2024-01-06_7845fd18d4f5a611985a177c42042a4b_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-06_7845fd18d4f5a611985a177c42042a4b_ryuk
Size

25.5MB
MD5

7845fd18d4f5a611985a177c42042a4b
SHA1

0a04fba058b8982266252cf579b6f59c86c14ee8
SHA256

4cf4ffc0fa885e40246fda4fad7cdd00cb9f8bb806a9eedcfff9614332091073
SHA512

c9c0f070ebb17f0c153cd91cdaf59c673da41cb7742e417acdb769a17428fa105729ffed45655a9c58ea2fb8a278ad504797d7f3294e5af9aad0212d314739a0
SSDEEP

393216:fEN2sUaKygKmbXHCa5NkrLIgDKbc1k8QcwLzwXEUSfv3HOpZ0rodH:TKqia5Nk89okDIDSfPI0r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-06_7845fd18d4f5a611985a177c42042a4b_ryuk

Files

2024-01-06_7845fd18d4f5a611985a177c42042a4b_ryuk
.exe windows:5 windows x64 arch:x64

7e621994eea430c28f0ae6229a743ebd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetACP
ExitProcess
GetModuleFileNameA
GetStdHandle
GetFileType
ReadConsoleW
FindNextFileA
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
SetFilePointerEx
FindFirstFileExA
SetStdHandle
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
LocalUnlock
LocalLock
GetUserDefaultLCID
ReplaceFileW
GetDiskFreeSpaceW
SearchPathW
GetProfileIntW
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
GetTickCount
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
FindResourceExW
lstrcpyW
GetStringTypeExW
MoveFileW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
GetCurrentDirectoryW
GetThreadLocale
SystemTimeToFileTime
FileTimeToSystemTime
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetAtomNameW
GlobalGetAtomNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
lstrcmpA
GetVersionExW
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
WaitForSingleObject
SetEvent
GetCurrentProcessId
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalUnlock
GlobalLock
GlobalSize
WideCharToMultiByte
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
SetLastError
EncodePointer
OutputDebugStringA
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
lstrcatW
CloseHandle
WriteFile
CreateFileW
GetProcAddress
LoadLibraryA
GlobalReAlloc
GlobalAlloc
FreeResource
GlobalFree
Sleep
lstrlenA
SizeofResource
lstrcpyA
lstrlenW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
QueryPerformanceFrequency
WriteConsoleW

user32

DeleteMenu
WindowFromPoint
WaitMessage
GetAsyncKeyState
RealChildWindowFromPoint
GetSysColorBrush
SetRectEmpty
SendDlgItemMessageA
CopyImage
ShowOwnedPopups
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
GetCursorPos
GetActiveWindow
TranslateMessage
MapVirtualKeyW
GetKeyNameTextW
GetMenuItemInfoW
DestroyMenu
IntersectRect
GetWindowThreadProcessId
FillRect
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
RemoveMenu
InsertMenuW
GetMenuStringW
LoadMenuW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
EqualRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
CharNextW
CopyAcceleratorTableW
InvalidateRgn
EnableWindow
PostMessageW
SendMessageW
GetParent
GetClientRect
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
GetDialogBaseUnits
DestroyIcon
CharUpperW
TrackMouseEvent
LoadImageW
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
PeekMessageW
RegisterClipboardFormatW
GetMenuDefaultItem
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetSysColor
LoadCursorW
InvalidateRect
GetMessagePos
ScreenToClient
PtInRect
KillTimer
CopyRect
SetRect
GetSystemMetrics
OffsetRect
DrawFrameControl
InflateRect
DrawTextW
SetTimer
GetFocus
IsChild
GetCapture
SetCapture
GetMessageW
DispatchMessageW
ReleaseCapture
GetCursor
SetCursor
CreatePopupMenu
AppendMenuW
ClientToScreen
UpdateWindow
SystemParametersInfoW
DrawStateW
GetTabbedTextExtentW
LoadBitmapW
FrameRect
GetMenuItemCount
GetMenuItemID
GetSubMenu
ModifyMenuW
GetMenuState
LoadIconW
GetSystemMenu
IsIconic
DrawIcon
UnregisterClassW
RegisterWindowMessageW
UnionRect
PostThreadMessageW
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
GetDCEx
EnumChildWindows
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
SendNotifyMessageW
MonitorFromRect
InSendMessage
CreateMenu
WindowFromDC
GetWindowRgn
DestroyCursor
CopyIcon
SetCursorPos
IsZoomed
DrawEdge
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
SetWindowRgn
SetClassLongPtrW
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent

gdi32

Escape
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
GetMapMode
DeleteDC
SetRectRgn
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
CreateFontW
GetCharWidthW
StretchDIBits
Rectangle
OffsetRgn
GetCurrentObject
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateBitmap
SetTextColor
SetBkColor
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
PatBlt
DeleteObject
GetStockObject

msimg32

TransparentBlt
AlphaBlend

winspool.drv

GetJobW
ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegSetValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
SHAddToRecentDocs
ExtractIconW
SHGetFileInfoW
DragQueryFileW
ShellExecuteExW
SHAppBarMessage
SHBrowseForFolderW
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
DragFinish

comctl32

ImageList_Draw
ImageList_GetIcon
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_AddMasked

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
PathFindExtensionW

uxtheme

GetCurrentThemeName
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetThemeSysColor

ole32

OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
PropVariantCopy
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
CreateStreamOnHGlobal
CoInitializeEx
OleUninitialize
OleInitialize
OleCreateLinkFromData
OleCreateStaticFromData
CoFreeUnusedLibraries
OleRun
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
StringFromGUID2
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
OleFlushClipboard
CoDisconnectObject

oleaut32

LoadRegTypeLi
LoadTypeLi
VarDecFromStr
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
RegisterTypeLi
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
SysReAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SafeArrayGetElemsize
SystemTimeToVariantTime

oledlg

OleUIBusyW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipDrawImageRectI
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStreamICM

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14.7MB - Virtual size: 14.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e621994eea430c28f0ae6229a743ebd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 7.3MB - Virtual size: 7.3MB

.data Size: 14.7MB - Virtual size: 14.8MB

.pdata Size: 170KB - Virtual size: 169KB

.gfids Size: 139KB - Virtual size: 138KB

.giats Size: 512B - Virtual size: 28B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 7.3MB - Virtual size: 7.3MB

.data
Size: 14.7MB - Virtual size: 14.8MB

.pdata
Size: 170KB - Virtual size: 169KB

.gfids
Size: 139KB - Virtual size: 138KB

.giats
Size: 512B - Virtual size: 28B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 78KB - Virtual size: 78KB