2024-08-08_77d0e512af82f7a302f76e3340847abc_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-08_77d0e512af82f7a302f76e3340847abc_ryuk
Size

3.2MB
MD5

77d0e512af82f7a302f76e3340847abc
SHA1

900ed822b27d44da2bf663ae2812077a6223b666
SHA256

5d6c932dd327229d1bb242a28ba2fdc91670b8526428da3636a2931bdb5b4822
SHA512

2ec7d583a0a91c209e8ae9c980f16c2613d705312f6c130e678cc087aaa027cfac605c00c32a6f7026563e2978b86a2744782396d5ec9a2014c8772efa0e765e
SSDEEP

49152:mgpA28W5NF+dEVU0Ytz1ojkXwc1cE5OKS2N+51NRagDmg27RnWGj:RpzpfV9EAKBNKNDD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-08_77d0e512af82f7a302f76e3340847abc_ryuk

Files

2024-08-08_77d0e512af82f7a302f76e3340847abc_ryuk
.exe windows:6 windows x64 arch:x64

eaa6039d7eb6e6c5df830272879946da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wa_3rd_party_host_64.pdb

Imports

kernel32

GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
RaiseException
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetTickCount64
SizeofResource
GetModuleHandleExW
GetModuleFileNameW
LocalAlloc
FreeResource
LockResource
LoadResource
FindResourceW
SetErrorMode
LoadLibraryExW
InitializeCriticalSectionEx
Sleep
GetWindowsDirectoryW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetCurrentDirectoryW
FindFirstFileW
FindNextFileW
FindClose
FileTimeToSystemTime
GetFileTime
GetVolumeNameForVolumeMountPointW
GetLogicalDriveStringsW
GetDriveTypeW
DeviceIoControl
GetSystemWindowsDirectoryW
lstrcpyW
GetModuleHandleW
WaitForMultipleObjects
CreateEventW
SetEvent
CreateNamedPipeW
OpenProcess
CreateThread
GetOverlappedResult
ConnectNamedPipe
GetExitCodeProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
DisconnectNamedPipe
CreateDirectoryW
GetCurrentProcess
CreateProcessW
CopyFileW
SetLastError
lstrcpynW
GetLocaleInfoW
TerminateProcess
GetTempFileNameW
ExpandEnvironmentStringsW
GetVersionExW
GetTimeZoneInformation
GetSystemDirectoryW
ReleaseMutex
CreateMutexA
VirtualAlloc
VirtualFree
VirtualQuery
WriteConsoleW
ReadConsoleW
SetStdHandle
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
AreFileApisANSI
InitializeCriticalSection
LeaveCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
EnterCriticalSection
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
DecodePointer
FreeEnvironmentStringsW
FindFirstFileExW
SetEnvironmentVariableW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetACP
IsValidCodePage
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
ExitThread
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
GetModuleHandleA
FreeLibraryAndExitThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
DuplicateHandle
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceFrequency
RtlPcToFileHeader
EncodePointer
QueueUserWorkItem
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetCPInfo
CreateTimerQueue
GetThreadTimes
LoadLibraryExA

user32

PostThreadMessageW
wsprintfW

advapi32

RegQueryValueExW
EqualSid
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
QueryServiceStatus
OpenServiceW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
CloseServiceHandle
OpenSCManagerW
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
AccessCheck
GetFileSecurityW
DuplicateToken
MapGenericMask
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSaveKeyW
OpenProcessToken

ole32

CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoCreateInstance
IIDFromString
CLSIDFromString
CoAddRefServerProcess
CoReleaseServerProcess
OleRun

oleaut32

GetErrorInfo
VariantTimeToSystemTime
VariantClear
SafeArrayCreateVector
SafeArrayCreate
SafeArrayLock
VariantCopy
SafeArrayPutElement
SysAllocString
SysFreeString
SafeArrayGetDim
SysStringLen
SysAllocStringLen
SafeArrayDestroy
VariantInit
SafeArrayGetElement
SafeArrayUnlock

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

StrStrIW

wininet

HttpSendRequestW
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetReadFile
HttpOpenRequestW

Exports

Exports

QHChangeOnAccessScanState
QHEnableOnAccessScan
QHFreeThreatHistoryListA
QHFreeThreatHistoryListW
QHGetAppLanguageA
QHGetAppLanguageW
QHGetDigitalCertSignerA
QHGetDigitalCertSignerW
QHGetEngineVersionA
QHGetEngineVersionW
QHGetExpDate
QHGetLastFullScanTime
QHGetProductInstallDirA
QHGetProductInstallDirW
QHGetSASQHStatus
QHGetSigDatabaseDirA
QHGetSigDatabaseDirW
QHGetSigDatabaseTime
QHGetSigDatabaseVersionA
QHGetSigDatabaseVersionW
QHGetThreatHistoryA
QHGetThreatHistoryW
QHInitUpdate
QHInitiateFileScanA
QHInitiateFileScanW
QHInitiateFolderScanA
QHInitiateFolderScanW
QHInitiateFullScan
QHIsAVInstalled
QHIsFullScanRunning
QHIsLicenseExpired
QHIsOnAccessScanEnabled
QHIsUpdateInProgress
QHOpenScanner

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eaa6039d7eb6e6c5df830272879946da

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

version

shlwapi

wininet

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 640KB - Virtual size: 639KB

.data Size: 39KB - Virtual size: 59KB

.pdata Size: 90KB - Virtual size: 89KB

.didat Size: 512B - Virtual size: 32B

.tls Size: 512B - Virtual size: 9B

.gehcont Size: 512B - Virtual size: 36B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 640KB - Virtual size: 639KB

.data
Size: 39KB - Virtual size: 59KB

.pdata
Size: 90KB - Virtual size: 89KB

.didat
Size: 512B - Virtual size: 32B

.tls
Size: 512B - Virtual size: 9B

.gehcont
Size: 512B - Virtual size: 36B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 576KB - Virtual size: 580KB