2024-08-14_6b9d5790d19d73c37eb95713d23c3c26_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-14_6b9d5790d19d73c37eb95713d23c3c26_ryuk
Size

1.5MB
MD5

6b9d5790d19d73c37eb95713d23c3c26
SHA1

41fb9b24b1fb73155f86afeaf6d27c604fd61789
SHA256

ca5a25bbdecdba7046696b74617d615455e81332fbda83eeb9e12a6090913082
SHA512

45304fc7c1b8ca93397ad238b4cd82765818c93c00c56068d33dc5a5a672c6aeca5bd196545d20b3d19185733ae02669a182b8aa56a2b639dd4deb25e603630f
SSDEEP

24576:1dolRus94x4niLJ1nI6UZExNsqjnhMgeiCl7G0nehbGZpbD:1dolRuLx4niLJ+6UZIxDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-14_6b9d5790d19d73c37eb95713d23c3c26_ryuk

Files

2024-08-14_6b9d5790d19d73c37eb95713d23c3c26_ryuk
.exe windows:5 windows x64 arch:x64

f532c9acf6574838784e1cb9197ea379

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GoogleCrashHandler64_unsigned.pdb

Imports

kernel32

GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
GetCurrentThread
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
OutputDebugStringA
CloseHandle
CreateThread
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
LoadLibraryW
SizeofResource
LockResource
LoadResource
FindResourceW
GetCurrentThreadId
LocalFree
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
GetTickCount
WaitForMultipleObjects
WaitForSingleObject
GetExitCodeProcess
DuplicateHandle
ReleaseMutex
GetEnvironmentVariableW
lstrcmpiW
VirtualQuery
GetTempPathW
GetLocalTime
GetPrivateProfileIntW
GetPrivateProfileStringW
Sleep
lstrcmpW
lstrlenW
SetFilePointer
CreateMutexW
GetCurrentProcessId
InitializeCriticalSection
TryEnterCriticalSection
SetEvent
ResetEvent
GetFileAttributesExW
VerifyVersionInfoW
VerSetConditionMask
MoveFileExW
GetFileTime
ReadFile
DeviceIoControl
SetProcessWorkingSetSize
OpenProcess
CreateProcessW
ReadProcessMemory
lstrcpynW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WaitForDebugEvent
GetProcessId
DebugActiveProcessStop
ContinueDebugEvent
GetSystemInfo
GetThreadContext
DebugActiveProcess
VirtualQueryEx
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LeaveCriticalSection
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
ReleaseSemaphore
CreateSemaphoreW
EnterCriticalSection
OutputDebugStringW
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
IsDebuggerPresent
CreateEventW
GetUserDefaultLangID
GetSystemDefaultLangID
GetComputerNameExW
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
UnregisterWait
GetProcessTimes
UnregisterWaitEx
RegisterWaitForSingleObject
VirtualProtect
VirtualAlloc
EncodePointer
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
FindResourceExW
HeapFree

user32

SetClipboardData
EmptyClipboard
OpenClipboard
GetProcessWindowStation
CloseDesktop
CloseClipboard
CharUpperW
PostThreadMessageW
DispatchMessageW
GetMessageW
PeekMessageW
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
CreateWindowStationW
SetProcessWindowStation
CreateDesktopW
GetThreadDesktop
SetThreadDesktop
CloseWindowStation
CharLowerW
wvsprintfW
wsprintfW
MessageBoxW

advapi32

GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetAce
MakeSelfRelativeSD
GetSecurityDescriptorLength
EqualSid
SetNamedSecurityInfoW
ConvertStringSidToSidW
OpenThreadToken
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetSecurityDescriptorSacl
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
SetTokenInformation

ole32

CoCreateGuid
StringFromGUID2

shell32

SHGetFolderPathW

netapi32

NetApiBufferFree
NetWkstaGetInfo

rpcrt4

UuidCreate

shlwapi

PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
PathCanonicalizeW
PathIsRelativeW
SHQueryValueExW
PathAppendW

userenv

UnloadUserProfile

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f532c9acf6574838784e1cb9197ea379

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

netapi32

rpcrt4

shlwapi

userenv

version

Sections

.text Size: 218KB - Virtual size: 218KB

.rdata Size: 95KB - Virtual size: 94KB

.data Size: 4KB - Virtual size: 15KB

.pdata Size: 11KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 276B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 218KB - Virtual size: 218KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 4KB - Virtual size: 15KB

.pdata
Size: 11KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 276B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB