2024-08-24_d22186bbe1685076bb0e6c625d1eee2f_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-24_d22186bbe1685076bb0e6c625d1eee2f_ryuk
Size

1.2MB
MD5

d22186bbe1685076bb0e6c625d1eee2f
SHA1

6c93461906e4eb30a3838e56c2f00d576b01f46e
SHA256

9cf3748abf5d0b0d3815ee97aa746baec9fc04270ac5bbf1f50c2169b98ad8f9
SHA512

76cc9f78fad41b392fe1fc2871cff5016901172ee5afd21c785238b26f11b043f440e417d219757882456ff65aba95cfb83a8bbbeaa70e8d3fb4d9f0819b5853
SSDEEP

12288:ThYJERECAFwg3yvII+fCowohB74+Xq1gYgR+8DAoczI2ZfnwlQTePINayz+ByInp:ECAFwhII+fw0BdMdIuwe3zfIe7xmvH/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-24_d22186bbe1685076bb0e6c625d1eee2f_ryuk

Files

2024-08-24_d22186bbe1685076bb0e6c625d1eee2f_ryuk
.exe windows:6 windows x64 arch:x64

069e10a3bea579ca9845efcdf9b15c8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dvs\p4\build\sw\devrel\Playpen\yyao\VRBench\VR-FCAT\FVSDK_rel_1_0\Symbols\TestSystemDataCollectors_x64.pdb

Imports

kernel32

ResetEvent
LoadLibraryExA
GetProcAddress
FreeLibrary
DeviceIoControl
LocalAlloc
CloseHandle
GetLastError
LocalFree
GetLogicalProcessorInformationEx
OutputDebugStringW
GetModuleHandleA
GetTickCount64
SetEvent
CreateEventW
WaitForSingleObject
GetCommandLineW
Sleep
CreateFileW
SetConsoleCtrlHandler
SetEndOfFile
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetProcessHeap
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
MultiByteToWideChar
GetStringTypeW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
InitializeCriticalSection
VerSetConditionMask
GetFileAttributesW
GetFullPathNameW
GetSystemDirectoryW
GetModuleFileNameW
LoadLibraryExW
VerifyVersionInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetConsoleCP
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
HeapAlloc
HeapFree
ExitThread
HeapReAlloc
WriteFile
ExitProcess
GetCommandLineA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
PeekConsoleInputA
ReadConsoleW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
ReadFile

advapi32

RegOpenKeyExW
RegQueryValueExW
EventWriteTransfer
EventRegister
EventUnregister
RegCloseKey

shell32

CommandLineToArgvW

pdh

PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCollectQueryData
PdhAddEnglishCounterW
PdhOpenQueryW
PdhCloseQuery

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

069e10a3bea579ca9845efcdf9b15c8a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

pdh

setupapi

Sections

.text Size: 429KB - Virtual size: 428KB

.rdata Size: 162KB - Virtual size: 162KB

.data Size: 16KB - Virtual size: 48KB

.pdata Size: 27KB - Virtual size: 27KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 429KB - Virtual size: 428KB

.rdata
Size: 162KB - Virtual size: 162KB

.data
Size: 16KB - Virtual size: 48KB

.pdata
Size: 27KB - Virtual size: 27KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 572KB - Virtual size: 576KB