2024-10-11_0ab2839ea70f1981e59b181fe734c6ff_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-11_0ab2839ea70f1981e59b181fe734c6ff_ryuk
Size

4.7MB
MD5

0ab2839ea70f1981e59b181fe734c6ff
SHA1

7704a207fc4b1e45188908f1fdf6dc84fc3d11e0
SHA256

8dc6bca4edf179518ec9f833ea6827dba041ef9fea3a883e0848aa1017296344
SHA512

7da5a4ac02d03f3ec855db6f7233e784c3b8f3553b6957880b687e165d4e843b644a745a386d8ef2097675b077fa3a5618711abc4a2fa2640453a2d53b86d903
SSDEEP

98304:IRpxzAQs3DztefGquSgwX+vwdnP0vwdnkm:IREQs3DztefGquDwndPtd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-11_0ab2839ea70f1981e59b181fe734c6ff_ryuk

Files

2024-10-11_0ab2839ea70f1981e59b181fe734c6ff_ryuk
.exe windows:5 windows x64 arch:x64

6202925883e5b45bef6cec606a29c4a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameA
ExitProcess
CreateProcessA
WideCharToMultiByte
MultiByteToWideChar
PeekNamedPipe
GetDriveTypeW
GetModuleHandleExW
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
CreateFileMappingA
GetProcAddress
GetModuleHandleW
FreeLibrary
GetACP
GetEnvironmentVariableW
WriteFile
GetFileType
GetStdHandle
FindNextFileW
FindClose
SystemTimeToFileTime
GetSystemTime
FormatMessageA
GetSystemDirectoryA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
lstrlenA
GetModuleHandleA
GetFileSize
CreateFileA
DeleteCriticalSection
GetProcessHeap
HeapDestroy
UnmapViewOfFile
MapViewOfFileEx
GetModuleFileNameW
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetCurrentThreadId
SwitchToThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
CreateEventW
CreateEventA
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
QueryPerformanceCounter
SetLastError
GetLastError
RaiseException
AreFileApisANSI
GetFileInformationByHandle
GetFileAttributesW
FindFirstFileW
CreateFileW

user32

TranslateMessage
DispatchMessageA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
MsgWaitForMultipleObjects
PeekMessageA

advapi32

CryptEnumProvidersW
CryptGetUserKey
CryptGetProvParam
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW

shlwapi

StrChrA

ws2_32

gethostbyaddr
inet_ntoa
inet_addr
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
recv
connect
WSACleanup
WSAStartup
socket
gethostbyname
WSAStringToAddressA
WSAIoctl
shutdown
setsockopt
send
htons
htonl
getsockopt
getsockname
getpeername
ioctlsocket
closesocket
getservbyport
__WSAFDIsSet
select
WSASetLastError
getaddrinfo
freeaddrinfo
getservbyname
ntohs
bind
WSAGetLastError

crypt32

CertFindCertificateInStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

winmm

timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime

msvcrt

_ismbblead
_gmtime64
_lock
_unlock
_iob
_getdrive
__doserrno
wcspbrk
_wcsicmp
_wfullpath
___lc_codepage_func
__getmainargs
_msize
_XcptFilter
__set_app_type
_acmdln
_fmode
___lc_handle_func
?_set_new_mode@@YAHH@Z
_commode
?terminate@@YAXXZ
mbtowc
_isatty
_strtoui64
_sys_errlist
_sys_nerr
ceil
log10
_clearfp
wcstol
___mb_cur_max_func
__pctype_func
_callnewh
_initterm
isdigit
tolower
signal
fputs
strtol
getenv
raise
fopen
_wfopen
isspace
strspn
strncpy
_setmode
setvbuf
ftell
fseek
fread
_fileno
fflush
ferror
strtoul
strcmp
qsort
atoi
fgets
feof
fclose
strncmp
abort
_beginthreadex
realloc
_errno
calloc
_localtime64
_time64
_mktime64
malloc
free
__CxxFrameHandler
wcsstr
memchr
strrchr
strchr
strstr
_CxxThrowException
memset
memmove
memcpy
memcmp
__C_specific_handler
wcsrchr
strcspn
_amsg_exit

Exports

Exports

LZ4_attach_dictionary
LZ4_compress
LZ4_compressBound
LZ4_compress_continue
LZ4_compress_default
LZ4_compress_destSize
LZ4_compress_fast
LZ4_compress_fast_continue
LZ4_compress_fast_extState
LZ4_compress_limitedOutput
LZ4_compress_limitedOutput_continue
LZ4_compress_limitedOutput_withState
LZ4_compress_withState
LZ4_create
LZ4_createStream
LZ4_createStreamDecode
LZ4_decoderRingBufferSize
LZ4_decompress_fast
LZ4_decompress_fast_continue
LZ4_decompress_fast_usingDict
LZ4_decompress_fast_withPrefix64k
LZ4_decompress_safe
LZ4_decompress_safe_continue
LZ4_decompress_safe_partial
LZ4_decompress_safe_partial_usingDict
LZ4_decompress_safe_usingDict
LZ4_decompress_safe_withPrefix64k
LZ4_freeStream
LZ4_freeStreamDecode
LZ4_initStream
LZ4_loadDict
LZ4_loadDictSlow
LZ4_resetStream
LZ4_resetStreamState
LZ4_resetStream_fast
LZ4_saveDict
LZ4_setStreamDecode
LZ4_sizeofState
LZ4_sizeofStreamState
LZ4_slideInputBuffer
LZ4_uncompress
LZ4_uncompress_unknownOutputSize
LZ4_versionNumber
LZ4_versionString
llhttp_errno_name
llhttp_execute
llhttp_finish
llhttp_get_errno
llhttp_get_error_pos
llhttp_get_error_reason
llhttp_get_http_major
llhttp_get_http_minor
llhttp_get_method
llhttp_get_status_code
llhttp_get_type
llhttp_get_upgrade
llhttp_init
llhttp_message_needs_eof
llhttp_method_name
llhttp_pause
llhttp_reset
llhttp_resume
llhttp_resume_after_upgrade
llhttp_set_error_reason
llhttp_set_lenient_chunked_length
llhttp_set_lenient_data_after_close
llhttp_set_lenient_headers
llhttp_set_lenient_keep_alive
llhttp_set_lenient_optional_cr_before_lf
llhttp_set_lenient_optional_crlf_after_chunk
llhttp_set_lenient_optional_lf_after_cr
llhttp_set_lenient_spaces_after_chunk_size
llhttp_set_lenient_transfer_encoding
llhttp_set_lenient_version
llhttp_settings_init
llhttp_should_keep_alive
llhttp_status_name

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gehcont
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textshe
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.gehcont
.gfids
.pdata
.rdata
.reloc
.rsrc/MANIFEST/1
.xml
.text
.textshe
.tls

Sharing

General

Malware Config

Signatures

Files

6202925883e5b45bef6cec606a29c4a7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

ws2_32

crypt32

winmm

msvcrt

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 30KB - Virtual size: 40KB

.pdata Size: 114KB - Virtual size: 114KB

.gfids Size: 512B - Virtual size: 72B

.tls Size: 1KB - Virtual size: 1KB

.gehcont Size: 512B - Virtual size: 4B

.textshe Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 39KB - Virtual size: 39KB

.rsrc Size: 1KB - Virtual size: 4KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 30KB - Virtual size: 40KB

.pdata
Size: 114KB - Virtual size: 114KB

.gfids
Size: 512B - Virtual size: 72B

.tls
Size: 1KB - Virtual size: 1KB

.gehcont
Size: 512B - Virtual size: 4B

.textshe
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 39KB - Virtual size: 39KB

.rsrc
Size: 1KB - Virtual size: 4KB