2024-09-27_2fec0d8ab28ffde78d66f6b6092c7033_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-27_2fec0d8ab28ffde78d66f6b6092c7033_ryuk
Size

15.2MB
MD5

2fec0d8ab28ffde78d66f6b6092c7033
SHA1

3262d4cfc7f2f024ab1bc7ee24b52c93f0ef91ba
SHA256

c80b9c47b7c16f05c154f796dee883d9cb6082a4c1d3a53709b68952a7c81218
SHA512

f76005d8abfb9f1e34bff0cae21dbb505eb0418cb44a134448e8a3adb1dbc5ea8d8d21890a8d46a8d4729dd14b3f2da65edbcdd0ed065827ebe84d19daaf2615
SSDEEP

196608:RpvTPumORBygpH/729ensfb2J/lW1OwIPNJStV++nRNmIOAMtgt8OC+LaNE66CO0:RtTPuNyI+2sfKvwI3AVZBggZpaNEz6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-27_2fec0d8ab28ffde78d66f6b6092c7033_ryuk

Files

2024-09-27_2fec0d8ab28ffde78d66f6b6092c7033_ryuk
.exe windows:6 windows x64 arch:x64

fd68464170df1043cd9a0e27e6fb6a16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

ClientToScreen

kernel32

AcquireSRWLockExclusive
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

shell32

CommandLineToArgvW

ole32

CoCreateInstance

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

advapi32

DeregisterEventSource

gdi32

GetDeviceCaps

imm32

ImmGetContext

ws2_32

WSACleanup

crypt32

CertCloseStore

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 925KB - Virtual size: 925KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pZW
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.c\B
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

._O1
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd68464170df1043cd9a0e27e6fb6a16

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

shell32

ole32

d3d9

d3dx9_43

advapi32

gdi32

imm32

ws2_32

crypt32

bcrypt

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 925KB - Virtual size: 925KB

.data Size: 2.3MB - Virtual size: 2.4MB

.pdata Size: 127KB - Virtual size: 126KB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 12KB - Virtual size: 12KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 500B

.pZW Size: 4.2MB - Virtual size: 4.2MB

.c\B Size: 3KB - Virtual size: 3KB

._O1 Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 30KB - Virtual size: 30KB

.rsrc Size: 103KB - Virtual size: 102KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 925KB - Virtual size: 925KB

.data
Size: 2.3MB - Virtual size: 2.4MB

.pdata
Size: 127KB - Virtual size: 126KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 12KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 500B

.pZW
Size: 4.2MB - Virtual size: 4.2MB

.c\B
Size: 3KB - Virtual size: 3KB

._O1
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 103KB - Virtual size: 102KB