2024-08-08_c2baa303ac91b978af3edc88e339764b_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-08_c2baa303ac91b978af3edc88e339764b_ryuk
Size

1.5MB
MD5

c2baa303ac91b978af3edc88e339764b
SHA1

861dbe8a0e64fcabdd04cd9e8fa29a4436c12084
SHA256

d573ad989a6ae2d0c88c2f821bf4becc49b1c4b463de9be76d185dda0f122f26
SHA512

d6c9880988fa4f3bfd09d78aadbe3e57e804d617aaafc211903ae6f5092c951f64242e2378bfdaaeb6c14c8d0cbbdbc02d6efebcd7410f5dddad3918cb65ea0f
SSDEEP

49152:lqLc6YkVulpl1wm+wqiELtiqsey2gtbs:lGRsA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-08_c2baa303ac91b978af3edc88e339764b_ryuk

Files

2024-08-08_c2baa303ac91b978af3edc88e339764b_ryuk
.exe windows:5 windows x64 arch:x64

7ed02583344ee6f26ef2d4366f8c1027

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\b\c\b\win_x64_archive\src\out\Release_x64\setup.exe.pdb

Imports

advapi32

ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
EqualSid
GetAce
GetAclInformation
RegEnumValueA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyExW
RegEnumValueW
AddAce
CopySid
GetLengthSid
GetSidLengthRequired
GetSidSubAuthority
InitializeAcl
InitializeSid
IsValidSid
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegLoadKeyW
RegUnLoadKeyW
CreateProcessAsUserW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
GetSidSubAuthorityCount
SystemFunction036
GetUserNameW
GetFileSecurityW
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RevertToSelf
ImpersonateNamedPipeClient
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
TraceEvent

dbghelp

SymSetOptions
SymGetLineFromAddr64
SymInitialize
SymGetSearchPathW
SymSetSearchPathW
SymFromAddr

kernel32

TerminateProcess
ResumeThread
CreateProcessW
SetPriorityClass
GetPriorityClass
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
GetProcAddress
DecodePointer
RaiseException
HeapDestroy
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
LoadLibraryW
GetCurrentProcessId
RtlAddFunctionTable
RtlDeleteFunctionTable
CreateRemoteThread
VirtualProtect
GetModuleFileNameW
GetCurrentDirectoryW
CreateFileW
DeleteFileW
WriteFile
OutputDebugStringA
GetTickCount
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
IsDebuggerPresent
DuplicateHandle
CreateThread
GetCurrentThreadId
GetCommandLineW
GetUserDefaultLangID
SetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetLongPathNameW
GetTempFileNameW
ReadFile
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
GetProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetExitCodeProcess
GetStdHandle
SetHandleInformation
CreatePipe
AssignProcessToJobObject
HeapSetInformation
GetProcessTimes
GetSystemInfo
VirtualQueryEx
GetNativeSystemInfo
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
VirtualAlloc
VirtualFree
SetEvent
ResetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetModuleHandleExW
LoadResource
LockResource
SizeofResource
FindResourceW
FlushFileBuffers
GetFileInformationByHandle
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
SetFileTime
QueueUserAPC
UnregisterWaitEx
RegisterWaitForSingleObject
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
VirtualQuery
GetWindowsDirectoryW
GetShortPathNameW
CompareStringW
GetDateFormatW
SetFilePointer
WTSGetActiveConsoleSessionId
LoadLibraryExW
RtlVirtualUnwind
InitOnceExecuteOnce
LockFileEx
UnlockFileEx
GetFileType
SleepEx
GetVersion
InitializeCriticalSection
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
SuspendThread
GetThreadContext
Wow64GetThreadContext
GetThreadLocale
GetSystemDefaultLCID
GetUserDefaultLCID
SetProcessShutdownParameters
GetUserDefaultUILanguage
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
WriteConsoleW
EnumSystemLocalesW
IsValidLocale
ReadConsoleW
GetACP
ExitProcess
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
PeekNamedPipe
GetDriveTypeW
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
EncodePointer
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetSystemDirectoryW
CreateMutexW
ReleaseMutex
CloseHandle
GetSystemTimeAsFileTime
LocalFree
GetModuleHandleA
HeapSize
HeapFree
ExpandEnvironmentStringsW
CreateEventW
GetCurrentProcess
HeapReAlloc
HeapAlloc
OpenProcess
WaitForSingleObject
SetLastError
GetLastError
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
ReleaseSemaphore
CreateSemaphoreW
LoadLibraryExA
GetVersionExW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoAllowSetForegroundWindow

oleaut32

SysStringLen
VariantInit
VariantClear
SysFreeString
SysAllocString

psapi

GetProcessMemoryInfo

shell32

ord680
SHChangeNotify
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
SHGetKnownFolderPath
SHOpenWithDialog
ShellExecuteW

shlwapi

UrlCanonicalizeW

user32

MoveWindow
DestroyWindow
CreateWindowExW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowLongPtrW
GetWindowLongPtrW
SendMessageW
SetForegroundWindow
GetWindowThreadProcessId
FindWindowW
IsWindow
SendMessageTimeoutW
MessageBoxW
MonitorFromWindow
GetMonitorInfoW
SetWindowsHookExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime

ws2_32

ntohl

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

urlmon

CreateURLMonikerEx

wtsapi32

WTSQueryUserToken

rpcrt4

UuidCreate

winhttp

WinHttpConnect
WinHttpReadData
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpCrackUrl
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpSetTimeouts

Exports

Exports

ClearCrashKeyValueImpl
CrashForException
DumpProcessWithoutCrash
GetHandleVerifier
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
RegisterNonABICompliantCodeRange
RequestSingleCrashUploadImpl
SetCrashKeyValueImpl
SetUploadConsentImpl
UnregisterNonABICompliantCodeRange

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ed02583344ee6f26ef2d4366f8c1027

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

dbghelp

kernel32

ole32

oleaut32

psapi

shell32

shlwapi

user32

version

winmm

ws2_32

userenv

urlmon

wtsapi32

rpcrt4

winhttp

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 203KB - Virtual size: 202KB

.data Size: 5KB - Virtual size: 27KB

.pdata Size: 51KB - Virtual size: 51KB

CPADinfo Size: 512B - Virtual size: 48B

.gfids Size: 1024B - Virtual size: 756B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 196KB - Virtual size: 195KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 203KB - Virtual size: 202KB

.data
Size: 5KB - Virtual size: 27KB

.pdata
Size: 51KB - Virtual size: 51KB

CPADinfo
Size: 512B - Virtual size: 48B

.gfids
Size: 1024B - Virtual size: 756B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 196KB - Virtual size: 195KB

.reloc
Size: 7KB - Virtual size: 6KB