2024-10-06_d25a8674f952a96020f0b4afe604d154_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-06_d25a8674f952a96020f0b4afe604d154_ryuk
Size

1.7MB
MD5

d25a8674f952a96020f0b4afe604d154
SHA1

934e8bca0f5eefeceed795521681a7137a596a97
SHA256

170c9c963e96f1c056b46995f61f6285628d074991b392afbbc1e8933884b2f6
SHA512

dca7b8c3cffbfdbd0575185f925117b12c5f1c56142fa371fe59c3817efdb83bcabd1c3a7026b1f6359f97fa544a3e50c06f714ed91f4e1c9d78fc53f60888f7
SSDEEP

24576:24kNd8FTptWJ6iNWcF/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:Y85WMsWiLNiXicJFFRGNzj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-06_d25a8674f952a96020f0b4afe604d154_ryuk

Files

2024-10-06_d25a8674f952a96020f0b4afe604d154_ryuk
.exe windows:6 windows x64 arch:x64

31b5751c8ba3552705525825d43a0570

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Workspace\iarosov_jrsrds0002_503\ME_FW\9\9.5\9.5_COMMON\SW\Src\Apps\PAVP2\PAVP30\IntelCpHeciSvc\x64\one_core_release\IntelCpHeciSvc.pdb

Imports

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
GetCommandLineA
GetStdHandle
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

FindNextFileW
FindClose
SetEndOfFile
SetFilePointerEx
CreateFileW
ReadFile
WriteFile
GetFileType
FlushFileBuffers
FindFirstFileExW
CreateDirectoryW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-1-0

TryEnterCriticalSection
CreateEventW
WaitForSingleObjectEx
WaitForMultipleObjectsEx
InitializeCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
SetEvent
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ResetEvent

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
OpenProcessToken
OpenThreadToken
TerminateProcess
GetCurrentThreadId
TlsAlloc
CreateThread
ExitProcess
ResumeThread
GetStartupInfoW
TlsFree
TlsGetValue
TlsSetValue

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
LoadStringW
GetModuleHandleExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharUpperW
CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegSetValueExA

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegOpenKeyW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoTaskMemRealloc
CoInitializeEx
CoTaskMemAlloc

oleaut32

SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SafeArrayCreate
SafeArrayDestroy
SafeArrayRedim
SysAllocString
RegisterTypeLi
UnRegisterTypeLi
VariantClear
VariantInit
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayCopy
SafeArrayGetVartype
SafeArrayGetUBound

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Get_Device_Interface_ListW
CM_Unregister_Notification
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSize
HeapReAlloc

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorLength
GetTokenInformation
IsValidSid
MakeAbsoluteSD
GetLengthSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
CopySid
InitializeSecurityDescriptor

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle
CreateServiceW
DeleteService

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

user32

DispatchMessageW
PostThreadMessageW
TranslateMessage
GetMessageW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetCPInfo
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlPcToFileHeader

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleCP
WriteConsoleW
GetConsoleMode

Exports

Exports

MessageBoxW

Sections

.text
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

31b5751c8ba3552705525825d43a0570

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-io-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-security-sddl-l1-1-0

user32

api-ms-win-core-localization-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-console-l1-1-0

Exports

Exports

Sections

.text Size: 299KB - Virtual size: 298KB

.rdata Size: 147KB - Virtual size: 147KB

.data Size: 8KB - Virtual size: 15KB

.pdata Size: 16KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 299KB - Virtual size: 298KB

.rdata
Size: 147KB - Virtual size: 147KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 16KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB