2024-08-08_2713810691adf7c4169900c8d39ce9d2_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-08_2713810691adf7c4169900c8d39ce9d2_ryuk
Size

1.9MB
MD5

2713810691adf7c4169900c8d39ce9d2
SHA1

61852d545f02a6bf0278cd2f3905c01f9ce334a9
SHA256

2f799f76a7547f465a62e81e336c7fa99ea8dd97b03ecf9187fb9cdf59eac42a
SHA512

070aaafeea68961f8e3c80f9a521b3da0aeba29803c4dc6ad514fcdd6f2a7280470f7c143b874a573ceb9003b0987108f0a3b19f1e51be9aab381dd79c988c1d
SSDEEP

24576:t2HOE2lVvByegsqjnhMgeiCl7G0nehbGZpbD:3vvByFDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-08_2713810691adf7c4169900c8d39ce9d2_ryuk

Files

2024-08-08_2713810691adf7c4169900c8d39ce9d2_ryuk
.exe windows:5 windows x64 arch:x64

5a1964b6f93c3941042d4edfe80688cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\jnks\workspace\K34_Production_Build\build5248\SxS\src\x64\Release\RemovePreinstalledDrivers.pdb

Imports

shlwapi

PathFindFileNameW
PathIsFileSpecW
PathRemoveFileSpecW
PathFindExtensionW

psapi

EnumProcesses
GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW

difxapi

DriverPackageInstallW
DriverPackageGetPathW
SetDifxLogCallbackW
DriverPackageUninstallW

kernel32

GetModuleFileNameW
GetCurrentProcessId
QueryPerformanceFrequency
ExpandEnvironmentStringsW
InitializeCriticalSection
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
CreateFileW
Sleep
SetFilePointer
WriteFile
CloseHandle
OutputDebugStringW
GetCurrentThreadId
OpenProcess
GetFileAttributesExW
GetCommandLineW
GetTempFileNameW
GetLongPathNameW
SearchPathW
FormatMessageW
LocalFree
CreateMutexW
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
SetFileAttributesW
DeleteFileW
WideCharToMultiByte
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStringA
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetLastError
CompareStringW
FreeLibrary
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetTimeZoneInformation
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
FindFirstFileExW
MoveFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
CreateThread
SetStdHandle
ReadConsoleW
WriteConsoleW
HeapSize
GetProcAddress
LoadLibraryW
QueryPerformanceCounter
LCMapStringW
SetLastError
CreateNamedPipeW
WaitNamedPipeW
GetComputerNameExW
CopyFileW
GetDiskFreeSpaceExW
GetCurrentDirectoryW
GetVersionExW
VerifyVersionInfoW
GetModuleHandleW
FreeLibraryAndExitThread
SetCurrentDirectoryW
GetTempPathW
GetSystemDirectoryW
FindResourceExW
FindResourceW
GetEnvironmentVariableW
ExitThread
GetSystemDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalMemoryStatusEx
LocalAlloc
GetShortPathNameW
GetExitCodeProcess
TerminateThread
GetExitCodeThread
TryEnterCriticalSection
WaitForMultipleObjects
LoadResource
SizeofResource
GetFileSizeEx
DeviceIoControl
GetFileTime
GetSystemTime
GetLocalTime
CreatePipe
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
FlushViewOfFile
OpenMutexW
OpenEventW
OpenFileMappingW
CreateProcessW
ProcessIdToSessionId

user32

GetAsyncKeyState
MsgWaitForMultipleObjectsEx
OpenDesktopW
SetThreadDesktop
CloseDesktop
GetThreadDesktop
OpenWindowStationW
CloseWindowStation
SetProcessWindowStation
GetProcessWindowStation
RegisterWindowMessageW
GetMessageW
PeekMessageW
WaitForInputIdle
SendMessageCallbackW
GetKeyState
MsgWaitForMultipleObjects
SetTimer
GetSystemMetrics
AllowSetForegroundWindow
LoadIconW
DestroyIcon
SystemParametersInfoW
ExitWindowsEx

advapi32

OpenProcessToken
RegDeleteKeyW
RegDeleteValueW
GetUserNameW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
CheckTokenMembership

shell32

CommandLineToArgvW
ShellExecuteW
ExtractIconW
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromString

oleaut32

SysFreeString
SysAllocString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a1964b6f93c3941042d4edfe80688cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

psapi

difxapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

secur32

Sections

.text Size: 236KB - Virtual size: 236KB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 6KB - Virtual size: 17KB

.pdata Size: 13KB - Virtual size: 13KB

.gfids Size: 1024B - Virtual size: 760B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 236KB - Virtual size: 236KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 6KB - Virtual size: 17KB

.pdata
Size: 13KB - Virtual size: 13KB

.gfids
Size: 1024B - Virtual size: 760B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 1.5MB - Virtual size: 1.5MB