2024-12-03_854a9b6f5229ca9623655c5af644afa7_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-12-03_854a9b6f5229ca9623655c5af644afa7_ryuk
Size

10.3MB
MD5

854a9b6f5229ca9623655c5af644afa7
SHA1

24403333b76134ecbb44747014b88c0b0be9831f
SHA256

7493e9d330c6cd309670880f694b55d835ad3d774e907786d6eb5ac08dba21aa
SHA512

11c3c3cd58c937967047e448847122abd24a7015d87e81923a5364f2f4e50610dae63a819fcc7812b01cae1e23e7d3b09852fc201edd4c0ba1e7d062c56aac4b
SSDEEP

196608:2X0lRFzyrh2OH0DuVBYcSEzZmbjOe+sIY7sk0nEG8MTLwQBItZqWHDp:Ec7YHqgZmbjO1NYwfr8MTLXsZPp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-12-03_854a9b6f5229ca9623655c5af644afa7_ryuk

Files

2024-12-03_854a9b6f5229ca9623655c5af644afa7_ryuk
.exe windows:6 windows x64 arch:x64

8f9a85511692e23a5a756afe677f95e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d2d1

ord2
ord1

comctl32

ord345
ord344

kernel32

CloseHandle
DeleteCriticalSection
CreateEventW
ResetEvent
WaitForSingleObject
SetEvent
CreateThread
SetThreadPriority
GetExitCodeThread
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameW
CreateProcessW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetACP
WriteFile
InitializeCriticalSection
GetFileType
ExitProcess
HeapReAlloc
LoadLibraryExW
FreeLibrary
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetProcAddress
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
Sleep
LeaveCriticalSection
GetStdHandle
EnterCriticalSection
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
GetStringTypeW
GetModuleHandleExW
HeapSize
CreateFileW
ReadConsoleW
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
SetEndOfFile
FindFirstFileExW
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetErrorMode
VirtualAlloc
GetModuleFileNameA
CreateFileA
SetFilePointer
GetModuleHandleA
LoadLibraryA
VirtualFree

user32

EnableWindow
GetDlgItem
EndDialog
MessageBoxW
SetGestureConfig
BeginPaint
SendDlgItemMessageW
IsDlgButtonChecked
LoadIconW
DialogBoxParamW
LoadStringW
LoadCursorW
SetCursor
ReleaseCapture
wsprintfW
ShowWindow
GetCapture
SetCapture
SetFocus
UpdateWindow
InvalidateRect
SetWindowTextW
GetClientRect
CloseWindow
SetWindowPos
GetWindowRect
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
SendMessageW
IsChild
WindowFromPoint
GetCursorPos
GetParent
SendNotifyMessageW
CloseGestureInfoHandle
GetGestureInfo
TrackMouseEvent
EndPaint

gdi32

SetBkMode
CreateSolidBrush
DeleteObject

shell32

ShellExecuteW
SetCurrentProcessExplicitAppUserModelID
SHCreateItemInKnownFolder
SHGetKnownFolderItem
SHCreateItemWithParent
ord155
SHCreateItemFromParsingName

ole32

CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
PropVariantClear
CoInitialize

webservices

WsFreeError
WsCall
WsCreateError
WsCreateHeap
WsFreeServiceProxy
WsOpenServiceProxy
WsCreateServiceProxy
WsFreeHeap
WsCloseServiceProxy

ncrypt

BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider

xmllite

CreateXmlReader
CreateXmlReaderInputWithEncodingCodePage

winhttp

WinHttpSetOption
WinHttpConnect
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpOpen

dwrite

DWriteCreateFactory

shlwapi

SHStrDupW

Sections

.text
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f9a85511692e23a5a756afe677f95e1

Headers

DLL Characteristics

File Characteristics

Imports

d2d1

comctl32

kernel32

user32

gdi32

shell32

ole32

webservices

ncrypt

xmllite

winhttp

dwrite

shlwapi

Sections

.text Size: 308KB - Virtual size: 308KB

.rdata Size: 162KB - Virtual size: 161KB

.data Size: 10KB - Virtual size: 16KB

.pdata Size: 18KB - Virtual size: 17KB

.gfids Size: 1024B - Virtual size: 600B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 261KB - Virtual size: 260KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 308KB - Virtual size: 308KB

.rdata
Size: 162KB - Virtual size: 161KB

.data
Size: 10KB - Virtual size: 16KB

.pdata
Size: 18KB - Virtual size: 17KB

.gfids
Size: 1024B - Virtual size: 600B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 261KB - Virtual size: 260KB

.reloc
Size: 6KB - Virtual size: 6KB