2024-01-09_4e5f56e958c0a4ac41eadae2d8f29b1e_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-09_4e5f56e958c0a4ac41eadae2d8f29b1e_ryuk
Size

28.6MB
MD5

4e5f56e958c0a4ac41eadae2d8f29b1e
SHA1

e9dcc2e2e924d33e2dd98e7927de6a0665a5f2fb
SHA256

10467329ddce563ffad435f27559eb4c1fb6b4a77f5f5f920c1073f42155a9c9
SHA512

6923acff850fd5529e4b36c661cf10c6a7ea7dbbafd91a8020870e5d79f5ee8ef8c7d78e25b109972ad6bde32bd91826e318224b1a663c1e87515a6de3c883d9
SSDEEP

98304:eR6gmXcjZtluEsMjgzOXZU/c1K2jQAXyU2KSO7I3wNRPf1EeWcC+S1p8zXTaxTVQ:zGZLuEigNx1EOEVcQCw8TRex+uUS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-09_4e5f56e958c0a4ac41eadae2d8f29b1e_ryuk

Files

2024-01-09_4e5f56e958c0a4ac41eadae2d8f29b1e_ryuk
.exe windows:5 windows x64 arch:x64

d49b13bd79fd87aaab3fc87c3b8639bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FlushFileBuffers
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetCurrentThread
GetStdHandle
GetModuleFileNameA
HeapReAlloc
GetFullPathNameA
FreeEnvironmentStringsW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
ExitProcess
GetFileAttributesExW
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetStdHandle
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
FormatMessageW
ExpandEnvironmentStringsA
LoadLibraryA
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringA
OutputDebugStringW
WriteConsoleW
HeapSize
SetEndOfFile
CreateFileMappingA
GetTickCount64
InitializeCriticalSectionEx
SleepEx
FormatMessageA
VerSetConditionMask
GetModuleHandleA
SetConsoleCtrlHandler
FindFirstFileExA
FindFirstFileExW
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
TerminateProcess
GetEnvironmentStringsW
GetSystemDirectoryA
VerifyVersionInfoA
WaitForMultipleObjects
FatalAppExitA
GetDiskFreeSpaceA
LockFile
UnlockFile
FlushConsoleInputBuffer
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
IsBadCodePtr
IsBadWritePtr
MulDiv
GetProfileIntA
GetUserDefaultLangID
SearchPathW
GetProfileStringW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetProcessHeap
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
GetExitCodeProcess
OpenProcess
GetLongPathNameW
FindResourceW
LoadResource
LockResource
FreeResource
GlobalHandle
GetVersionExW
ExpandEnvironmentStringsW
CreateProcessW
LoadLibraryExW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetVersion
GetFileSize
GlobalReAlloc
GetLocaleInfoEx
FindNextFileW
SetFileAttributesW
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileSizeEx
GetLogicalDrives
lstrlenW
lstrcpyW
GetExitCodeThread
FileTimeToSystemTime
CreateEventW
ResetEvent
SetEvent
TerminateThread
SetThreadPriority
CreateThread
GetShortPathNameW
GetCurrentThreadId
GetVolumeInformationW
CreateDirectoryW
GetDiskFreeSpaceW
DeviceIoControl
SetErrorMode
LocalFree
LocalAlloc
MoveFileW
DeleteFileW
GetSystemDirectoryW
WaitForSingleObject
GetDriveTypeW
GlobalMemoryStatus
GetModuleHandleExW
GetModuleFileNameW
RtlCaptureStackBackTrace
GetLocaleInfoA
LoadLibraryW
FreeLibrary
FindFirstFileW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileTime
SetFilePointer
ReadFile
WriteFile
SetLastError
GetLocaleInfoW
GetLocalTime
GetUserDefaultUILanguage
WideCharToMultiByte
lstrcmpiW
lstrcmpW
MultiByteToWideChar
GetVersionExA
GetCurrentProcess
ProcessIdToSessionId
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
Sleep
GlobalSize
GetACP
GetWindowsDirectoryW
IsBadReadPtr
GetFileAttributesW
CreateFileW
GetTempPathW
CloseHandle
GetLastError
GetTickCount
GlobalMemoryStatusEx
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFullPathNameW
QueryPerformanceFrequency

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
RegCreateKeyExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExA
RegOpenKeyExA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueW
RegEnumValueW
GetUserNameW
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

user32

GetClipboardOwner
CloseClipboard
OpenClipboard
DdeFreeStringHandle
DdeQueryStringW
DdeCreateStringHandleW
DdeGetData
DdeClientTransaction
DdeNameService
DdeDisconnect
DdeConnect
DdeUninitialize
DdeInitializeW
IsCharAlphaW
GetClipboardData
SetCursor
FindWindowW
EnumDisplayDevicesW
EnumDisplaySettingsW
SystemParametersInfoW
SetCursorPos
FillRect
GetMessageW
SetClipboardData
OemToCharA
GetScrollInfo
SetScrollInfo
SetMenuInfo
DestroyMenu
RegisterClipboardFormatA
GetClipboardFormatNameA
EmptyClipboard
IsClipboardFormatAvailable
MoveWindow
DrawIcon
GetWindowDC
BeginPaint
EndPaint
ScrollWindowEx
ClientToScreen
MonitorFromPoint
ExcludeUpdateRgn
InvertRect
IsRectEmpty
MapWindowPoints
GrayStringW
PostMessageW
AttachThreadInput
ShowWindow
SetWindowPos
LoadIconW
SetProcessDPIAware
IsWindowVisible
IsIconic
IsZoomed
GetUserObjectInformationW
GetProcessWindowStation
CharLowerBuffW
CharUpperBuffW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowRect
GetWindowThreadProcessId
SendMessageW
GetParent
ScreenToClient
CharUpperW
CreatePopupMenu
CreateMenu
SetMenuItemInfoW
RegisterWindowMessageW
GetGestureInfo
ModifyMenuW
AppendMenuW
InsertMenuW
SetMenu
GetMenu
GetFocus
SetWindowTextW
UpdateWindow
EnableWindow
GetClientRect
IsCharAlphaNumericW
IntersectRect
GetSubMenu
CharLowerW
ReleaseCapture
GetMenuCheckMarkDimensions
WindowFromPoint
PtInRect
GetClassNameW
DefWindowProcW
GetCursorPos
CreateCaret
DestroyCaret
ShowCaret
SetCaretPos
GetKeyState
GetMenuItemID
DestroyIcon
GetCapture
SetCapture
SetTimer
KillTimer
GetDoubleClickTime
GetMenuStringW
GetMenuState
GetMenuItemCount
GetMenuItemInfoW
LoadCursorW
GetDC
ReleaseDC
MessageBeep
InvalidateRect
GetSysColor
BringWindowToTop
DrawMenuBar
CheckMenuItem
SetActiveWindow
AdjustWindowRectEx
TrackMouseEvent
UpdateLayeredWindow
RedrawWindow
EnumChildWindows
LoadImageW
DrawIconEx
GetWindowLongW
GetDlgCtrlID
GetDesktopWindow
IsWindowEnabled
EnableMenuItem
HideCaret
GetCursor
DestroyCursor
GetActiveWindow
GetAsyncKeyState
DispatchMessageW
PeekMessageW
IsWindow
GetSystemMenu
ValidateRect
GetCaretPos
GetWindowPlacement
GetSystemMetrics
OffsetRect
EnumWindows
SystemParametersInfoA
UnregisterClassW
RegisterClipboardFormatW
LoadStringW
CreateWindowExW
TranslateMessage
GetWindow
MessageBoxW
GetIconInfo
GetWindowTextLengthW
AddClipboardFormatListener
RemoveClipboardFormatListener
CallWindowProcW
RegisterClassW
GetClassInfoW
DestroyWindow
SetScrollPos
GetScrollPos
GetScrollRange
ShowScrollBar
GetWindowLongPtrW
SetWindowLongPtrW
GetClassLongW
GetClassLongPtrW
SetClassLongPtrW
SetParent
GetTopWindow
TrackPopupMenu
LoadBitmapW
MessageBoxA
SetWindowRgn
MapVirtualKeyW
SetFocus
MonitorFromWindow
GetMonitorInfoW
SetWindowPlacement
InflateRect
DeleteMenu
MonitorFromRect
EndMenu
SetWindowsHookW
UnhookWindowsHook
CallNextHookEx
GetKeyboardLayoutList
GetKeyboardLayout
GetDlgItem

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetLayout
SetLayout
GetObjectW
GetDeviceCaps
CreateSolidBrush
GetDCOrgEx
GetClipBox
DeleteObject
CreateRectRgnIndirect
CombineRgn
SetRectRgn
SetWinMetaFileBits
EnumFontsW
GetMetaFileBitsEx
SetEnhMetaFileBits
GetWinMetaFileBits
DeleteEnhMetaFile
EnumFontFamiliesExW
SelectObject
GetOutlineTextMetricsW
SetMetaFileBitsEx
DeleteMetaFile
OffsetRgn
RectInRegion
ExtSelectClipRgn
CreatePolygonRgn
GetCurrentObject
GetDIBits
SetDIBits
CloseMetaFile
CreateMetaFileW
SetBkMode
CloseEnhMetaFile
CreateEnhMetaFileW
CreateBitmap
CreateBitmapIndirect
CreateEllipticRgn
CreateICW
CreatePenIndirect
CreateRoundRectRgn
Ellipse
ExcludeClipRect
GetBkColor
DeleteDC
GetBitmapBits
GetClipRgn
GetNearestColor
GetTextAlign
GetTextColor
LineTo
PatBlt
RectVisible
RoundRect
SelectClipRgn
SetROP2
SetTextAlign
CreateDIBSection
ExtCreatePen
MoveToEx
Polygon
SetBrushOrgEx
UnrealizeObject
GetCharABCWidthsW
GetGlyphIndicesW
GetCharABCWidthsI
PolyPolygon
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
SetPaletteEntries
GetGlyphOutlineW
GetFontUnicodeRanges
GetTextFaceW
GetKerningPairsW
GetPixel
GetStockObject
Rectangle
SelectPalette
SetPixel
StretchBlt
CopyEnhMetaFileW
GetEnhMetaFileHeader
CreateFontIndirectW
CreatePen
GetTextExtentPoint32W
SetBkColor
SetTextCharacterExtra
SetTextColor
SetTextJustification
GetTextMetricsW
ExtTextOutW
CreateBrushIndirect
CreateDCW
ExtEscape
ResetDCW
StartDocW
EndDoc
StartPage
EndPage
RestoreDC
SaveDC
SetMapMode
SetAbortProc
CopyMetaFileW
PlayMetaFileRecord
EnumMetaFile
CreateDCA
CreateICA
CreatePatternBrush
GetEnhMetaFileBits
PlayEnhMetaFile
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
GetFontData
MaskBlt
CreatePolyPolygonRgn
CreateRectRgn
FillRgn
GetRegionData
GetBkMode
PtInRegion
IntersectClipRect

shell32

SHChangeNotify
SHAddToRecentDocs
SHFileOperationW
SHGetDesktopFolder
SHBrowseForFolderW
SHAppBarMessage
DragFinish
DragQueryFileW
DragAcceptFiles
ExtractIconExW
SHGetFileInfoW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
ExtractIconW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

mpr

WNetGetUserW

winspool.drv

ClosePrinter
DeviceCapabilitiesW
EnumPrintersW
GetPrinterW
ord203
DocumentPropertiesW
OpenPrinterW

oledlg

OleUIInsertObjectW
OleUIPasteSpecialW
OleUIEditLinksW
OleUIConvertW
OleUIPromptUserW
OleUIBusyW
OleUIAddVerbMenuW

imm32

ImmGetContext
ImmSetOpenStatus
ImmNotifyIME
ImmSetCompositionFontW
ImmGetCompositionWindow
ImmSetCompositionWindow
ImmAssociateContext
ImmAssociateContextEx
ImmReleaseContext

ole32

CoGetMalloc
OleRun
OleLoad
OleCreateFromFile
CoIsOle1Class
OleCreateLink
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreate
OleQueryCreateFromData
CreateItemMoniker
CreateGenericComposite
CreateBindCtx
MkParseDisplayName
OleUninitialize
OleInitialize
OleConvertIStorageToOLESTREAMEx
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
OleIsRunning
OleSetClipboard
RevokeDragDrop
RegisterDragDrop
OleSave
ReadFmtUserTypeStg
WriteClassStg
ReadClassStg
OleQueryLinkFromData
CLSIDFromProgID
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CreateILockBytesOnHGlobal
StgIsStorageFile
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateOleAdviseHolder
GetRunningObjectTable
CoTaskMemAlloc
CoFileTimeNow
CreateDataAdviseHolder
CoLockObjectExternal
OleRegGetUserType
WriteFmtUserTypeStg
StgOpenStorage
StgCreateDocfile
ReleaseStgMedium
CoRegisterMessageFilter
CoCreateGuid
OleGetClipboard
FreePropVariantArray
CoTaskMemFree
CoCreateInstance
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
ProgIDFromCLSID
CreateFileMoniker
StringFromCLSID
SetConvertStg
CreateStreamOnHGlobal
OleDuplicateData
OleSetContainedObject
OleSaveToStream
CoTreatAsClass
StgCreateStorageEx
GetClassFile
WriteClassStm
OleCreateLinkToFile

msimg32

AlphaBlend

wininet

InternetErrorDlg
HttpOpenRequestA
InternetReadFile
HttpSendRequestA
HttpQueryInfoW
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA

oleaut32

GetErrorInfo
SysReAllocString
VariantCopy
SysFreeString
VariantChangeType
VariantClear
VariantInit
RevokeActiveObject
RegisterActiveObject
SetErrorInfo
DispInvoke
DispGetIDsOfNames
LoadTypeLi
SysAllocString
CreateErrorInfo

dwmapi

DwmSetWindowAttribute

ws2_32

ioctlsocket
gethostname
recv
WSACleanup
WSAStartup
sendto
send
ntohl
WSAGetLastError
recvfrom
listen
accept
socket
__WSAFDIsSet
select
WSASetLastError
bind
closesocket
connect
getpeername
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
htonl
getsockname

crypt32

CertFreeCertificateContext

wldap32

ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord143
ord200
ord301
ord30

normaliz

IdnToAscii
IdnToUnicode

Exports

Exports

??4l4linkSt@@QEAAAEAU0@$$QEAU0@@Z
??4l4linkSt@@QEAAAEAU0@AEBU0@@Z
ExecHyph
ExecHyphEx
ExitHyph
InitHyph

Sections

.textbss
Size: - Virtual size: 10.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 21.6MB - Virtual size: 21.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 694KB - Virtual size: 694KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 963KB - Virtual size: 962KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d49b13bd79fd87aaab3fc87c3b8639bc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

version

mpr

winspool.drv

oledlg

imm32

ole32

msimg32

wininet

oleaut32

dwmapi

ws2_32

crypt32

wldap32

normaliz

Exports

Exports

Sections

.textbss Size: - Virtual size: 10.6MB

.text Size: 21.6MB - Virtual size: 21.6MB

.rdata Size: 3.5MB - Virtual size: 3.5MB

.data Size: 1.6MB - Virtual size: 2.1MB

.pdata Size: 694KB - Virtual size: 694KB

.idata Size: 32KB - Virtual size: 31KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 963KB - Virtual size: 962KB

.reloc Size: 238KB - Virtual size: 237KB

.textbss
Size: - Virtual size: 10.6MB

.text
Size: 21.6MB - Virtual size: 21.6MB

.rdata
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 1.6MB - Virtual size: 2.1MB

.pdata
Size: 694KB - Virtual size: 694KB

.idata
Size: 32KB - Virtual size: 31KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 963KB - Virtual size: 962KB

.reloc
Size: 238KB - Virtual size: 237KB