2024-08-17_b3dbc8dfe3e1a35f9324566e1516bf92_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-17_b3dbc8dfe3e1a35f9324566e1516bf92_ryuk
Size

5.0MB
MD5

b3dbc8dfe3e1a35f9324566e1516bf92
SHA1

f8f18008a5383451df68a837cebde5881d4135ae
SHA256

a7eef54ca80b14972f55e84664b48abe056148c3017d1792eb1ae54f6ea8b7b2
SHA512

697aeaa357832336faf6e7b55e53b71132caa6fb92b1aad3c188e5952b7841090dadec6c8d6e71b43675d454b688d5a489eb744b6179bdeec71b91d52474d738
SSDEEP

98304:YVSYo3TrSEhNlhMeS7BrWM55pcRIWnBz/aBBFMDFF08LTNk:drSUhMeS7BrWM55pcR9nBz/aBBFMDFFn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-17_b3dbc8dfe3e1a35f9324566e1516bf92_ryuk

Files

2024-08-17_b3dbc8dfe3e1a35f9324566e1516bf92_ryuk
.exe windows:6 windows x64 arch:x64

3847500dd649a990db583021e5d6344e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Project\x64\Release\App\FxSound.pdb

Imports

crypt32

CryptProtectData
CryptUnprotectData

kernel32

GetCurrentThread
TerminateThread
QueryPerformanceFrequency
DeleteFileW
CloseHandle
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
GetProcAddress
ReplaceFileW
DeleteCriticalSection
ExitProcess
GetModuleHandleW
FreeLibrary
CopyFileW
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
IsDebuggerPresent
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
LocalFree
CompareStringOrdinal
GlobalSize
LoadLibraryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
WriteConsoleW
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
GetProcessHeap
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStdHandle
HeapReAlloc
HeapFree
HeapAlloc
GetLogicalProcessorInformation
ExitThread
RtlUnwindEx
RaiseException
RtlPcToFileHeader
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetTickCount
GetSystemInfo
GetStartupInfoW
GetExitCodeThread
CreateThread
SetEvent
OutputDebugStringW
GetFileAttributesExW
GetLastError
FormatMessageW
Sleep
CreateEventW
GetLogicalDriveStringsW
DisconnectNamedPipe
GetModuleHandleA
GetSystemDirectoryW
ReleaseMutex
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
GetLocaleInfoW
FindClose
CreateMutexW
GetTempPathW
SetEndOfFile
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
SetThreadPriority
WaitForMultipleObjects
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetModuleHandleExW
WriteFile
GetCurrentProcess
FindNextFileW
EnterCriticalSection
FindFirstFileW
CancelIo
GetVolumeInformationW
TryEnterCriticalSection
ReadFile
SetThreadAffinityMask
CreateDirectoryW
ProcessIdToSessionId
GetCurrentProcessId
GetFileType

user32

UnregisterHotKey
DefWindowProcW
GetKeyboardLayout
VkKeyScanExW
AttachThreadInput
GetWindowThreadProcessId
GetWindowTextW
TranslateMessage
SetFocus
EnumWindows
PeekMessageW
DispatchMessageW
GetFocus
SendMessageTimeoutW
PostMessageW
GetMessageW
ReleaseDC
GetDC
DestroyWindow
BeginPaint
GetCursorPos
SetCursorPos
GetAncestor
InvalidateRect
ReleaseCapture
GetParent
SystemParametersInfoW
EnableMenuItem
GetDesktopWindow
ShowCaret
DrawIconEx
UpdateLayeredWindow
GetClientRect
SetWindowLongW
SetCursor
ToUnicode
SetClipboardData
SetWindowsHookExW
SetCapture
DestroyCaret
LoadCursorW
FindWindowW
LoadIconW
GetClipboardData
BringWindowToTop
SetLayeredWindowAttributes
GetMessageTime
UnhookWindowsHookEx
SetWindowLongPtrW
CreateWindowExW
UnregisterClassW
GetWindowLongPtrW
RegisterClassExW
RegisterHotKey
EndPaint
GetForegroundWindow
TrackMouseEvent
MapWindowPoints
CreateCaret
IsChild
EmptyClipboard
CloseClipboard
CreateIconIndirect
GetMonitorInfoW
GetWindowInfo
DestroyIcon
RedrawWindow
GetCapture
OpenClipboard
GetAsyncKeyState
CallWindowProcW
MoveWindow
RegisterWindowMessageW
SetForegroundWindow
GetWindowLongW
GetSystemMenu
GetMessageExtraInfo
GetUpdateRgn
GetMessagePos
MapVirtualKeyW
FindWindowExW
GetWindowRect
IsWindowVisible
SetWindowPos
MessageBoxW
MonitorFromWindow
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
SendMessageW
CallNextHookEx
EndDialog
SetWindowTextW
MessageBeep
WindowFromPoint
GetWindowPlacement
DestroyCursor
GetKeyboardState
SetCaretPos
GetActiveWindow
ShowWindow
IsWindow

gdi32

CreateFontIndirectW
SetMapMode
RemoveFontMemResourceEx
DeleteObject
GetGlyphOutlineW
SwapBuffers
SaveDC
CreateDIBSection
StretchDIBits
CreateRectRgnIndirect
CreateRectRgn
GetRegionData
GetObjectW
ExcludeClipRect
RestoreDC
CreateBitmap
CombineRgn
AddFontMemResourceEx
SelectObject
GetKerningPairsW
CreateCompatibleDC
EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
DeleteDC
SetMapperFlags
GetGlyphIndicesW
GetOutlineTextMetricsW

advapi32

RegOpenKeyExW
AllocateAndInitializeSid
RegQueryValueExW
CheckTokenMembership
RegCloseKey
RegCreateKeyExW
RegSetValueExW
FreeSid

shell32

Shell_NotifyIconW
Shell_NotifyIconGetRect
SHQueryUserNotificationState
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHParseDisplayName
SHGetKnownFolderPath
SHBrowseForFolderW
ExtractAssociatedIconW
SHGetMalloc
SHCreateShellItem
DragQueryFileW

ole32

DoDragDrop
CoTaskMemFree
CoTaskMemAlloc
RegisterDragDrop
CoInitialize
CoInitializeEx
CoInitializeSecurity
RevokeDragDrop
OleSetContainedObject
OleInitialize
OleCreate
CoCreateGuid
PropVariantClear
OleUninitialize
CoUninitialize
CoCreateInstance

oleaut32

SafeArrayDestroy
SysAllocString
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData

wininet

InternetSetOptionW
InternetReadFile
InternetWriteFile
InternetConnectW
InternetCloseHandle
HttpSendRequestExW
HttpEndRequestW
HttpOpenRequestW
FtpOpenFileW
InternetOpenW
HttpQueryInfoW
InternetSetFilePointer
InternetCrackUrlW

ws2_32

__WSAFDIsSet
accept
bind
getsockopt
setsockopt
ioctlsocket
sendto
freeaddrinfo
htons
htonl
closesocket
recv
inet_ntoa
send
inet_addr
WSAStartup
getaddrinfo
select

shlwapi

PathStripToRootW

winmm

timeKillEvent
timeBeginPeriod
timeGetTime

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmGetContext
ImmNotifyIME

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3847500dd649a990db583021e5d6344e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

ws2_32

shlwapi

winmm

imm32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 71KB - Virtual size: 159KB

.pdata Size: 149KB - Virtual size: 148KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 15KB - Virtual size: 14KB

.gxfg Size: 13KB - Virtual size: 13KB

.gehcont Size: 512B - Virtual size: 36B

.rsrc Size: 619KB - Virtual size: 619KB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 71KB - Virtual size: 159KB

.pdata
Size: 149KB - Virtual size: 148KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 15KB - Virtual size: 14KB

.gxfg
Size: 13KB - Virtual size: 13KB

.gehcont
Size: 512B - Virtual size: 36B

.rsrc
Size: 619KB - Virtual size: 619KB

.reloc
Size: 33KB - Virtual size: 32KB