2024-10-17_fce2be740c0cc2f4ea87626c01a0a416_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-17_fce2be740c0cc2f4ea87626c01a0a416_ryuk
Size

1.4MB
MD5

fce2be740c0cc2f4ea87626c01a0a416
SHA1

434a0cd16125869f625d79dbfe1076fcb213f0eb
SHA256

1c9839959d21c9291626d35d7c57f4683934100b9b354dd8e1ce2cb001d174e7
SHA512

496d185d59471fb0e3cde70ed1089bf99e9063df7992bcdd8747192b35a9b9ac8aef0482275eb0cde3c23dc79f80ab44648dc1ede9defa86020d9f9f8d137d99
SSDEEP

24576:tdolRu094x4niLJ1nI6UZExfsqjnhMgeiCl7G0nehbGZpbD:tdolRuzx4niLJ+6UZIDDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-17_fce2be740c0cc2f4ea87626c01a0a416_ryuk

Files

2024-10-17_fce2be740c0cc2f4ea87626c01a0a416_ryuk
.exe windows:5 windows x64 arch:x64

f532c9acf6574838784e1cb9197ea379

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GoogleCrashHandler64_unsigned.pdb

Imports

kernel32

GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
GetCurrentThread
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
OutputDebugStringA
CloseHandle
CreateThread
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
LoadLibraryW
SizeofResource
LockResource
LoadResource
FindResourceW
GetCurrentThreadId
LocalFree
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
GetTickCount
WaitForMultipleObjects
WaitForSingleObject
GetExitCodeProcess
DuplicateHandle
ReleaseMutex
GetEnvironmentVariableW
lstrcmpiW
VirtualQuery
GetTempPathW
GetLocalTime
GetPrivateProfileIntW
GetPrivateProfileStringW
Sleep
lstrcmpW
lstrlenW
SetFilePointer
CreateMutexW
GetCurrentProcessId
InitializeCriticalSection
TryEnterCriticalSection
SetEvent
ResetEvent
GetFileAttributesExW
VerifyVersionInfoW
VerSetConditionMask
MoveFileExW
GetFileTime
ReadFile
DeviceIoControl
SetProcessWorkingSetSize
OpenProcess
CreateProcessW
ReadProcessMemory
lstrcpynW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WaitForDebugEvent
GetProcessId
DebugActiveProcessStop
ContinueDebugEvent
GetSystemInfo
GetThreadContext
DebugActiveProcess
VirtualQueryEx
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LeaveCriticalSection
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
ReleaseSemaphore
CreateSemaphoreW
EnterCriticalSection
OutputDebugStringW
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
IsDebuggerPresent
CreateEventW
GetUserDefaultLangID
GetSystemDefaultLangID
GetComputerNameExW
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
UnregisterWait
GetProcessTimes
UnregisterWaitEx
RegisterWaitForSingleObject
VirtualProtect
VirtualAlloc
EncodePointer
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
FindResourceExW
HeapFree

user32

SetClipboardData
EmptyClipboard
OpenClipboard
GetProcessWindowStation
CloseDesktop
CloseClipboard
CharUpperW
PostThreadMessageW
DispatchMessageW
GetMessageW
PeekMessageW
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
CreateWindowStationW
SetProcessWindowStation
CreateDesktopW
GetThreadDesktop
SetThreadDesktop
CloseWindowStation
CharLowerW
wvsprintfW
wsprintfW
MessageBoxW

advapi32

GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
CopySid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
InitializeSecurityDescriptor
MakeAbsoluteSD
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetAce
MakeSelfRelativeSD
GetSecurityDescriptorLength
EqualSid
SetNamedSecurityInfoW
ConvertStringSidToSidW
OpenThreadToken
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetSecurityDescriptorSacl
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
SetTokenInformation

ole32

CoCreateGuid
StringFromGUID2

shell32

SHGetFolderPathW

netapi32

NetApiBufferFree
NetWkstaGetInfo

rpcrt4

UuidCreate

shlwapi

PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
PathCanonicalizeW
PathIsRelativeW
SHQueryValueExW
PathAppendW

userenv

UnloadUserProfile

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f532c9acf6574838784e1cb9197ea379

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

netapi32

rpcrt4

shlwapi

userenv

version

Sections

.text Size: 218KB - Virtual size: 218KB

.rdata Size: 95KB - Virtual size: 94KB

.data Size: 4KB - Virtual size: 15KB

.pdata Size: 11KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 276B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 218KB - Virtual size: 218KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 4KB - Virtual size: 15KB

.pdata
Size: 11KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 276B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 1.1MB - Virtual size: 1.1MB