2024-08-28_fe1ef67707d58ce3c77434f5cc31d0af_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-28_fe1ef67707d58ce3c77434f5cc31d0af_ryuk
Size

1.6MB
MD5

fe1ef67707d58ce3c77434f5cc31d0af
SHA1

de54e9dd395e9606b8a50728f80fa546654443b1
SHA256

f19388c66c1cec2607b17ef16c084781170f6be8352a7e9d1d444951e816eeda
SHA512

5eb7f3304bd4f4ee5fb8afa51f4853a8964c2579bc970219f233082551853dc8df08ed1d2c3b0d8fabcc0b6b00b18514b2b21af7c3064fab7ca63e77aa0e4657
SSDEEP

24576:ZPWjI9Ax1dBAlbM+t6MxdHguaCKAGGGC5SYCE7NnmkUv+KzF+yH3:ZPWVnKlbd6EhgNCnrSvN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-28_fe1ef67707d58ce3c77434f5cc31d0af_ryuk

Files

2024-08-28_fe1ef67707d58ce3c77434f5cc31d0af_ryuk
.exe windows:6 windows x64 arch:x64

d664bfa8c09b9a7484a403420ec6cd65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

FCAT_DT_Capture_x64.pdb

Imports

kernel32

GetModuleFileNameA
SetLastError
GetFullPathNameW
GetModuleFileNameW
LocalAlloc
CreateFileW
GetFileAttributesW
GetSystemDirectoryW
GetLastError
CloseHandle
GetProcAddress
LocalFree
VerSetConditionMask
CreateProcessW
GetModuleHandleW
FreeLibrary
VerifyVersionInfoW
LoadLibraryExW
CreateDirectoryW
SetConsoleCtrlHandler
EnterCriticalSection
GetCommandLineW
SetConsoleTitleA
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringA
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
CreateEventW
Sleep
AttachConsole
OutputDebugStringW
SetEvent
QueryPerformanceFrequency
ResetEvent
GetLocalTime
DeleteCriticalSection
GetCurrentProcessId
lstrcmpiW
QueryPerformanceCounter
AllocConsole
HeapFree
SetDefaultDllDirectories
CreateMutexW
WaitForSingleObject
GetCurrentDirectoryA
UnmapViewOfFile
CreateThread
HeapAlloc
CreateFileMappingA
GetProcessHeap
lstrcpyW
OpenFileMappingA
MapViewOfFile
MulDiv
WritePrivateProfileStringW
GetCurrentProcess
GetPrivateProfileIntW
LoadLibraryExA
GetPrivateProfileStringW
WaitForMultipleObjects
OpenProcess
DeleteFileW
MoveFileExW
FormatMessageA
CreateEventA
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualAlloc
GetVersionExW
GetModuleHandleA
GetThreadTimes
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
WideCharToMultiByte
FormatMessageW
GetStringTypeW
TryEnterCriticalSection
DuplicateHandle
GetCurrentThread
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetConsoleCP
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
SetEnvironmentVariableW
RemoveDirectoryW
ExitThread
FreeLibraryAndExitThread
HeapReAlloc
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
PeekConsoleInputA
ReadConsoleW
ReadFile
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetTimeZoneInformation
HeapSize
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority

ole32

CoTaskMemFree

shlwapi

PathFileExistsW

bcrypt

BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptFinishHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptVerifySignature

Sections

.text
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d664bfa8c09b9a7484a403420ec6cd65

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

shlwapi

bcrypt

Sections

.text Size: 643KB - Virtual size: 643KB

.rdata Size: 234KB - Virtual size: 234KB

.data Size: 16KB - Virtual size: 42KB

.pdata Size: 33KB - Virtual size: 32KB

.didat Size: 1024B - Virtual size: 872B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 153KB - Virtual size: 153KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 643KB - Virtual size: 643KB

.rdata
Size: 234KB - Virtual size: 234KB

.data
Size: 16KB - Virtual size: 42KB

.pdata
Size: 33KB - Virtual size: 32KB

.didat
Size: 1024B - Virtual size: 872B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 153KB - Virtual size: 153KB

.reloc
Size: 572KB - Virtual size: 576KB