240911-aseygssepl_pw_infected[.]zip

Resubmissions

30/01/2025, 16:42 UTC

250130-t73smsynhn 10

28/01/2025, 18:40 UTC

250128-xbd17a1kej 10

Sharing

Copy URL

Twitter E-mail

General

Target

240911-aseygssepl_pw_infected.zip
Size

65KB
MD5

8f8be5dfe62044cea1d3f7418b5224c8
SHA1

28644e5303d01e42f80ffdf3a762423c9592b95b
SHA256

7bac5c10d02534007f1efb371885ae3918d21d394371f92d4e6455b58b4e16ad
SHA512

4521f937f81fb0ee82673de4c79e09d50056378f4c00c9b6ce5d68f1a542f20ec527120671d79db65d409829185336262bc7cf8f2ccd2557a4226782c1566fe0
SSDEEP

1536:UP2JsUHlicNKEcYYCE7m/USt/njDG5ixh4Qy26DCkK/0QoUciT30:Q0CNYYCHpG6NcDQ/0Qtlk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2024-09-11_13f929e2cc03dbe1780cce33b7dce110_ryuk

Files

240911-aseygssepl_pw_infected.zip
.zip

Password: infected
2024-09-11_13f929e2cc03dbe1780cce33b7dce110_ryuk
.exe windows:5 windows x86 arch:x86

Password: infected

c87058f83b3ab425474707bc35dd27b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetCurrentProcess
CreateThread
GetCurrentThread
SetLastError
WaitForMultipleObjects
Sleep
CloseHandle
WinExec
GetLocalTime
GetTickCount
LoadLibraryA
GetSystemDirectoryA
CreateFileW
DecodePointer
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwind
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapFree
HeapAlloc
LCMapStringW
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
RaiseException

ws2_32

inet_addr

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shell
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c87058f83b3ab425474707bc35dd27b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 21KB - Virtual size: 50KB

.gfids Size: 512B - Virtual size: 172B

.shell Size: 320KB - Virtual size: 320KB

We care about your privacy.

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 21KB - Virtual size: 50KB

.gfids
Size: 512B - Virtual size: 172B

.shell
Size: 320KB - Virtual size: 320KB