2025-03-25_0eb4f5a83dab65e4ae4befc95e36eea8_hijackloader_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2025-03-25_0eb4f5a83dab65e4ae4befc95e36eea8_hijackloader_ryuk
Size

286KB
MD5

0eb4f5a83dab65e4ae4befc95e36eea8
SHA1

1e8e57b541cf633d2d5d66066167aa3a30b250c5
SHA256

dec5752d980182e4ae33a4edc0242a53655d5e8c01aee0a6a0f75705a6aa5cf4
SHA512

2c87574ec111e22028e93a1798888c30d05bbd1c870a48ff634503452077a217e2e7b902430852e7b3ad988d8282f6684a1a5ae393a87ac4cb2b6f35d70db7bf
SSDEEP

3072:/IEQef2xyLHUTmCqvDO0Od6NBZNnUdAYZJj3hLKKKKKU8AAFTbp8ELQHsoOJNuY/:ZQB47UFq7O16NBZN7kofJXnIZRO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-25_0eb4f5a83dab65e4ae4befc95e36eea8_hijackloader_ryuk

Files

2025-03-25_0eb4f5a83dab65e4ae4befc95e36eea8_hijackloader_ryuk
.exe windows:6 windows x64 arch:x64

55a56bd66cdb461c6ec05ff6572b7e77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r570\r572_77\drivers\ui\NvSmartMax\NvSmartMaxApp\bin\Release64\NvSmartMaxapp64.pdb

Imports

kernel32

LocalAlloc
CreateFileW
GetFileAttributesW
GetSystemDirectoryW
GetLastError
CloseHandle
GetProcAddress
LocalFree
VerSetConditionMask
GetModuleHandleW
FreeLibrary
VerifyVersionInfoW
LoadLibraryExW
GetCurrentProcess
Wow64DisableWow64FsRedirection
GetEnvironmentVariableW
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
OpenEventW
CreateThread
SetCurrentDirectoryW
SetDllDirectoryW
IsWow64Process
GetModuleFileNameW
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetFilePointerEx
GetProcessHeap
LCMapStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFullPathNameW
SetLastError
GetConsoleMode
GetModuleFileNameA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
WriteConsoleW

user32

GetMessageW
DefWindowProcW
SubtractRect
GetWindowRect
GetDC
SetWindowPos
EqualRect
MonitorFromRect
EnumDisplayMonitors
CreateWindowExW
SendMessageW
RegisterClassExW
ShowWindow
OffsetRect
DispatchMessageW
GetMonitorInfoW
IsRectEmpty
TranslateMessage
FindWindowW
LoadCursorW
PostQuitMessage
SystemParametersInfoW
UpdateWindow
InvalidateRect
ReleaseDC

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55a56bd66cdb461c6ec05ff6572b7e77

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 4KB - Virtual size: 3KB

.gfids Size: 512B - Virtual size: 164B

.rsrc Size: 147KB - Virtual size: 146KB

.reloc Size: 2KB - Virtual size: 1KB

.zero Size: 8KB - Virtual size: 4KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 164B

.rsrc
Size: 147KB - Virtual size: 146KB

.reloc
Size: 2KB - Virtual size: 1KB

.zero
Size: 8KB - Virtual size: 4KB