2024-08-08_ab81d6da3d9d849779d3b821e02e8b2d_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-08_ab81d6da3d9d849779d3b821e02e8b2d_ryuk
Size

334KB
MD5

ab81d6da3d9d849779d3b821e02e8b2d
SHA1

300d8a257cb7d0f01bd490150aed68147d6c9f56
SHA256

b160407e2ebdfc39745d6479d27a3e6862cf09c0ee9ee8ef9c6e137a62f7d14d
SHA512

436f66a1e2265e44e8bc2a913d477b33fcdad3eb31af325a9bcf300e0fe81782ed40f32130a70926cf22fb2a47b79114358328d649c708acb146a7dfe3e0884b
SSDEEP

6144:0aFIBUosUraXMbXtfvdyACmFQcsgPaQ+aRx+9OnHehv/J7+/F4:0aBwr4MbX9vdyn3csgIaRCB7+/F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-08_ab81d6da3d9d849779d3b821e02e8b2d_ryuk

Files

2024-08-08_ab81d6da3d9d849779d3b821e02e8b2d_ryuk
.exe windows:5 windows x64 arch:x64

c3aa629c1f08807c25021cccab559ad2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcatW
GlobalAlloc
lstrcpyA
GlobalFree
CloseHandle
CreateThread
GlobalLock
lstrcpyW
CreateFileMappingW
MapViewOfFile
GetTickCount
GlobalUnlock
AreFileApisANSI
GetConsoleAliasExesLengthW
GetLogicalDrives
GetOEMCP
GetSystemDefaultLCID
HeapFree
GetCommandLineW
GetCurrentProcess
GetConsoleOutputCP
GetSystemDefaultUILanguage
TerminateProcess
GetUserDefaultLangID
GetSystemTimes
GetConsoleCP
GetThreadLocale
GetUserDefaultUILanguage
CreateMutexW
GetLargePageMinimum
lstrlenA
GetCurrentThreadId
UnregisterApplicationRecoveryCallback
IsSystemResumeAutomatic
GetSystemDefaultLangID
GetACP
GetVersion
CreateEventW
Sleep
GetTickCount64
GetMaximumProcessorGroupCount
GetThreadUILanguage
GetUserDefaultLCID
SetEvent
GetCurrentThread
TlsAlloc
GetSystemDEPPolicy
GetLastError
HeapAlloc
SwitchToThread
IsThreadAFiber
GetCurrentProcessorNumber
GetErrorMode
UnregisterApplicationRestart
SetFileApisToOEM
WTSGetActiveConsoleSessionId
ExitProcess
GetCurrentProcessId
GetProcessHeap
GetConsoleWindow
ConvertFiberToThread
SetFileApisToANSI
GetEnvironmentStringsW
GetConsoleAliasExesLengthA
GetDriveTypeW
IsDebuggerPresent
CreateTimerQueue
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleHandleW
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetEndOfFile
GetConsoleMode
FlushFileBuffers
HeapReAlloc
RaiseException
SetFileAttributesW
ExitThread
UnmapViewOfFile
CreateFileW
WaitForSingleObject
FindClose
SetFilePointer
SetErrorMode
VirtualAlloc
WriteFile
FindNextFileW
HeapSize
GetStringTypeW
SetStdHandle
LCMapStringW
FreeEnvironmentStringsW
GetCommandLineA
GetCPInfo
IsValidCodePage
FindFirstFileExW
VirtualFree
FindFirstFileW
CreateThreadpoolCleanupGroup
ReadFile
GetFileType
GetModuleHandleExW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GetStdHandle
LoadLibraryExW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary

user32

CharUpperW
GetForegroundWindow
CloseClipboard
GetFocus
wsprintfW
GetDesktopWindow

advapi32

RegisterServiceCtrlHandlerW
RegDisablePredefinedCacheEx
CryptAcquireContextW
SetServiceStatus
CryptEncrypt
StartServiceCtrlDispatcherW

shell32

SHGetSpecialFolderPathW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

shlwapi

StrStrW
PathFindFileNameW

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo

rstrtmgr

RmGetList
RmStartSession
RmShutdown
RmEndSession
RmRegisterResources
RmRestart

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3aa629c1f08807c25021cccab559ad2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

mpr

shlwapi

crypt32

rstrtmgr

Sections

.text Size: 214KB - Virtual size: 213KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 3KB - Virtual size: 15KB

.pdata Size: 5KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 160B

.rsrc Size: 66KB - Virtual size: 65KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 214KB - Virtual size: 213KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 15KB

.pdata
Size: 5KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 66KB - Virtual size: 65KB

.reloc
Size: 2KB - Virtual size: 1KB