2024-08-06_8598e33ceb84ea2533c9116144ece6c5_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-06_8598e33ceb84ea2533c9116144ece6c5_ryuk
Size

11.6MB
MD5

8598e33ceb84ea2533c9116144ece6c5
SHA1

559b26f16723bbf9d146e38bc43cf151e805210f
SHA256

9598149df875bac0fb0241599bdc2b9e0f4590419e96e2f32f8a662ed955cbb5
SHA512

7eb66eb67a003beb0bf654c6f94332153b17a5ce1422a7bd86a2ac55a83d2cc9189d7da1668154236698b192360b746980d18e3714828ec595bc0808bf59bc53
SSDEEP

98304:zvs+unvN/dwttLeFH63o80NiCamjysJo2iP/wYCM777I:Tunvktt8ax0raaysS2iP/wUw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-06_8598e33ceb84ea2533c9116144ece6c5_ryuk

Files

2024-08-06_8598e33ceb84ea2533c9116144ece6c5_ryuk
.exe windows:6 windows x64 arch:x64

11ce4131c37c45ced2a5e6e5984ee790

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\kuin_git\develop\Kuin\src\output\x64\Release\knobj_maker.pdb

Imports

kernel32

WideCharToMultiByte
HeapAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetLocalTime
SetCurrentDirectoryW
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetTempPathW
GetModuleFileNameA
GetSystemTime
CloseHandle
WaitForSingleObjectEx
CreateThread
SetThreadPriority
GetThreadPriority
TerminateThread
GetExitCodeThread
SuspendThread
ResumeThread
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventA
CreateSemaphoreA
GetVersionExA
CreateMutexA
QueryPerformanceFrequency
Sleep
ReleaseMutex
WaitForSingleObject
FindFirstFileA
FindNextFileA
LoadLibraryExA
GetFileInformationByHandle
SetEndOfFile
SetFilePointer
GetLastError
CreateFileW
GetFullPathNameW
GlobalAlloc
LocalFree
FormatMessageW
GetStdHandle
RaiseException
DuplicateHandle
CreatePipe
GetCurrentProcess
CreateProcessA
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryExW
WriteFile
ExitProcess
TerminateProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
GetFullPathNameA
DeleteFileW
GetDriveTypeW
SetEnvironmentVariableA
SetEnvironmentVariableW
CreateDirectoryW
GetFileAttributesExW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
MoveFileExW
SetFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
SetStdHandle
SetFilePointerEx
FlushFileBuffers
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
HeapSize
HeapReAlloc
MultiByteToWideChar
GetModuleFileNameW
ReadFile
HeapFree

shlwapi

PathFileExistsA

advapi32

RegOpenKeyExA
RegConnectRegistryA
RegCloseKey
RegQueryValueExW
GetUserNameA
LookupAccountSidA
GetNamedSecurityInfoA
SystemFunction036

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11ce4131c37c45ced2a5e6e5984ee790

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

advapi32

Sections

.text Size: 7.1MB - Virtual size: 7.1MB

.rdata Size: 2.9MB - Virtual size: 2.9MB

.data Size: 1.2MB - Virtual size: 1.3MB

.pdata Size: 310KB - Virtual size: 310KB

.gfids Size: 512B - Virtual size: 396B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 75KB - Virtual size: 75KB

.text
Size: 7.1MB - Virtual size: 7.1MB

.rdata
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 1.2MB - Virtual size: 1.3MB

.pdata
Size: 310KB - Virtual size: 310KB

.gfids
Size: 512B - Virtual size: 396B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 75KB - Virtual size: 75KB