2024-09-21_592d8660d2670bc67e91e1cf2b80d7d0_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-21_592d8660d2670bc67e91e1cf2b80d7d0_ryuk
Size

200KB
MD5

592d8660d2670bc67e91e1cf2b80d7d0
SHA1

b85dcbe81d1f9c7877ed742bebfdd07216358d74
SHA256

abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842f
SHA512

040c2e18fb5b5ccfab1b604e96022c056e2c1a5bba8fbd3a0f6253f7fe9262f206b6e9aa508cc96bffedfd493735e4f274de114abfe36be94ae585f23134d172
SSDEEP

3072:FzOCLlTCrLBExk+bN4ejpMT/JUVWaI9shNI8:ROSTCRExkwOmM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-21_592d8660d2670bc67e91e1cf2b80d7d0_ryuk

Files

2024-09-21_592d8660d2670bc67e91e1cf2b80d7d0_ryuk
.exe windows:5 windows x64 arch:x64

2b7d865741545b39cde4025a2d313392

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetIpNetTable

kernel32

CreateFileW
GetVersionExW
GetModuleHandleA
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
GetCurrentThread
LoadLibraryA
GlobalAlloc
DeleteFileW
Process32FirstW
GlobalFree
CloseHandle
CreateThread
HeapAlloc
GetWindowsDirectoryW
GetProcAddress
VirtualAllocEx
LocalFree
GetProcessHeap
FreeLibrary
CreateRemoteThread
VirtualFreeEx
GetTempPathW
SetFilePointer
GetModuleFileNameW
VirtualAlloc
GetCurrentProcess
GetCommandLineW
VirtualFree
SetLastError
HeapFree
WriteConsoleW
SetFilePointerEx
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
WriteProcessMemory
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
TerminateProcess
GetModuleHandleExW
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
GetACP
LCMapStringW
GetStringTypeW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
UnhandledExceptionFilter

advapi32

SystemFunction036
LookupAccountSidW
OpenThreadToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
ImpersonateSelf
OpenProcessToken
EnumServicesStatusW
GetTokenInformation

shell32

ShellExecuteW
CommandLineToArgvW

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b7d865741545b39cde4025a2d313392

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

kernel32

advapi32

shell32

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 62KB - Virtual size: 2.7MB

.pdata Size: 4KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 168B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 62KB - Virtual size: 2.7MB

.pdata
Size: 4KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 168B

.reloc
Size: 2KB - Virtual size: 1KB