2024-01-11_a1ee85e3f39f4148af7229af94bbcf20_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-11_a1ee85e3f39f4148af7229af94bbcf20_ryuk
Size

3.7MB
MD5

a1ee85e3f39f4148af7229af94bbcf20
SHA1

648fe8ce96a9db9cf99aa35fb608ce101cff346d
SHA256

71c7e4eee3e86cf87d2df96c3564c639a655813df0833c1a3280dedc8bd834a6
SHA512

c162d999c533d6953eee720d4fc2b25c4dce486c3bbbaaead37f8e5d10b52e45622b8db0f5f686ba295e105197de79cf874a3206c1b35fc777b2ae6b5789fc78
SSDEEP

49152:7iO+6d6geWjwF+FbKPdWIgliveCTmiFFqyk3h0VTQ03O0t1xuiURznO5GGog5zVJ:bVeWjwIFUqz0NQtnO8G77AFG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-11_a1ee85e3f39f4148af7229af94bbcf20_ryuk

Files

2024-01-11_a1ee85e3f39f4148af7229af94bbcf20_ryuk
.exe windows:5 windows x64 arch:x64

863e41c115a98599d6909903a8e609ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LCMapStringW
GetDriveTypeW
GetTimeZoneInformation
GetStringTypeW
GetACP
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
GetSystemInfo
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
GetConsoleCP
VirtualQuery
GetConsoleMode
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SearchPathW
GetProfileIntW
GetTempPathW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
SetErrorMode
FindResourceExW
lstrcpyW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
GetCurrentThread
lstrcmpA
GetThreadLocale
GetStringTypeExW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
FlushFileBuffers
ReplaceFileW
GetTempFileNameW
GetFullPathNameW
GetDiskFreeSpaceW
ResumeThread
SetThreadPriority
CreateEventW
SetEvent
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
VirtualProtect
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
GlobalGetAtomNameW
GetCurrentProcessId
GlobalFree
GlobalSize
MulDiv
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleExW
FreeResource
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
SetLastError
ExpandEnvironmentStringsA
LoadLibraryA
GetLongPathNameW
ReleaseMutex
CreateMutexW
lstrlenW
WideCharToMultiByte
LoadLibraryW
SetCurrentDirectoryW
GetModuleFileNameW
FreeLibrary
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetShortPathNameW
CreateDirectoryW
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentDirectoryW
ReadFile
GetFileSize
WriteFile
CreateFileW
GetModuleHandleW
GetProcAddress
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
DeleteFileW
SetFileAttributesW
LocalFree
GetLastError
FormatMessageW
MoveFileW
GetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
OpenMutexW
WaitForSingleObject
Sleep
GetTickCount
CloseHandle
MultiByteToWideChar
CreateProcessW
VirtualAlloc
WriteConsoleW

user32

LoadImageW
DestroyIcon
GetWindowThreadProcessId
GetDesktopWindow
IntersectRect
SetCursor
InsertMenuItemW
DestroyMenu
CreatePopupMenu
LoadAcceleratorsW
GetActiveWindow
BringWindowToTop
SetRectEmpty
GetMenuState
GetMenuStringW
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongPtrW
EqualRect
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
UnpackDDElParam
SetActiveWindow
TrackPopupMenu
GetMenuItemID
SetMenu
GetMenu
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
IsClipboardFormatAvailable
GetMessageTime
RegisterWindowMessageW
CreateAcceleratorTableW
DestroyAcceleratorTable
InflateRect
GetMessagePos
MapWindowPoints
DrawFrameControl
UnregisterClassW
SetWindowLongPtrW
FindWindowExW
MessageBeep
EnableWindow
SendMessageW
GetParent
InvalidateRect
TranslateMessage
CallWindowProcW
GetWindowLongPtrW
ChildWindowFromPointEx
WindowFromPoint
OffsetRect
SystemParametersInfoW
GetDlgCtrlID
PtInRect
IsChild
LoadCursorW
SetFocus
SetTimer
KillTimer
ReleaseCapture
GetCapture
SetCapture
LoadIconW
ReuseDDElParam
GetMenuItemInfoW
SetRect
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetKeyNameTextW
MapVirtualKeyW
SendDlgItemMessageA
MapDialogRect
GetMessageW
UnionRect
IsRectEmpty
SetParent
MonitorFromPoint
DeleteMenu
DrawFocusRect
GetClipboardData
ScreenToClient
GetCursorPos
ClientToScreen
LockWindowUpdate
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetFocus
GetAsyncKeyState
ReleaseDC
GetDC
CharUpperW
GetDialogBaseUnits
PostQuitMessage
ShowOwnedPopups
CopyImage
GetSysColorBrush
RealChildWindowFromPoint
GetSystemMenu
GetForegroundWindow
TrackMouseEvent
DispatchMessageW
PostMessageW
DdeInitializeW
DdeCreateStringHandleW
DdeGetLastError
DdeUninitialize
DdeFreeStringHandle
DdeQueryStringW
DdeNameService
DdeConnect
DdeDisconnect
DdeClientTransaction
DdeFreeDataHandle
DdeGetData
WaitForInputIdle
FindWindowW
LoadMenuW
GetSubMenu
GetKeyState
GetClientRect
PeekMessageW
IsWindow
GetWindowRect
MessageBoxW
CopyRect
FillRect
GetSysColor
DrawTextW
GetSystemMetrics
ShowScrollBar
GetWindowLongW
SetWindowLongW
IsZoomed
IsIconic
UpdateWindow
TranslateAcceleratorW
ModifyMenuW
RemoveMenu
AppendMenuW
GetMenuItemCount
LoadStringW
InsertMenuW
RegisterClipboardFormatW
GetMenuDefaultItem
GetNextDlgGroupItem
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
CharUpperBuffW
GetDoubleClickTime
SetMenuDefaultItem
CopyAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
UpdateLayeredWindow
DrawIcon
FrameRect
CopyIcon
SetCursorPos
DrawEdge
DrawStateW
SetWindowRgn
SetClassLongPtrW
EnumDisplayMonitors
DefWindowProcW
SetLayeredWindowAttributes

gdi32

GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
CreateDCW
CreateFontW
GetCharWidthW
StretchDIBits
GetBkColor
GetPixel
CombineRgn
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polyline
CreateRoundRectRgn
LPtoDP
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
GetObjectType
GetDeviceCaps
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
BitBlt
CreateBitmap
SetTextColor
SetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
ExtTextOutW
DeleteObject
Polygon
Rectangle
CreateSolidBrush
CreatePen
GetStockObject
GetTextMetricsW
SelectObject
GetObjectW
GetTextExtentPoint32W
PatBlt
CreateFontIndirectW
CreateRectRgnIndirect

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegEnumValueW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegSetValueW
GetFileSecurityW
SetFileSecurityW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
DragAcceptFiles
DragQueryFileW
DragFinish
SHAppBarMessage
SHFileOperationW
ExtractIconW
SHGetFileInfoW
SHAddToRecentDocs

comctl32

ImageList_GetIconSize
ImageList_Draw
ImageList_Remove
ImageList_GetImageCount
ImageList_AddMasked
ImageList_DrawEx
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_DragShowNolock

shlwapi

StrTrimW
PathCanonicalizeW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW

uxtheme

GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground
DrawThemeText

ole32

OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
CoInitialize
CoCreateGuid
CoCreateInstance
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoUninitialize
CoInitializeEx

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VariantCopy
VarBstrFromDate
LoadTypeLi
VariantChangeType
SysFreeString
VariantClear
VariantInit
SysAllocStringLen

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

winmm

PlaySoundW

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Exports

Exports

STEPAddToolBarButton
STEPChangeSubItemText
STEPConvSiFieldToId3tag
STEPFileNameChange
STEPGETColumnType
STEPGetBooleanValue
STEPGetCommandID
STEPGetFileInfo
STEPGetGenreCode
STEPGetGenreNameSIF
STEPGetIntValue
STEPGetIntegerDiscNumber
STEPGetIntegerTrackNumber
STEPGetLongValue
STEPGetMenu
STEPGetNumericDiscNumber
STEPGetNumericTrackNumber
STEPGetSelectedCount
STEPGetSelectedItem
STEPGetSelectedRange
STEPGetSubItemText
STEPGetValue
STEPGetVoidValue
STEPInitData
STEPInitDataID3
STEPInitDataSIF
STEPIsCurrentCellEditOK
STEPIsItemFile
STEPIsNumeric
STEPIsRangeSelected
STEPIsUserGenre
STEPItemHasChildren
STEPKeyAssign
STEPProcessSelectedFiles
STEPProcessSelectedFilesForUpdate
STEPRegisterExt
STEPSetBooleanValue
STEPSetIntValue
STEPSetLongValue
STEPSetValue
STEPSetVoidValue
STEPUpdateCellInfo
STEPWriteTag

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 853KB - Virtual size: 852KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

863e41c115a98599d6909903a8e609ca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oleacc

gdiplus

winmm

imm32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 853KB - Virtual size: 852KB

.data Size: 56KB - Virtual size: 107KB

.pdata Size: 111KB - Virtual size: 111KB

.gfids Size: 108KB - Virtual size: 107KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 90KB - Virtual size: 89KB

.reloc Size: 76KB - Virtual size: 75KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 853KB - Virtual size: 852KB

.data
Size: 56KB - Virtual size: 107KB

.pdata
Size: 111KB - Virtual size: 111KB

.gfids
Size: 108KB - Virtual size: 107KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 90KB - Virtual size: 89KB

.reloc
Size: 76KB - Virtual size: 75KB