2024-10-09_802d80867032940a140f6ec84edffe90_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-09_802d80867032940a140f6ec84edffe90_ryuk
Size

15.2MB
MD5

802d80867032940a140f6ec84edffe90
SHA1

ad2612f71414e816c850d907ed13ace090e334bd
SHA256

432cc97b9239a35945cf7ac46ec8b394d315b338c0e621cfd58ce20849fcf580
SHA512

5d854574ad98edf385d49f659c9650871d923aae75207c332f73027eca8ed435dc18653d7e987280c6c09b4246d44ee36602b03b166a05bf03f63c43e4265c81
SSDEEP

196608:RpvTPumORgygpH/729ensfb2J/lW1OwIPNJStV++nRNmIOAMtgt8OC+LaNE66CO0:RtTPu0yI+2sfKvwI3AVZBggZpaNEz6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-09_802d80867032940a140f6ec84edffe90_ryuk

Files

2024-10-09_802d80867032940a140f6ec84edffe90_ryuk
.exe windows:6 windows x64 arch:x64

fd68464170df1043cd9a0e27e6fb6a16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

ClientToScreen

kernel32

AcquireSRWLockExclusive
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

shell32

CommandLineToArgvW

ole32

CoCreateInstance

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

advapi32

DeregisterEventSource

gdi32

GetDeviceCaps

imm32

ImmGetContext

ws2_32

WSACleanup

crypt32

CertCloseStore

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 925KB - Virtual size: 925KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pZW
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.c\B
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

._O1
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd68464170df1043cd9a0e27e6fb6a16

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

shell32

ole32

d3d9

d3dx9_43

advapi32

gdi32

imm32

ws2_32

crypt32

bcrypt

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 925KB - Virtual size: 925KB

.data Size: 2.3MB - Virtual size: 2.4MB

.pdata Size: 127KB - Virtual size: 126KB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 12KB - Virtual size: 12KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 500B

.pZW Size: 4.2MB - Virtual size: 4.2MB

.c\B Size: 3KB - Virtual size: 3KB

._O1 Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 30KB - Virtual size: 30KB

.rsrc Size: 103KB - Virtual size: 102KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 925KB - Virtual size: 925KB

.data
Size: 2.3MB - Virtual size: 2.4MB

.pdata
Size: 127KB - Virtual size: 126KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 12KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 500B

.pZW
Size: 4.2MB - Virtual size: 4.2MB

.c\B
Size: 3KB - Virtual size: 3KB

._O1
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 103KB - Virtual size: 102KB