2024-07-11_b2aa207987df8470b61791835d0f4232_ryuk | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-11_b2aa207987df8470b61791835d0f4232_ryuk
Size

1.5MB
MD5

b2aa207987df8470b61791835d0f4232
SHA1

39203834220086ef771e41007911ce39bda71e3e
SHA256

f44d9469f7c92e8286d3d397e6fcc8e22f5d01b8327d3a5a6b23646537cabf87
SHA512

3cb9758f6440d4360066547d8e7a94452bab75fd4bd7bc4168d9a6670d305b0d505e1cc8ae405cfceb484ec07c1cccb43fb263b829632a3dd54d4eb503c7a797
SSDEEP

24576:btTuRWFsronbEqa6+GG8yKrIMysZgjS1hqgSC/izhfujymk4HM5yJt0:btTToonbXaIHyfRjvQo1uy4Ft0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-11_b2aa207987df8470b61791835d0f4232_ryuk

Files

2024-07-11_b2aa207987df8470b61791835d0f4232_ryuk
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 297B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 68B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ