2024-09-12_cd784165864d499218878bdca66842bc_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-12_cd784165864d499218878bdca66842bc_ryuk
Size

1.5MB
MD5

cd784165864d499218878bdca66842bc
SHA1

74b44953072f6e0c298318fb97a71f220be31907
SHA256

bfa72f109d57ad641935654e98bdbd8db9764965d8f6aa7783f1cd4fc822a5ff
SHA512

30ae4deb43655d17ed6b3376c5821f85f52832e68ab9be9442f1f43179d2272b91eb18e75460d8ac3463d3a07ce4304ecc08ad85d69402d86088e7b028ac2a3d
SSDEEP

24576:T3oH6mhNF4Xx7AzsqjnhMgeiCl7G0nehbGZpbD:ToHRFEBA3Dmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-12_cd784165864d499218878bdca66842bc_ryuk

Files

2024-09-12_cd784165864d499218878bdca66842bc_ryuk
.exe windows:6 windows x64 arch:x64

6d75a4165c79a384f12ac557b9baac3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Workspace\sgorenbo\9.5_COMMON\SW\Src\Apps\PAVP2\PAVP30\IntelCpHeciSvc\x64\one_core_release\IntelCpHeciSvc.pdb

Imports

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetCommandLineW
SetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ResetEvent
DeleteCriticalSection
WaitForMultipleObjectsEx
SetEvent
InitializeCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
TryEnterCriticalSection
CreateEventW
WaitForSingleObjectEx

api-ms-win-core-processthreads-l1-1-0

CreateThread
ResumeThread
TerminateProcess
TlsSetValue
GetCurrentThreadId
GetStartupInfoW
OpenThreadToken
OpenProcessToken
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
TlsGetValue
ExitProcess
TlsAlloc
TlsFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
SizeofResource
FreeLibrary
GetModuleFileNameW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoTaskMemFree
StringFromGUID2
CoReleaseServerProcess
CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoResumeClassObjects
CoTaskMemRealloc
CoTaskMemAlloc
CoAddRefServerProcess

oleaut32

LoadRegTypeLi
LoadTypeLi
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
VarUI4FromStr
SafeArrayCopy
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
SafeArrayGetVartype
VariantInit
VariantClear
SysFreeString
SysStringLen
SafeArrayCreate

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Get_Device_Interface_ListW
CM_Register_Notification
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-file-l1-1-0

SetFilePointerEx
FindClose
CreateFileW
ReadFile
WriteFile
FindFirstFileExW
FindNextFileW
GetFileType
FlushFileBuffers
SetEndOfFile

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
HeapSize

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
CopySid
GetLengthSid
GetSecurityDescriptorLength
IsValidSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
CreateServiceW
DeleteService
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

user32

PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW

api-ms-win-core-localization-l1-2-0

GetCPInfo
EnumSystemLocalesW
GetUserDefaultLCID
LCMapStringW
IsValidLocale
GetLocaleInfoW
GetOEMCP
IsValidCodePage
GetACP

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleCP
GetConsoleMode
WriteConsoleW

Exports

Exports

MessageBoxW

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d75a4165c79a384f12ac557b9baac3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-synch-l1-2-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-security-sddl-l1-1-0

user32

api-ms-win-core-localization-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-console-l1-1-0

Exports

Exports

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 8KB - Virtual size: 15KB

.pdata Size: 16KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 16KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1.1MB - Virtual size: 1.1MB