2024-10-09_9e046b2bc233d83ff7367a286182c125_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-09_9e046b2bc233d83ff7367a286182c125_ryuk
Size

1.5MB
MD5

9e046b2bc233d83ff7367a286182c125
SHA1

c363dddd931f222227dfcd743c810cfd2e313140
SHA256

9a2e0270cf1fd892b2bd3fa81982c159013d539126dc1b5f68ace3a6fa47b121
SHA512

c7a1dff22180a25a82b27964b739fbac84eb6be23023376ecc67cd4b5f76ca6df4cb1579198e3b62f494d0bfbc95ff70578c0f864ad9f87b37f234cc3eb4431a
SSDEEP

24576:Ruvtxoq+2sH3X6NaazqaWRsjP2Qx0/iFFWeiSPUr4IL6e2:RuvtxerH6jJ36S0/i3Wenewe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-09_9e046b2bc233d83ff7367a286182c125_ryuk

Files

2024-10-09_9e046b2bc233d83ff7367a286182c125_ryuk
.exe windows:5 windows x64 arch:x64

e02c4ea52128eea49b871e93ce5c7ef0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\jnks\workspace\Pepto_STAB_Production\Windows\x64\Release\PdsmqConnector.pdb

Imports

kernel32

WaitForSingleObject
ReleaseMutex
CloseHandle
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
VerSetConditionMask
VerifyVersionInfoW
GetLocaleInfoW
GetSystemPowerStatus
FindNextFileW
FindClose
CreateMutexW
FreeEnvironmentStringsW
GetEnvironmentStringsW
LocalAlloc
GetTickCount
GetLastError
GetCommandLineW
DeleteFileW
SetEndOfFile
HeapSize
WriteConsoleW
ReadConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
GetOEMCP
IsValidCodePage
GetCurrentThreadId
DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
GetTempPathW
GetSystemTimeAsFileTime
FindFirstFileExW
GetProcessHeap
CreateFileW
SetFilePointerEx
ReadFile
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetFileType
GetACP
GetCommandLineA
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
RtlUnwindEx
RaiseException
RtlPcToFileHeader
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualProtect
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree

user32

GetSystemMetrics

winspool.drv

GetPrinterW
GetJobW
EnumPortsW
EnumJobsW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueExW
RegOpenKeyExW
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
SHGetFolderPathW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoSetProxyBlanket
StringFromGUID2
CoUninitialize

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
VariantInit
VariantCopy
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement

shlwapi

PathRemoveExtensionW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
PathCombineW

urlmon

ObtainUserAgentString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

UuidCreate

wininet

HttpQueryInfoW
InternetConnectW
InternetOpenA
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetReadFile

Sections

.text
Size: 666KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e02c4ea52128eea49b871e93ce5c7ef0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

version

rpcrt4

wininet

Sections

.text Size: 666KB - Virtual size: 666KB

.rdata Size: 257KB - Virtual size: 257KB

.data Size: 17KB - Virtual size: 24KB

.pdata Size: 34KB - Virtual size: 34KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 666KB - Virtual size: 666KB

.rdata
Size: 257KB - Virtual size: 257KB

.data
Size: 17KB - Virtual size: 24KB

.pdata
Size: 34KB - Virtual size: 34KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB