2024-09-09_ef79999ca1220b7c9bf985d3dfbcc769_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-09_ef79999ca1220b7c9bf985d3dfbcc769_ryuk
Size

702KB
MD5

ef79999ca1220b7c9bf985d3dfbcc769
SHA1

17727f784bf2c10553e1d6cf5794e89e2cfdd25e
SHA256

d5ed30f382c4543dce9697290eadd1ca838ff20299d375eb1bdf5b237f81a46e
SHA512

b71f0b4eb177f73576c9996d4225b28750cd0fc8dc9c1561944a2e2841e3e404cf85d7f7c4fe7c51dc5eac94d26c4c84558fa0d751d67e30fbc03fc1504e0107
SSDEEP

6144:/hbC9NCqUq4kXJyTX/32cHQ1OexxEN+xmdlYQ9AIwJPA1XnXhIvLpljq+LX1gggi:5+jvUq4kXJyjOoWcHo6nRIVZr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-09_ef79999ca1220b7c9bf985d3dfbcc769_ryuk

Files

2024-09-09_ef79999ca1220b7c9bf985d3dfbcc769_ryuk
.exe windows:6 windows x64 arch:x64

4984425d0f32e593847d7ee827d2961d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\workspace\StellarPlayer_Windows_Release\app\miniblink\x64\Release\Miniblink.pdb

Imports

kernel32

GlobalFree
CloseHandle
LoadLibraryW
LoadResource
FindResourceW
GetProcAddress
GlobalLock
GetModuleHandleW
WideCharToMultiByte
ReadFile
SetLastError
WriteFile
CreateFileW
GetCurrentThreadId
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GlobalAlloc
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
SetEvent
CreateTimerQueue
WriteConsoleW
HeapSize
FlushFileBuffers
GetConsoleCP
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetStringTypeW
ReadConsoleW
LockResource
GetLastError
Sleep
MultiByteToWideChar
GetFileAttributesW
CreateMutexA
GetModuleFileNameW
OutputDebugStringA
SizeofResource
GetProcessAffinityMask
GetConsoleMode
SetFilePointerEx
LCMapStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
GetCommandLineA
GetCommandLineW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
HeapAlloc
HeapFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetFileType
DecodePointer

user32

EnumDisplayMonitors
GetMonitorInfoW
GetWindowLongW
GetWindowThreadProcessId
FindWindowExW
GetWindowRect
GetFocus
GetDC
GetPropW
SetWindowLongPtrW
CreateWindowExW
ScreenToClient
SendMessageW
RemovePropW
SetWindowTextW
ShowWindow
SetTimer
RegisterClassW
MessageBoxA
MoveWindow
IntersectRect
SetFocus
SetPropW
SetCapture
GetClientRect
UpdateLayeredWindow
ReleaseCapture
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
DefWindowProcW

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
SetBitmapBits
GetObjectW
DeleteObject
GetCurrentObject

shell32

ShellExecuteA

Sections

.text
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4984425d0f32e593847d7ee827d2961d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

Sections

.text Size: 405KB - Virtual size: 405KB

.rdata Size: 131KB - Virtual size: 131KB

.data Size: 10KB - Virtual size: 18KB

.pdata Size: 22KB - Virtual size: 21KB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 41B

_RDATA Size: 32KB - Virtual size: 31KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 405KB - Virtual size: 405KB

.rdata
Size: 131KB - Virtual size: 131KB

.data
Size: 10KB - Virtual size: 18KB

.pdata
Size: 22KB - Virtual size: 21KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 41B

_RDATA
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 3KB - Virtual size: 3KB