2024-10-04_a4299041bef9f44c2d955a0626a0a716_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-04_a4299041bef9f44c2d955a0626a0a716_ryuk
Size

1.6MB
MD5

a4299041bef9f44c2d955a0626a0a716
SHA1

2b3ce458871ed504bce8190052ca9b60fdb6940a
SHA256

ba97205fc5bb87192627febe5ecf9860c0608ceee1c5c74df370a65ba76a0c3e
SHA512

75805f24c708afdc309c19dda3bac941b0380afc20c09809bc4c87aad2e6ac32178d5f47c6fa7a8cff0af03f3a2ad0affb733f19da54ceea2032870da90b6933
SSDEEP

24576:a3oH6RhNF4Xx7AMsqjnhMgeiCl7G0nehbGZpbD:UoH0FEBA4Dmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-04_a4299041bef9f44c2d955a0626a0a716_ryuk

Files

2024-10-04_a4299041bef9f44c2d955a0626a0a716_ryuk
.exe windows:6 windows x64 arch:x64

6d75a4165c79a384f12ac557b9baac3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Workspace\sgorenbo\9.5_COMMON\SW\Src\Apps\PAVP2\PAVP30\IntelCpHeciSvc\x64\one_core_release\IntelCpHeciSvc.pdb

Imports

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetCommandLineW
SetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ResetEvent
DeleteCriticalSection
WaitForMultipleObjectsEx
SetEvent
InitializeCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
TryEnterCriticalSection
CreateEventW
WaitForSingleObjectEx

api-ms-win-core-processthreads-l1-1-0

CreateThread
ResumeThread
TerminateProcess
TlsSetValue
GetCurrentThreadId
GetStartupInfoW
OpenThreadToken
OpenProcessToken
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
TlsGetValue
ExitProcess
TlsAlloc
TlsFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
SizeofResource
FreeLibrary
GetModuleFileNameW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoTaskMemFree
StringFromGUID2
CoReleaseServerProcess
CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoResumeClassObjects
CoTaskMemRealloc
CoTaskMemAlloc
CoAddRefServerProcess

oleaut32

LoadRegTypeLi
LoadTypeLi
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
VarUI4FromStr
SafeArrayCopy
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
SafeArrayGetVartype
VariantInit
VariantClear
SysFreeString
SysStringLen
SafeArrayCreate

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Get_Device_Interface_ListW
CM_Register_Notification
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-file-l1-1-0

SetFilePointerEx
FindClose
CreateFileW
ReadFile
WriteFile
FindFirstFileExW
FindNextFileW
GetFileType
FlushFileBuffers
SetEndOfFile

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
HeapSize

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
CopySid
GetLengthSid
GetSecurityDescriptorLength
IsValidSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
CreateServiceW
DeleteService
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

user32

PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW

api-ms-win-core-localization-l1-2-0

GetCPInfo
EnumSystemLocalesW
GetUserDefaultLCID
LCMapStringW
IsValidLocale
GetLocaleInfoW
GetOEMCP
IsValidCodePage
GetACP

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleCP
GetConsoleMode
WriteConsoleW

Exports

Exports

MessageBoxW

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d75a4165c79a384f12ac557b9baac3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-synch-l1-2-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-security-sddl-l1-1-0

user32

api-ms-win-core-localization-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-console-l1-1-0

Exports

Exports

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 8KB - Virtual size: 15KB

.pdata Size: 16KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 16KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB