2024-01-01_8813eb5ceff98f6150a9b4b8405ab146_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-01_8813eb5ceff98f6150a9b4b8405ab146_ryuk
Size

6.7MB
MD5

8813eb5ceff98f6150a9b4b8405ab146
SHA1

88510a6a3e3ae72d5b5faffb726411e4a7a28230
SHA256

0345402f70cff1c41788276957c2845ca3a801cf85bbc1736146cc398f425697
SHA512

1bb3da1889beefe6c3d5fd07c8166cc7f6fd152dd3f7ccc2504d20ae701bfbfbe2409719489bb3dce70739a32fb9247c6661f7c4bf4de9c98fb1fa9a45df126f
SSDEEP

196608:5MD2QyBcjKS/Ei2Z2XFCUrLICwgXB+CfzJn:5MD2dg9z26Po7gX8UzJn

Score

1^/10

Malware Config

Signatures

Files

2024-01-01_8813eb5ceff98f6150a9b4b8405ab146_ryuk
.exe windows:5 windows x64 arch:x64

16de452775476ee8416a5772db4bad00

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

da:99:cf:f4:ef:e6:b3:ed:a6:3d:df:f3:b6:99:93:e4
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/05/2015, 00:00

Not After

30/04/2020, 23:59

Subject

CN=Krzysztof Kowalczyk,O=Krzysztof Kowalczyk,POSTALCODE=94110,STREET=\#202+STREET=3388 17th st,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:4a:37:12:56:96:b9:59:b3:0a:f7:3a:62:0f:47:72:c3:2d:e6:2a
Signer

Actual PE Digest

bf:4a:37:12:56:96:b9:59:b3:0a:f7:3a:62:0f:47:72:c3:2d:e6:2a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

InitCommonControlsEx
ord413
ord410
ord412
CreatePropertySheetPageW
ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_GetIconSize
ImageList_Destroy

gdiplus

GdipSetClipRegion
GdipCreateRegion
GdipDrawRectangleI
GdipGetImageHeight
GdipTranslateWorldTransform
GdipFillEllipseI
GdipScaleWorldTransform
GdipSetStringFormatFlags
GdipSetStringFormatMeasurableCharacterRanges
GdipDeleteStringFormat
GdipGetImageEncodersSize
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipBitmapLockBits
GdipClonePath
GdipGetPathWorldBoundsI
GdipSetPenMode
GdipDeleteMatrix
GdipGetFontHeight
GdipDeleteBrush
GdipCreateLineBrushFromRect
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteFontFamily
GdipSetCompositingQuality
GdipCreateFontFamilyFromName
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipSetSmoothingMode
GdipCreateFont
GdipCreateFromHDC
GdipGetLogFontW
GdipGetGenericFontFamilySansSerif
GdipFree
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipCreatePen2
GdipDeletePen
GdipDrawLineI
GdipAddPathLine
GdipCreatePath
GdipBitmapSetResolution
GdipGetStringFormatFlags
GdipCloneBitmapAreaI
GdipMeasureCharacterRanges
GdipGetRegionBounds
GdipCreateBitmapFromStream
GdipScaleMatrix
GdipRotateMatrix
GdipBitmapUnlockBits
GdipClosePathFigure
GdipSetPropertyItem
GdipCreateHBITMAPFromBitmap
GdipGetImageHorizontalResolution
GdipGetFamilyName
GdipSetPenDashOffset
GdipDrawLine
GdipSetPenDashArray
GdipInvertMatrix
GdipGetClip
GdipCreateBitmapFromGraphics
GdipDeleteRegion
GdipGetImageWidth
GdipDrawImageI
GdipSetPageUnit
GdipCreatePen1
GdipSetWorldTransform
GdipTransformMatrixPoints
GdipGetFamily
GdipGetPropertyItemSize
GdipDrawImageRectRectI
GdipImageGetFrameCount
GdipSetImageAttributesWrapMode
GdipImageSelectActiveFrame
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipGetPropertyItem
GdipDrawRectangle
GdipDrawImageRectRect
GdipWindingModeOutline
GdipAddPathRectangleI
GdipSetCompositingMode
GdipStringFormatGetGenericDefault
GdipResetWorldTransform
GdipCreateFontFromDC
GdiplusStartup
GdipStartPathFigure
GdipFillRectangleI
GdipTransformPath
GdipDeletePath
GdipCreatePath2
GdipSetSolidFillColor
GdipGetPointCount
GdipIsVisiblePathPointI
GdipCreateRegionPath
GdipCreateBitmapFromGdiDib
GdipGetDC
GdipReleaseDC
GdipCreateStringFormat
GdipAddPathLineI
GdipCreateMatrix
GdipSetPenMiterLimit
GdipCreateFromHWND
GdipIsVisibleRectI
GdipSetStringFormatTrimming
GdipTransformPointsI
GdipDeletePathIter
GdipPathIterRewind
GdipCreatePathIter
GdipGetPathData
GdipSetStringFormatLineAlign
GdipAddPathEllipseI
GdipSetPenColor
GdipAddPathArcI
GdipCreateFontFromLogfontA
GdipPathIterNextMarkerPath
GdipSetPathMarker
GdipGetRegionHRgn
GdipSetInterpolationMode
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipSetClipRectI
GdipFillPath
GdipFillRectangle
GdipDrawPath
GdipDrawString
GdipGetImageEncoders
GdipTranslateMatrix

kernel32

CopyFileW
GetSystemTimeAsFileTime
GetFullPathNameW
SetErrorMode
UnmapViewOfFile
GetModuleHandleW
MoveFileExW
LocalFree
CloseHandle
GetLastError
FormatMessageW
SetFileAttributesW
GetFileAttributesW
WaitForSingleObject
Sleep
ExitProcess
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
GetCurrentDirectoryA
SetCurrentDirectoryA
Thread32Next
Thread32First
SuspendThread
ResumeThread
GetModuleHandleA
GetThreadContext
VirtualQuery
OpenThread
FileTimeToLocalFileTime
FileTimeToDosDateTime
lstrcpynW
CreateEventA
GetCommandLineW
HeapSize
GetTimeZoneInformation
WriteConsoleW
FindNextFileA
FindFirstFileExA
GetCommandLineA
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetFullPathNameA
GetCurrentDirectoryW
FlushFileBuffers
SetEndOfFile
SetStdHandle
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
CreateProcessA
GetCurrentThread
GetStringTypeW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetModuleFileNameA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetConsoleCtrlHandler
GetFileType
GetModuleHandleExW
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetUserDefaultUILanguage
SetUnhandledExceptionFilter
Module32NextW
GlobalMemoryStatusEx
HeapDestroy
Module32FirstW
HeapAlloc
GetSystemInfo
HeapReAlloc
CreateToolhelp32Snapshot
GetLocaleInfoA
GetVersionExW
GetEnvironmentVariableA
HeapFree
HeapCreate
GlobalFree
SetThreadExecutionState
SystemTimeToFileTime
GetTickCount
GetLogicalDrives
GetDateFormatW
GetTimeFormatW
GlobalAddAtomW
GlobalDeleteAtom
SetFilePointer
GetACP
TryEnterCriticalSection
GetExitCodeProcess
GetEnvironmentVariableW
TerminateProcess
GetSystemTime
OutputDebugStringA
RaiseException
ReadDirectoryChangesW
QueueUserAPC
ResetEvent
CreateThread
SetEvent
CreateEventW
WaitForMultipleObjectsEx
CompareFileTime
CancelIo
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetFileTime
GetDriveTypeW
GetTempFileNameW
DeleteFileW
GetFileAttributesExW
GetFileInformationByHandle
GetVolumePathNameW
GetTempPathW
GetPrivateProfileIntW
GetShortPathNameW
GetLongPathNameW
WritePrivateProfileStringW
GetFileSizeEx
ReadFile
CreateDirectoryW
CreateFileW
WriteFile
WideCharToMultiByte
MultiByteToWideChar
FindClose
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
SizeofResource
GetConsoleScreenBufferInfo
GetCurrentProcess
SetConsoleScreenBufferSize
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
LockResource
GlobalAlloc
LoadResource
FindResourceW
GetWindowsDirectoryW
GlobalLock
VerSetConditionMask
CreateProcessW
lstrcpyW
VerifyVersionInfoW
FormatMessageA
GlobalUnlock
AllocConsole
MulDiv
FindFirstFileW
EncodePointer

user32

DestroyMenu
SetMenu
MoveWindow
GetForegroundWindow
SetFocus
SetTimer
BeginDeferWindowPos
IsWindow
ShowWindow
GetScrollPos
GetSystemMetrics
SendMessageW
EndDeferWindowPos
CreateWindowExW
MessageBoxW
SetWindowLongW
GetClientRect
IsZoomed
KillTimer
GetSysColor
PostQuitMessage
SetPropW
RemovePropW
GetPropW
CharLowerBuffW
GetParent
UpdateWindow
SetWindowPos
IsWindowVisible
DestroyWindow
GetFocus
GetWindowRect
MapVirtualKeyW
ShowScrollBar
GetKeyState
DefWindowProcW
DeferWindowPos
SetScrollInfo
GetWindowLongW
SetParent
LoadCursorW
FindWindowW
LoadIconW
TranslateMessage
TranslateAcceleratorW
LoadBitmapW
DispatchMessageW
LoadAcceleratorsW
RegisterClassExW
FindWindowExW
AllowSetForegroundWindow
GetMessageW
GetWindowThreadProcessId
InvalidateRect
GetAncestor
IsIconic
IsCharUpperW
ScreenToClient
wsprintfA
GetMenuItemInfoW
GetSystemMenu
GetMenuItemCount
OffsetRect
SetMenuDefaultItem
DrawEdge
DrawFrameControl
ModifyMenuW
CheckMenuRadioItem
GetMenuItemID
GetMenu
InsertMenuW
CreatePopupMenu
TrackPopupMenu
AppendMenuW
CreateMenu
GetMessagePos
RedrawWindow
GetCursor
GetScrollInfo
CharLowerW
InvalidateRgn
ValidateRect
GetUpdateRect
HideCaret
SetClassLongPtrW
ShowCaret
LoadImageW
SetActiveWindow
GetWindowTextLengthW
ReuseDDElParam
ShowWindowAsync
MessageBeep
IsWindowUnicode
UnpackDDElParam
EndPaint
BeginPaint
GetCursorPos
SetCursor
ReleaseDC
SetForegroundWindow
DdeFreeStringHandle
SystemParametersInfoW
EnableMenuItem
DdeDisconnect
GetDesktopWindow
DrawTextW
CheckMenuItem
RemoveMenu
SetClipboardData
GetWindowDC
DdeFreeDataHandle
DdeClientTransaction
DdeUninitialize
DdeInitializeW
EmptyClipboard
SetMenuItemInfoW
CloseClipboard
ClientToScreen
GetMonitorInfoW
GetWindowInfo
DdeConnect
DdeCreateStringHandleW
OpenClipboard
EnumDisplayMonitors
MonitorFromWindow
MonitorFromRect
CopyImage
GetDC
AdjustWindowRectEx
TrackMouseEvent
GetWindowLongPtrW
FillRect
SetWindowLongPtrW
ReleaseCapture
SetCapture
GetCapture
SetLayeredWindowAttributes
PostMessageW
IsCharAlphaNumericW
EnableWindow
DialogBoxParamW
CheckDlgButton
GetDlgItem
IsDlgButtonChecked
DialogBoxIndirectParamW
SendDlgItemMessageW
MapWindowPoints
SetDlgItemTextW
EndDialog
CheckRadioButton
GetWindow
CallWindowProcW

gdi32

CreateFontIndirectW
MoveToEx
SetDIBits
GetObjectW
LineTo
SetBkMode
GetTextExtentPoint32W
DeleteDC
GetDeviceCaps
GetDIBits
SetGraphicsMode
CreateCompatibleDC
SetDIBColorTable
GetDIBColorTable
CreateDIBSection
SelectObject
CreateCompatibleBitmap
BitBlt
ExtTextOutW
CreateSolidBrush
SetBkColor
SetTextColor
SetROP2
CreateBitmap
CreatePatternBrush
PatBlt
SetBrushOrgEx
IntersectClipRect
GetObjectA
Rectangle
CreatePen
SetLayout
CreateRoundRectRgn
TextOutW
SelectClipRgn
RoundRect
GetClipBox
CreateRectRgn
SetViewportOrgEx
ExcludeClipRect
ExtSelectClipRgn
StartPage
AbortDoc
EndDoc
CreateDCW
DeleteObject
GetStockObject
SetWorldTransform
StretchBlt
SetStretchBltMode
SetMapMode
StartDocW
EndPage

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgExW
CommDlgExtendedError

shell32

SHGetFileInfoW
SHGetDesktopFolder
SHAddToRecentDocs
ShellExecuteExW
SHBindToParent
SHGetFolderPathW
SHChangeNotify
DragAcceptFiles
DragFinish
DragQueryFileW

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
ReleaseStgMedium
CoGetMalloc
OleInitialize

msimg32

GradientFill

shlwapi

PathIsNetworkPathW
SHDeleteKeyW
SHSetValueW
SHGetValueW
PathIsRelativeW
PathAppendW
StrStrW
StrStrIW
StrRStrIW
SHDeleteValueW
ord219

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetConnectW
HttpSendRequestA
HttpOpenRequestW
InternetSetOptionW
InternetReadFile

winspool.drv

GetPrinterW
DocumentPropertiesW
ClosePrinter
DeviceCapabilitiesW
ord203
OpenPrinterW

advapi32

RegCloseKey
RegSetKeySecurity
InitializeSecurityDescriptor
RegOpenKeyExW
SystemFunction036
RegEnumKeyW
SetSecurityDescriptorDacl
RegQueryValueExW

oleaut32

SysAllocString
VariantClear
SafeArrayPutElement
SafeArrayCreateVector
VariantInit
SysFreeString

urlmon

CoInternetGetSession

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data:
Size: 733KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16de452775476ee8416a5772db4bad00

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

da:99:cf:f4:ef:e6:b3:ed:a6:3d:df:f3:b6:99:93:e4Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

bf:4a:37:12:56:96:b9:59:b3:0a:f7:3a:62:0f:47:72:c3:2d:e6:2aSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

gdiplus

kernel32

user32

gdi32

comdlg32

shell32

ole32

msimg32

shlwapi

version

wininet

winspool.drv

advapi32

oleaut32

urlmon

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data: Size: 733KB - Virtual size: 733KB

.rdata Size: 2.9MB - Virtual size: 2.9MB

.data Size: 142KB - Virtual size: 204KB

.pdata Size: 145KB - Virtual size: 144KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 48B

.rsrc Size: 140KB - Virtual size: 139KB

.reloc Size: 26KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

da:99:cf:f4:ef:e6:b3:ed:a6:3d:df:f3:b6:99:93:e4
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

bf:4a:37:12:56:96:b9:59:b3:0a:f7:3a:62:0f:47:72:c3:2d:e6:2a
Signer

.text
Size: 2.7MB - Virtual size: 2.7MB

.data:
Size: 733KB - Virtual size: 733KB

.rdata
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 142KB - Virtual size: 204KB

.pdata
Size: 145KB - Virtual size: 144KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 48B

.rsrc
Size: 140KB - Virtual size: 139KB

.reloc
Size: 26KB - Virtual size: 25KB