2024-07-10_4ff81f4acb109088f300c136e6dc4aea_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-10_4ff81f4acb109088f300c136e6dc4aea_ryuk
Size

2.3MB
MD5

4ff81f4acb109088f300c136e6dc4aea
SHA1

9e9de20e10dc92b899def15dc180db04cfe9878b
SHA256

eebe86fab0c62a68677d181c37c9189ea2869a8b471333a00dccb0cbffad9315
SHA512

8d8c49501bdf99ea9965b2dbabe58b57c9cac1d227a83e7821ef9ef3d222a1ccd04b4f5c10fdc62d74189c02bb64d4952ec8c8b122943444308cf8c4f9bd8b2f
SSDEEP

24576:sDQiKfSBOoJcULkJhLRZjGzzEJ2lc6hPTpyPRN/F7:s7WULkJz9izEb69TOj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-10_4ff81f4acb109088f300c136e6dc4aea_ryuk

Files

2024-07-10_4ff81f4acb109088f300c136e6dc4aea_ryuk
.exe windows:6 windows x64 arch:x64

452441a319fdf8dfba4a313b87ef2fba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\MUEmu\12.0.1.0\zMuServer\1._DataServer\IGC.DataServer.pdb

Imports

odbc32

ord12
ord48
ord19
ord49
ord72
ord24
ord4
ord26
ord8
ord9
ord11
ord13
ord31
ord16
ord43
ord36
ord18
ord20
ord75
ord41
ord39

kernel32

GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetConsoleCtrlHandler
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateFileA
CloseHandle
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryA
GetTickCount
lstrcmpA
lstrlenA
CreateDirectoryA
TerminateThread
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateIoCompletionPort
GetQueuedCompletionStatus
GetOEMCP
Sleep
CreateThread
SetThreadPriority
GetSystemInfo
ExitProcess
lstrcpyA
lstrcmpiA
GetFileSize
WaitForSingleObject
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
GetConsoleOutputCP
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetCurrentThread
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
HeapReAlloc
ReadFile
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
OutputDebugStringW
SetStdHandle
CreateFileW
WriteConsoleW
HeapSize
SetEndOfFile
PostQueuedCompletionStatus
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
FormatMessageW
EncodePointer
DecodePointer
SetLastError

user32

MessageBoxA
GetClientRect
SetWindowTextA
FillRect
GetDC
UpdateWindow
TranslateAcceleratorA
LoadAcceleratorsA
SetTimer
GetDlgItemTextA
EndDialog
DialogBoxParamA
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassExA
PostQuitMessage
DefWindowProcA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadStringA
wsprintfA
LoadCursorA
LoadIconA
ReleaseDC

gdi32

DeleteObject
CreateFontA
TextOutA
SetTextColor
SetBkMode
SelectObject
CreateSolidBrush
GetStockObject

comctl32

InitCommonControlsEx
ord17

ws2_32

bind
closesocket
htonl
htons
inet_ntoa
listen
WSAStartup
WSAGetLastError
WSAAccept
WSARecv
WSASend
WSASocketA
gethostbyname
inet_pton
inet_addr
recvfrom
WSASendTo

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 727KB - Virtual size: 727KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

452441a319fdf8dfba4a313b87ef2fba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

odbc32

kernel32

user32

gdi32

comctl32

ws2_32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 281KB - Virtual size: 281KB

.data Size: 9KB - Virtual size: 9.9MB

.pdata Size: 55KB - Virtual size: 55KB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.gehcont Size: 512B - Virtual size: 32B

.rsrc Size: 727KB - Virtual size: 727KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 281KB - Virtual size: 281KB

.data
Size: 9KB - Virtual size: 9.9MB

.pdata
Size: 55KB - Virtual size: 55KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.gehcont
Size: 512B - Virtual size: 32B

.rsrc
Size: 727KB - Virtual size: 727KB

.reloc
Size: 5KB - Virtual size: 4KB