2024-08-03_a254a1a64794d72a4a9cdf68f81ebedc_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-03_a254a1a64794d72a4a9cdf68f81ebedc_ryuk
Size

1.3MB
MD5

a254a1a64794d72a4a9cdf68f81ebedc
SHA1

016c8fe7e7589920723cf880f9b69f195d63f083
SHA256

f2895fba07186fc4712471eb9c67f378fcbe3966967d6bbc8b7c55c3fa6adef7
SHA512

2ffa0b259b7ecb26ec2d1cfa56501959a1c2423b4f1c53a008fb5ae6884360edb032f06e9799f3222daceec21307deddb2f573ee200341e0984311926dedafbe
SSDEEP

12288:rEl7H6iikciXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:rSH6iik5sqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-03_a254a1a64794d72a4a9cdf68f81ebedc_ryuk

Files

2024-08-03_a254a1a64794d72a4a9cdf68f81ebedc_ryuk
.exe windows:6 windows x64 arch:x64

71a4b876c357de73b65d5710d590824a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\BuildAutomation\USHUpgradeService_int_cs_4.4\sw\int_cs_4.4\host\windows\FirmwareUpgradeProgress\x64\Release\FirmwareUpgradeProgress.pdb

Imports

kernel32

GetStringTypeW
SetStdHandle
WriteConsoleW
LCMapStringW
FreeEnvironmentStringsW
HeapSize
HeapReAlloc
CreateFileW
Sleep
WaitForSingleObject
CreateMutexW
OutputDebugStringA
GetCurrentProcessId
GetCurrentThreadId
ExpandEnvironmentStringsW
GetLocalTime
CloseHandle
CreateEventA
GetProcessHeap
HeapAlloc
GetLastError
HeapFree
FlushFileBuffers
lstrcpyW
SetFilePointerEx
SetEndOfFile
ReadFile
ReadConsoleW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
GetModuleFileNameW
RtlUnwindEx
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
GetFileType
GetConsoleCP
GetConsoleMode
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo

user32

GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
GetSystemMetrics
RegisterClassExW
DispatchMessageW
SetTimer
ShutdownBlockReasonCreate
AdjustWindowRect
TranslateMessage
LoadIconW
LoadCursorW
PostQuitMessage
ShutdownBlockReasonDestroy
UpdateWindow
LoadImageW
BeginPaint
EndPaint

advapi32

SystemFunction036
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce

shell32

Shell_NotifyIconW

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

71a4b876c357de73b65d5710d590824a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1.2MB - Virtual size: 1.8MB