2024-08-08_f76db744cff65089582e7ca4f6b5bf8f_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-08_f76db744cff65089582e7ca4f6b5bf8f_ryuk
Size

1.3MB
MD5

f76db744cff65089582e7ca4f6b5bf8f
SHA1

b646c20a1e90568f2f14eace868e361f697d2fad
SHA256

92a5e42f796bf1667bc927e12f0cbc67fc21507d7c41a61924f9b1588582803c
SHA512

6b497f5ae7e47b0e6d9f5d301e1febfc85ea9353c592f3456d9db6e765fa223293d76308955105d78134e553ca03ba1465e80a2adfa7c34ccb909b2b67510617
SSDEEP

24576:BKhTQlzH8xE1NySv1sqjnhMgeiCl7G0nehbGZpbD:BKhTQlzH8xEiApDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-08_f76db744cff65089582e7ca4f6b5bf8f_ryuk

Files

2024-08-08_f76db744cff65089582e7ca4f6b5bf8f_ryuk
.exe windows:5 windows x64 arch:x64

11f57a930c6c1c353c2d1d9f9b8cb448

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GoogleUpdateComRegisterShell64_unsigned.pdb

Imports

advapi32

RegCloseKey
RegOverridePredefKey
RegOpenKeyExW

kernel32

FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetFileType
GetACP
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
GetCommandLineW
GetModuleHandleExW
VirtualQuery
GetModuleFileNameW
GetCurrentProcessId
CloseHandle
LocalFree
LoadLibraryW
GetCurrentProcess
SetLastError
GetTickCount
GetEnvironmentVariableW
lstrcmpiW
FreeLibrary
FindClose
TerminateProcess
Sleep
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
GetCurrentThreadId
OutputDebugStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
OutputDebugStringW
CreateFileW
WriteFile
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FlushFileBuffers
IsDebuggerPresent
ExitProcess
GetStdHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
GetStartupInfoW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
GetModuleFileNameA

user32

CharLowerBuffW
MessageBoxW
wsprintfW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard

shlwapi

PathStripPathW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAppendW

shell32

CommandLineToArgvW

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

11f57a930c6c1c353c2d1d9f9b8cb448

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

shlwapi

shell32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 5KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 268B

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 5KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 268B

.reloc
Size: 1.2MB - Virtual size: 1.8MB