2024-09-27_be127293c1ad870718afdbbcc801b2a4_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-27_be127293c1ad870718afdbbcc801b2a4_ryuk
Size

1.3MB
MD5

be127293c1ad870718afdbbcc801b2a4
SHA1

94d5789b7db5c87a7e92306b5e638f0699c02e44
SHA256

279b9c08e8bd1c62de0d0e66c7746193be15fc798616d574ad41eb54fc517bb3
SHA512

aaa105c900bbabd50493a2c5f38a10ea0c1e3b4002346d13567e17561d58f91b8f99d59665611eb3a0278864ee57cdd364ef1e5e885b434e9304edb35102872a
SSDEEP

24576:pbxi0bdfmEZF+dGODN2jel8vgb5TWW1ilYs+3Yel8Cq2JYPJClCohr9O:G0bdf+oonhs+pjYRcO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-27_be127293c1ad870718afdbbcc801b2a4_ryuk

Files

2024-09-27_be127293c1ad870718afdbbcc801b2a4_ryuk
.exe windows:6 windows x64 arch:x64

4fd2c4a2e9b204629b3c5e8a344eb691

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\build_que\pm-driver-VM5\run\x64\release\ibmpmsvc.pdb

Imports

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
CreateProcessA
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetModuleFileNameA
LoadResource
LockResource
SizeofResource
LocalAlloc
LocalFree
FindResourceA
GetCurrentProcessId
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
SetLastError
ExpandEnvironmentStringsA
GetFileAttributesA
ReadFile
SignalObjectAndWait
GetCurrentProcess
ExitThread
GetExitCodeThread
lstrcpyA
lstrcatA
lstrlenA
GetPrivateProfileIntA
SetSystemPowerState
CreateDirectoryA
WriteConsoleW
HeapDestroy
SetStdHandle
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
WriteFile
DeleteFileA
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
DecodePointer
lstrcmpiA
WaitForMultipleObjects
GetVersionExA
ResumeThread
QueryPerformanceCounter
SuspendThread
TerminateThread
CreateThread
Sleep
OpenEventA
CreateEventA
CreateMutexA
WaitForSingleObject
ResetEvent
SetEvent
DeviceIoControl
CloseHandle
CreateFileA
GetLastError
CreateFileW
SetEndOfFile
ReadConsoleW
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
SetFilePointerEx
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
EncodePointer
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlPcToFileHeader
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
MultiByteToWideChar

user32

ShowWindow
FindWindowA
MessageBoxA
ExitWindowsEx
LoadStringA
SystemParametersInfoA
LoadCursorA
GetParent
SetWindowLongPtrA
SetCursorPos
GetWindowRect
SetForegroundWindow
GetSystemMetrics
KillTimer
SetTimer
SetCapture
SendInput
RegisterPowerSettingNotification
GetDlgItem
EndDialog
DialogBoxParamA
SetWindowPos
SetFocus
CreateWindowExA
RegisterClassA
CallWindowProcA
DefWindowProcA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop
wsprintfA
UnregisterClassA

advapi32

InitializeSecurityDescriptor
RegUnLoadKeyA
RegNotifyChangeKeyValue
RegLoadKeyA
LookupPrivilegeValueA
LookupAccountNameA
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
AdjustTokenPrivileges
OpenProcessToken
QueryServiceStatus
DeleteService
CreateServiceA
SetEntriesInAclA
OpenServiceA
OpenSCManagerA
ControlService
CloseServiceHandle
SetSecurityDescriptorDacl
CreateWellKnownSid
RegOpenKeyExA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerExA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

shell32

SHGetFolderPathA

ole32

CLSIDFromProgID
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
CreateErrorInfo
GetErrorInfo
VariantChangeType
SetErrorInfo

shlwapi

PathFileExistsA

Sections

.text
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4fd2c4a2e9b204629b3c5e8a344eb691

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 546KB - Virtual size: 546KB

.rdata Size: 200KB - Virtual size: 200KB

.data Size: 5KB - Virtual size: 104KB

.pdata Size: 28KB - Virtual size: 27KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: 1024B - Virtual size: 777B

.gfids Size: 1KB - Virtual size: 1KB

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 546KB - Virtual size: 546KB

.rdata
Size: 200KB - Virtual size: 200KB

.data
Size: 5KB - Virtual size: 104KB

.pdata
Size: 28KB - Virtual size: 27KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: 1024B - Virtual size: 777B

.gfids
Size: 1KB - Virtual size: 1KB

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 572KB - Virtual size: 576KB