2024-10-01_d763001fa21382246df29f0ee0f1a16b_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-01_d763001fa21382246df29f0ee0f1a16b_ryuk
Size

1.6MB
MD5

d763001fa21382246df29f0ee0f1a16b
SHA1

b85d9096bfaa4659efdfa18c7dab04c1db298172
SHA256

32bf0acf088204d6c3622ca2e483e55291a56fafad45a0e5883e308badd0e9c4
SHA512

317b53538f9eeb6b9b06a3ad409d81ea4b8f7cbf2017b66ef5a62d233e4794ce9317fed096564e7a8c11952220922b5f0e5f8c76e64e6eb5a02ab62aedc79cd9
SSDEEP

24576:epr0GOI8lf/js0w484XxNdZjHhQ6giafmvJW5:xGN8lf/jsR4FBN3rtgiomvJi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-01_d763001fa21382246df29f0ee0f1a16b_ryuk

Files

2024-10-01_d763001fa21382246df29f0ee0f1a16b_ryuk
.exe windows:6 windows x64 arch:x64

0885018134065a6e7845340dd2d6dfa5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\qb\workspace\19992\p4gen\gfx_Development\dump64\igfx\lh\release\IntelCpHDCPSvc\IntelCpHDCPSvc.pdb

Imports

cfgmgr32

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection
CreateEventW
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
SetEvent
CreateSemaphoreExW
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep
SignalObjectAndWait

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventRegister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleA
FreeLibraryAndExitThread
GetProcAddress
LoadLibraryExW
SizeofResource
LoadStringW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
LoadResource

oleaut32

SysAllocString
SysStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
VariantClear
VariantInit
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SysFreeString
SafeArrayGetUBound
SafeArrayRedim
LoadRegTypeLi
SafeArrayDestroy
SafeArrayCreate

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetStartupInfoW
TerminateProcess
CreateThread
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
OpenProcessToken
GetCurrentThread
GetThreadPriority
SetThreadPriority
SwitchToThread
GetCurrentProcess
TlsAlloc

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoTaskMemRealloc
CoInitializeSecurity
CoInitializeEx
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorGroup
MakeAbsoluteSD
IsValidSid
InitializeSecurityDescriptor
GetTokenInformation
GetSecurityDescriptorLength
SetSecurityDescriptorOwner
GetLengthSid
CopySid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharUpperW
CharNextW

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-management-l1-1-0

DeleteService
CreateServiceW
OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplayDevicesW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

user32

GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
MessageBoxW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader

api-ms-win-core-processthreads-l1-1-1

GetThreadTimes
IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetLogicalProcessorInformation
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPopEntrySList
QueryDepthSList
InterlockedPushEntrySList

api-ms-win-core-localization-l1-2-0

IsValidCodePage
GetCPInfo
GetACP
LCMapStringW
GetOEMCP

api-ms-win-core-file-l1-1-0

GetFileType
WriteFile
SetFilePointerEx
FindFirstFileExW
FindNextFileW
FlushFileBuffers
CreateFileW
FindClose

api-ms-win-core-console-l1-1-0

GetConsoleCP
GetConsoleMode
WriteConsoleW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
ChangeTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask
GetProcessAffinityMask

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
VirtualProtect

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0885018134065a6e7845340dd2d6dfa5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cfgmgr32

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

oleaut32

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-synch-l1-2-1

user32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-systemtopology-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-memory-l1-1-0

Sections

.text Size: 285KB - Virtual size: 285KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 10KB - Virtual size: 17KB

.pdata Size: 20KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 285KB - Virtual size: 285KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 10KB - Virtual size: 17KB

.pdata
Size: 20KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB