2024-08-12_7d371fad1882639b3b3c31998010cdd7_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-12_7d371fad1882639b3b3c31998010cdd7_ryuk
Size

519KB
MD5

7d371fad1882639b3b3c31998010cdd7
SHA1

3c68b3ef6fe972b979ab6fe25e9c42c9544d20c4
SHA256

59f150ced459fdce3c22e9e340e60f6c64a431756f0c5cb337432bff49d1d505
SHA512

25f1815ec0563033971431622f1c389a9e711d955a0b5aa1e57acf61b41481c2504db67ccab08dc3ec3684c2d00e42ee99e21af98e2570309e80c991ee9fd633
SSDEEP

6144:CiB3quFmYROkCh4SsD8Vsg+ts58jiLGlY4JSJ7jdpVsotf63gszqohvGrILfg8JX:vB3quFmYML45D++ts5GEz7No824

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-12_7d371fad1882639b3b3c31998010cdd7_ryuk

Files

2024-08-12_7d371fad1882639b3b3c31998010cdd7_ryuk
.exe windows:5 windows x64 arch:x64

305104559947db059ae67a44c430c196

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DumpIt.pdb

Imports

netapi32

NetApiBufferFree
NetGetJoinInformation

kernel32

LocalFree
TlsFree
FormatMessageA
HeapFree
GetProcessHeap
GetProcAddress
LoadLibraryW
GetModuleHandleA
GetCurrentProcess
DeviceIoControl
GetSystemTimeAsFileTime
GetModuleFileNameW
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
lstrlenW
FindResourceA
LoadResource
SizeofResource
TlsAlloc
WriteFile
GetSystemWow64DirectoryW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
ReadFile
InitializeCriticalSection
DeleteCriticalSection
CreateDirectoryW
GetFileSize
FlushFileBuffers
GetFileSizeEx
MoveFileW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LeaveCriticalSection
EnterCriticalSection
CreateThread
GetTickCount
GetDiskFreeSpaceExW
GetVolumePathNameW
GlobalMemoryStatusEx
DeleteFileW
WaitForSingleObject
CreateProcessW
CloseHandle
CreateFileW
GetEnvironmentVariableW
GetSystemTime
GetFullPathNameW
GetLocalTime
GetComputerNameW
GetNativeSystemInfo
GetVersionExA
SetFileAttributesW
HeapAlloc
LockResource
EnumSystemLocalesW
GetFileAttributesExW
GetUserDefaultLCID
IsValidLocale
HeapSize
GetACP
GetCommandLineW
GetCommandLineA
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleCP
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsGetValue
TlsSetValue
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
FreeLibrary
LoadLibraryExW
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
ExitProcess
GetModuleHandleExW
GetFileType
HeapReAlloc

advapi32

RegOpenKeyExW
RegCloseKey
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExW
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetUserNameW

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysStringByteLen
SysAllocString

ws2_32

gethostbyname
inet_addr
WSACleanup
WSAStartup
htons

shlwapi

SHDeleteKeyW

winhttp

WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpReceiveResponse

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

305104559947db059ae67a44c430c196

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

kernel32

advapi32

ole32

oleaut32

ws2_32

shlwapi

winhttp

Sections

.text Size: 260KB - Virtual size: 259KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 5KB - Virtual size: 12KB

.pdata Size: 13KB - Virtual size: 13KB

.gfids Size: 1024B - Virtual size: 580B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 92KB - Virtual size: 91KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 260KB - Virtual size: 259KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 13KB - Virtual size: 13KB

.gfids
Size: 1024B - Virtual size: 580B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 92KB - Virtual size: 91KB

.reloc
Size: 3KB - Virtual size: 3KB