KB - Virtual size: 3KB

.gfids Size: 512B - Virtual size: 160B

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 21KB

.pdata
Size: 3KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 2KB - Virtual size: 1KB