2024-01-28_7f31929e9b632434cd51e4adbe9095b9_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-28_7f31929e9b632434cd51e4adbe9095b9_ryuk
Size

4.1MB
MD5

7f31929e9b632434cd51e4adbe9095b9
SHA1

1af02c30a69c4cdfa5eb231ccbe230e5d5f88a96
SHA256

f817f719ab36755e51530e8104ce36bb7a93482ac0c2aa95311a8cd1a7d17dea
SHA512

7a1df54287f4eea166a3a0cb8a2225dbfb07de95d10ad44cef17d1e4cc264e90b0d27959d83f54d0cb97a391b5465f9489b20e1532cbefba66a8816cca01ebad
SSDEEP

49152:QyPwtI1tYlHgCaFi2Gz2q//+0nJYlJa2rNJEUUjWKgrJpkVKaOX1gu8ugi/KFgWi:rPD8mJ03+0S1U6KgrJps/017wRGpj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-28_7f31929e9b632434cd51e4adbe9095b9_ryuk

Files

2024-01-28_7f31929e9b632434cd51e4adbe9095b9_ryuk
.exe windows:5 windows x64 arch:x64

e34aae5457bf58d8d7582a0b76d6dd00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\builder\workers\ow64\build\vivaldi\out\Release\update_notifier.exe.pdb

Imports

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_Replace
ImageList_SetBkColor
ord17
ord380
ord381

advapi32

CreateProcessAsUserW
CreateWellKnownSid
EventRegister
EventSetInformation
EventUnregister
EventWrite
GetTokenInformation
GetUserNameW
InitializeSecurityDescriptor
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetEntriesInAclW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

oleaut32

SafeArrayCreate
SafeArrayDestroy
SafeArrayGetVartype
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayUnlock
SysAllocString
SysFreeString
SysStringLen
VarBstrFromCy
VariantClear
VariantInit

shell32

CommandLineToArgvW
DragFinish
DragQueryFileW
DragQueryPoint
ExtractIconExW
ExtractIconW
ord680
SHGetFolderPathW
SHGetKnownFolderPath
ShellExecuteExW
Shell_NotifyIconW

user32

AllowSetForegroundWindow
AnimateWindow
AppendMenuW
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
ChangeDisplaySettingsExW
CharUpperW
CheckMenuItem
CheckMenuRadioItem
ChildWindowFromPointEx
ClientToScreen
CopyRect
CreateDialogIndirectParamW
CreateDialogParamW
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DeferWindowPos
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawFocusRect
DrawFrameControl
DrawIconEx
DrawMenuBar
DrawStateW
DrawTextW
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndPaint
EnumDisplayMonitors
EnumDisplaySettingsW
EnumWindows
FillRect
FindWindowExW
FlashWindowEx
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassNameW
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgItem
GetDoubleClickTime
GetFocus
GetIconInfo
GetKeyState
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoW
GetParent
GetProcessDefaultLayout
GetQueueStatus
GetScrollInfo
GetSubMenu
GetSysColor
GetSystemMenu
GetSystemMetrics
GetUpdateRgn
GetWindow
GetWindowDC
GetWindowLongPtrW
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
InsertMenuW
InvalidateRect
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
MapVirtualKeyW
MapWindowPoints
MessageBoxW
ModifyMenuW
MonitorFromPoint
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassExW
RegisterClassW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
ScrollWindow
SendMessageW
SetActiveWindow
SetCapture
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetMenuInfo
SetMenuItemInfoW
SetParent
SetProcessDPIAware
SetRect
SetRectEmpty
SetScrollInfo
SetTimer
SetWindowLongPtrW
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
ValidateRect
VkKeyScanW
WindowFromPoint

wininet

HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestW
InternetCloseHandle
InternetConnectA
InternetErrorDlg
InternetOpenW
InternetQueryOptionW
InternetReadFile
InternetSetOptionW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

ws2_32

WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAResetEvent
WSAStartup
accept
closesocket
getsockname
ioctlsocket
recv
recvfrom
sendto
shutdown

kernel32

AcquireSRWLockExclusive
AllocConsole
AssignProcessToJobObject
AttachConsole
CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateProcessW
CreateThread
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FillConsoleOutputCharacterW
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FindResourceW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetProductInfo
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPreferredUILanguages
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetModuleInformation
K32QueryWorkingSetEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenEventW
OutputDebugStringA
OutputDebugStringW
PostQueuedCompletionStatus
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleOutputCharacterA
ReadConsoleW
ReadFile
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
RemoveDirectoryW
ResetEvent
ResumeThread
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCursorPosition
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointerEx
SetHandleInformation
SetLastError
SetStdHandle
SetThreadInformation
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
lstrlenA

ole32

CLSIDFromString
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoRegisterInitializeSpy
CoRevokeInitializeSpy
CoTaskMemFree
CoUninitialize
OleInitialize
OleLockRunning
OleRun
OleSetContainedObject
OleUninitialize

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptMsgClose
CryptMsgGetParam
CryptQueryObject

webservices

WsCreateError
WsCreateReader
WsFreeError
WsGetErrorProperty
WsGetErrorString
WsGetReaderNode
WsReadNode
WsSetInput

wintrust

WinVerifyTrust

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

PathMatchSpecW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

gdi32

Arc
BitBlt
CombineRgn
CreateBitmap
CreateBitmapIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHatchBrush
CreatePatternBrush
CreatePen
CreateRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtSelectClipRgn
ExtTextOutW
GdiFlush
GetBkColor
GetCharABCWidthsW
GetClipBox
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetGraphicsMode
GetLayout
GetObjectType
GetObjectW
GetOutlineTextMetricsW
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextMetricsW
GetViewportExtEx
GetWindowExtEx
LPtoDP
LineTo
MaskBlt
MoveToEx
OffsetRgn
Pie
PolyPolygon
Polygon
Polyline
PtInRegion
RectInRegion
Rectangle
RoundRect
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetBrushOrgEx
SetLayout
SetMapMode
SetPixel
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StretchBlt
StretchDIBits

uxtheme

CloseThemeData
DrawThemeBackground
DrawThemeParentBackground
GetThemeBackgroundContentRect
GetThemeColor
GetThemeMargins
GetThemePartSize
IsAppThemed
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemePartDefined
OpenThemeData

msimg32

AlphaBlend
GradientFill

rpcrt4

UuidCreate

ntdll

NtClose
NtOpenKeyEx
NtQueryValueKey
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
RtlInitUnicodeString

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 629KB - Virtual size: 629KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 224B

.tls
Size: 512B - Virtual size: 473B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LZMADEC
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e34aae5457bf58d8d7582a0b76d6dd00

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

advapi32

dbghelp

oleaut32

shell32

user32

wininet

winmm

ws2_32

kernel32

ole32

crypt32

webservices

wintrust

userenv

shlwapi

version

gdi32

uxtheme

msimg32

rpcrt4

ntdll

api-ms-win-core-winrt-l1-1-0

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 629KB - Virtual size: 629KB

.data Size: 63KB - Virtual size: 156KB

.pdata Size: 84KB - Virtual size: 83KB

.00cfg Size: 512B - Virtual size: 48B

.gxfg Size: 14KB - Virtual size: 14KB

.retplne Size: 512B - Virtual size: 224B

.tls Size: 512B - Virtual size: 473B

LZMADEC Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 348B

malloc_h Size: 512B - Virtual size: 228B

.rsrc Size: 261KB - Virtual size: 261KB

.reloc Size: 596KB - Virtual size: 600KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 629KB - Virtual size: 629KB

.data
Size: 63KB - Virtual size: 156KB

.pdata
Size: 84KB - Virtual size: 83KB

.00cfg
Size: 512B - Virtual size: 48B

.gxfg
Size: 14KB - Virtual size: 14KB

.retplne
Size: 512B - Virtual size: 224B

.tls
Size: 512B - Virtual size: 473B

LZMADEC
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 348B

malloc_h
Size: 512B - Virtual size: 228B

.rsrc
Size: 261KB - Virtual size: 261KB

.reloc
Size: 596KB - Virtual size: 600KB