2024-01-11_6ad5b55da97d5db56df2e783cc901cb0_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-11_6ad5b55da97d5db56df2e783cc901cb0_ryuk
Size

4.2MB
MD5

6ad5b55da97d5db56df2e783cc901cb0
SHA1

03fece0e15acd28dc471f284c3123acec254e870
SHA256

c5a52d0974bc93c2ae865debb62ede6634223d347e6706fd7f2a3bc81c5b794e
SHA512

85863b1b7e8f886fd29d90ed5fd3102b6976e7c7986dd094c0a632fd58dbac3c7c6c830ac4d0ec043759112f6943e8e8d2c8b571f9c8ab9f9e7965f4f4046a87
SSDEEP

49152:jJffH8/1+mmnDSRGnLgbGSFSZV394xOc0GYaRm3Oihk6APSUOZUMughQd/ZPCDC2:jJHDR1N3c0GY9+k+M+BCJ9qa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-11_6ad5b55da97d5db56df2e783cc901cb0_ryuk

Files

2024-01-11_6ad5b55da97d5db56df2e783cc901cb0_ryuk
.exe windows:5 windows x64 arch:x64

96c78fa9905acf5777bb2df6f6024bd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeConsole
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateJobObjectA
GetComputerNameW
GetCurrentProcessId
GlobalMemoryStatusEx
CreateProcessW
GetFileType
TerminateJobObject
DeleteTimerQueueTimer
BackupRead
BackupSeek
GetEnvironmentStringsW
FreeEnvironmentStringsA
SetConsoleTitleW
MoveFileW
GenerateConsoleCtrlEvent
GetExitCodeProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalSize
GlobalAlloc
LocalHandle
lstrlenA
LocalAlloc
GetConsoleMode
GetNumberOfConsoleInputEvents
GlobalFree
DisconnectNamedPipe
GetOverlappedResult
FlushFileBuffers
CreatePipe
TerminateProcess
GetShortPathNameW
GetLongPathNameW
GetTempFileNameW
DeleteFileW
FindClose
GetTempPathW
FindNextFileW
FindFirstFileW
GetTickCount
DebugBreakProcess
CloseHandle
OpenProcess
FreeLibrary
GetProcAddress
Process32Next
HeapSize
WriteConsoleW
GetModuleHandleA
GetProcessHeap
GetCommandLineA
FindFirstFileExW
GetTimeZoneInformation
GetVersionExA
LoadLibraryA
CreateFileA
AttachConsole
WaitForSingleObject
GetFileInformationByHandle
Sleep
CreateToolhelp32Snapshot
SetFileAttributesW
SetCurrentDirectoryA
ResumeThread
PeekNamedPipe
GetConsoleTitleW
SetErrorMode
GetProcessId
WaitForMultipleObjects
AssignProcessToJobObject
WriteFile
GetCurrentProcess
GetFullPathNameW
GetCommandLineW
CreateNamedPipeA
VirtualProtect
CreateTimerQueueTimer
SetHandleInformation
Process32First
GetModuleFileNameA
ReadFile
VirtualQuery
MulDiv
GlobalUnlock
IsBadReadPtr
FormatMessageA
LocalFree
GlobalLock
GetSystemInfo
GetFileAttributesW
CreateFileW
DeviceIoControl
GetLocaleInfoA
GetLastError
IsValidCodePage
GetACP
GetCPInfo
IsDBCSLeadByteEx
CreateProcessA
GetStartupInfoA
ConnectNamedPipe
SetEndOfFile
FreeEnvironmentStringsW
GetOEMCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
HeapReAlloc
HeapAlloc
HeapFree
GetStdHandle
GetModuleFileNameW
GetConsoleCP
DuplicateHandle
ReadConsoleW
SetConsoleCtrlHandler
GetFileAttributesExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RemoveDirectoryW
CreateDirectoryW
SetEnvironmentVariableW
VirtualAlloc
SetStdHandle
SetFilePointerEx
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
LeaveCriticalSection
EnterCriticalSection
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

advapi32

RegOpenKeyExA
OpenProcessToken
GetNamedSecurityInfoW
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
GetUserNameW
RegEnumKeyExA
AdjustTokenPrivileges
GetAclInformation
GetAce
LookupPrivilegeValueA
SetNamedSecurityInfoW

shell32

DragFinish
DragAcceptFiles
DragQueryPoint
DragQueryFileW
CommandLineToArgvW
ShellExecuteW
Shell_NotifyIconA
DragQueryFileA

gdi32

GetBkMode
GetCurrentObject
BitBlt
ExtTextOutA
CreateFontA
CreateCompatibleDC
GetDCOrgEx
SetPixel
GetTextExtentPointW
GdiFlush
GetPixel
GetTextExtentPointA
LineTo
CreatePen
GetObjectW
MoveToEx
CreateSolidBrush
ExtTextOutW
GetNearestColor
SelectObject
StartPage
EndDoc
EnumFontFamiliesW
GetDeviceCaps
DeleteDC
TextOutW
GetTextExtentPoint32W
SetTextColor
SetBkMode
CreateFontIndirectA
SetBkColor
DeleteObject
CreateDCA
GetTextMetricsA
SetTextAlign
SetAbortProc
StartDocW
EndPage
CreateBitmap
CreateFontIndirectW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ReplaceTextW
FindTextW
ChooseFontW
CommDlgExtendedError
PrintDlgW

ole32

CoInitialize
CoCreateInstance
StringFromCLSID
OleUninitialize
CoRegisterClassObject
OleInitialize
CoRevokeClassObject
CoUninitialize
CoTaskMemFree

netapi32

NetApiBufferFree
NetUserEnum

user32

mouse_event
ScrollWindowEx
IntersectRect
IsRectEmpty
DestroyMenu
GetMessageTime
SetMenu
MoveWindow
GetSysColor
GetMonitorInfoA
GetDlgItemTextW
LoadBitmapA
GetKeyboardLayout
FrameRect
MapWindowPoints
RegisterClassW
SetClassLongPtrA
CallWindowProcA
FindWindowExA
ClientToScreen
DestroyIcon
RedrawWindow
SetTimer
GetCapture
RegisterWindowMessageA
OffsetRect
DialogBoxIndirectParamA
GetClassInfoW
ShowWindow
TrackPopupMenu
DestroyCursor
GetWindowPlacement
GetScrollPos
WindowFromPoint
CreatePopupMenu
GetClientRect
SetWindowTextW
GetSystemMetrics
EndDialog
SetParent
SendMessageW
ScreenToClient
CreateWindowExW
FillRect
GetMenuItemCount
SetActiveWindow
MonitorFromWindow
InvertRect
InsertMenuA
SetWindowPos
IsWindowVisible
GetDC
InsertMenuItemW
LoadCursorA
GetWindowRect
GetWindow
MonitorFromPoint
PostMessageW
ShowScrollBar
GetKeyState
GetMenuState
DefWindowProcW
GetMessageW
SetScrollInfo
MessageBoxA
GetCaretBlinkTime
ReleaseCapture
ShowCursor
InvalidateRect
IsZoomed
GetDlgItem
GetMenuItemRect
GetWindowLongPtrA
DrawIconEx
KillTimer
UpdateWindow
SystemParametersInfoW
CreateMenu
DrawMenuBar
SetCapture
InsertMenuW
ToUnicode
SetCursor
TrackPopupMenuEx
CreateDialogIndirectParamA
GetCursor
RemoveMenu
SetWindowLongPtrA
PtInRect
MessageBeep
SetForegroundWindow
LoadIconA
MapVirtualKeyA
IsWindow
DestroyWindow
EnableWindow
ReleaseDC
GetParent
EnableMenuItem
IsIconic
SetCursorPos
GetCursorPos
BeginPaint
EndPaint
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
RegisterClipboardFormatA
GetFocus
MessageBoxW
CharLowerBuffA
GetSystemMenu
LoadImageA
SendMessageTimeoutA
EnumChildWindows
PostMessageA
MsgWaitForMultipleObjects
wsprintfA
GetDlgItemTextA
DispatchMessageW
IsDialogMessageW
PeekMessageW
GetWindowTextA
CharUpperBuffA
SetDlgItemTextW
SetWindowTextA
RegisterClassA
EnumWindows
DefWindowProcA
CreateWindowExA
SetFocus
TranslateMessage
SendDlgItemMessageA
SendMessageA
GetWindowDC
CreateDialogParamA
SystemParametersInfoA
GetDesktopWindow
GetClassNameA

comctl32

ord17
CreateToolbarEx

oleaut32

UnRegisterTypeLi
RegisterActiveObject
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysAllocString
RevokeActiveObject
SetErrorInfo

winmm

PlaySoundW
mciSendStringW
mciSendStringA
mciGetDeviceIDA

wsock32

connect
recv
htons
__WSAFDIsSet
closesocket
select
send
socket
WSAStartup
WSACleanup
WSAGetLastError
inet_ntoa

ws2_32

freeaddrinfo
getaddrinfo

Exports

Exports

scheme_external_get_thread_local_variables

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96c78fa9905acf5777bb2df6f6024bd9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

gdi32

comdlg32

ole32

netapi32

user32

comctl32

oleaut32

winmm

wsock32

ws2_32

Exports

Exports

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 473KB - Virtual size: 472KB

.data Size: 225KB - Virtual size: 292KB

.pdata Size: 162KB - Virtual size: 162KB

.gfids Size: 512B - Virtual size: 272B

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 473KB - Virtual size: 472KB

.data
Size: 225KB - Virtual size: 292KB

.pdata
Size: 162KB - Virtual size: 162KB

.gfids
Size: 512B - Virtual size: 272B

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 23KB - Virtual size: 22KB