2024-01-08_3d916dd92872c34b0c7022d785746c5e_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-08_3d916dd92872c34b0c7022d785746c5e_ryuk
Size

2.3MB
MD5

3d916dd92872c34b0c7022d785746c5e
SHA1

c4cdc33f19d02f6a92716c0c19f28b3927d6b645
SHA256

2372377efb92a90320173c393ac231923411ec2a11e68801e65d470c82287f5e
SHA512

6e5a12652e0af723c67e059815fb7e959a0785668263a4639d79bc4212b8d6e9673b9df6a4a5a1369d2c2a84fdc286f8c74467d7e6eefde19be8c5c109e11213
SSDEEP

49152:7hVydK4alCSU+tnHLCmwv2RZrNgXFbUbfkVYVqPyY2:7/HpJebUpVxY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-08_3d916dd92872c34b0c7022d785746c5e_ryuk

Files

2024-01-08_3d916dd92872c34b0c7022d785746c5e_ryuk
.exe windows:6 windows x64 arch:x64

0442e36018150de3f6d0567cfd542918

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFullPathNameA
SetEndOfFile
GetCurrentProcess
GetVolumeInformationA
FileTimeToLocalFileTime
GetFileAttributesExA
SystemTimeToTzSpecificLocalTime
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
CreateFileW
FlushFileBuffers
FindFirstFileA
FindClose
FileTimeToSystemTime
GetCPInfo
GetOEMCP
GetDriveTypeW
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
ExitProcess
SetConsoleCtrlHandler
GetCommandLineW
HeapQueryInformation
GetConsoleCP
LCMapStringW
GetStringTypeW
GetExitCodeProcess
CreateProcessA
GetFileAttributesExW
GetTimeZoneInformation
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FindFirstFileExA
FindNextFileA
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteFileA
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
InitializeCriticalSection
LocalFree
GlobalFree
GlobalUnlock
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
SetEnvironmentVariableA
WriteConsoleW
FindFirstFileW
GetSystemDirectoryW
EncodePointer
SetErrorMode
CompareStringA
FindResourceW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetModuleFileNameA
GetVersionExA
GetCurrentThread
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleFileNameW
OutputDebugStringA
GetACP
SwitchToThread
SystemTimeToFileTime
GetSystemTime
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
LoadLibraryW
CreateFiber
DeleteFiber
SwitchToFiber
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleExW
OutputDebugStringW
GetSystemTimeAsFileTime
FormatMessageW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetModuleHandleW
WriteFile
WideCharToMultiByte
GetEnvironmentVariableW
VerifyVersionInfoA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
ExpandEnvironmentStringsA
WaitForMultipleObjects
GetProcAddress
FreeLibrary
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
WaitForSingleObjectEx
FormatMessageA
SetLastError
SleepEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
GetLocalTime
GetCommandLineA
GetModuleHandleA
GetTickCount64
Sleep
GetTickCount
WaitForSingleObject
SetEvent
CloseHandle
CreateThread

user32

GetWindowThreadProcessId
SetCursor
GetCursorPos
TranslateMessage
GetMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
SetWindowTextA
IsWindowEnabled
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
LoadIconW
LoadIconA
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
ReleaseDC
AdjustWindowRectEx
GetWindowRect
RemovePropA
GetPropA
SetPropA
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
ClientToScreen
RealChildWindowFromPoint
SetTimer
KillTimer
InvalidateRect
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetDC
UnhookWindowsHookEx
EnableWindow
GetCapture
GetKeyState
GetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
DestroyWindow
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
GetWindow
GetWindowLongA
GetWindowTextA
GetSystemMetrics
DestroyMenu
GetSysColorBrush
LoadCursorA
CharUpperA
MessageBoxA
GetScrollPos
SendMessageA
PostQuitMessage
PostMessageA
GetParent
OffsetRect
SetRectEmpty
GetClientRect
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetActiveWindow

gdi32

SetMapMode
TextOutA
ExtTextOutA
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteDC
DeleteObject
CreateBitmap
GetDeviceCaps
SetViewportExtEx
SetBkColor
SetTextColor

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
DeregisterEventSource
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam

shlwapi

PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathFindExtensionA

ole32

CoTaskMemFree
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

oleacc

LresultFromObject
CreateStdAccessibleObject

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertOpenStore
CertGetCertificateContextProperty

ws2_32

getnameinfo
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
shutdown

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord143
ord46
ord211
ord60
ord50
ord41

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 591KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0442e36018150de3f6d0567cfd542918

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

oleacc

crypt32

ws2_32

wldap32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 591KB - Virtual size: 591KB

.data Size: 63KB - Virtual size: 95KB

.pdata Size: 91KB - Virtual size: 91KB

.gfids Size: 2KB - Virtual size: 2KB

.giats Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 591KB - Virtual size: 591KB

.data
Size: 63KB - Virtual size: 95KB

.pdata
Size: 91KB - Virtual size: 91KB

.gfids
Size: 2KB - Virtual size: 2KB

.giats
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 25KB - Virtual size: 24KB