2024-02-14_37aca3defbb370acd102d969a84d5525_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-14_37aca3defbb370acd102d969a84d5525_ryuk
Size

410KB
MD5

37aca3defbb370acd102d969a84d5525
SHA1

9d77f1335915f501589911147d2a5cb6f4ef99bc
SHA256

e51658dd1d62e78d9e4b7d4beff58a72ff3275398d8ac7144c64655760bca71a
SHA512

82c8450a3bd6b7cfb292b809ad4b3647ed85e97b8236aad255906b91de89e95bdd572d942d4e791ff88030a6b26c0854af823234782f5b4c045e2fc8f84c96b1
SSDEEP

6144:3U4rghY293F7sKHZShCql2vR3hYxaN3o/7VQrTtwDF2DTy9Nc:E4UrhsgZSqp3hY0N39hW4W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-14_37aca3defbb370acd102d969a84d5525_ryuk

Files

2024-02-14_37aca3defbb370acd102d969a84d5525_ryuk
.exe windows:5 windows x64 arch:x64

c97466eac2dabaab30c259cf70789851

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteConsoleW
SetFilePointerEx
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
LCMapStringW
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
GetFileType
GetStringTypeW
GetACP
WriteFile
GetStdHandle
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwindEx
RtlPcToFileHeader
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExW
lstrcmpiW
FindResourceW
LoadResource
MultiByteToWideChar
GetModuleFileNameW
GetCurrentProcess
VirtualProtect
WriteProcessMemory
SizeofResource
GetLogicalDriveStringsW
lstrcmpW
FreeLibrary
GetCurrentProcessId
LoadLibraryW
GetModuleHandleW
GetProcAddress
DeleteFileW
GetVersionExW
GetCurrentThreadId
FindClose
LeaveCriticalSection
lstrlenW
FindNextFileW
GetFullPathNameW
SetEndOfFile
EnterCriticalSection
SetLastError
FindFirstFileW
GetDriveTypeW
CloseHandle
CreateFileW
DeviceIoControl
GetVolumeInformationW
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount

user32

CallWindowProcW
PostMessageW
MonitorFromPoint
GetFocus
InflateRect
FillRect
ScreenToClient
CallNextHookEx
GetMessagePos
GetWindowLongPtrW
RegisterClassExW
CharLowerW
GetKeyState
DefWindowProcW
TranslateMessage
GetWindowTextW
UpdateWindow
GetParent
SystemParametersInfoW
GetDlgItem
GetClientRect
MapWindowPoints
DispatchMessageW
CreateDialogParamW
GetMessageW
MessageBeep
WindowFromPoint
OffsetRect
GetMenuDefaultItem
DestroyIcon
SetMenuItemInfoW
PeekMessageW
FrameRect
SetMenuDefaultItem
GetDlgCtrlID
GetMonitorInfoW
GetSysColor
IsWindowEnabled
UnhookWindowsHookEx
SetFocus
CharNextW
LoadCursorW
GetClassNameW
GetWindowDC
SetWindowsHookExW
SetRectEmpty
TrackPopupMenuEx
DrawTextW
GetSysColorBrush
DrawEdge
GetClassInfoExW
RegisterWindowMessageW
PtInRect
DrawFrameControl
InvalidateRect
GetCursorPos
GetMenuItemInfoW
GetSystemMenu
ModifyMenuW
LoadMenuW
GetMenuItemID
DestroyWindow
GetDC
IsWindowVisible
MessageBoxW
CheckRadioButton
SetActiveWindow
GetMenuItemCount
SetWindowLongPtrW
CreateWindowExW
GetSystemMetrics
GetSubMenu
GetActiveWindow
ShowWindow
SetTimer
IsDialogMessageW
IsMenu
DestroyMenu
GetMenuStringW
RemoveMenu
AppendMenuW
KillTimer
CheckDlgButton
PostQuitMessage
EnableMenuItem
DialogBoxParamW
SetForegroundWindow
LoadImageW
ReleaseDC
EnableWindow
RegisterDeviceNotificationW
GetWindowLongW
GetWindowTextLengthW
GetWindow
GetWindowRect
SetWindowPos
MonitorFromWindow
SendMessageW
EndDialog
UnregisterClassW
SetWindowTextW
IsWindow
GetWindowThreadProcessId

gdi32

SetBrushOrgEx
BitBlt
PatBlt
CreatePatternBrush
SetBkMode
SetBkColor
CreateBitmap
CreateCompatibleBitmap
SelectObject
CreateFontIndirectW
DeleteObject
GetObjectW
SetTextColor
DeleteDC
GetStockObject
GetCurrentObject
CreateDIBSection
CreateCompatibleDC

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW

shell32

Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW

ole32

CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx

oleaut32

VarUI4FromStr

shlwapi

StrChrW

comctl32

ImageList_AddMasked
ImageList_GetImageCount
ImageList_Create
ImageList_Destroy
ImageList_Remove
ImageList_DrawEx
InitCommonControlsEx
ImageList_Draw
ImageList_DrawIndirect

dbghelp

ImageDirectoryEntryToData

Sections

.text
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c97466eac2dabaab30c259cf70789851

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

dbghelp

Sections

.text Size: 211KB - Virtual size: 210KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 11KB - Virtual size: 11KB

.gfids Size: 512B - Virtual size: 236B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 211KB - Virtual size: 210KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 11KB - Virtual size: 11KB

.gfids
Size: 512B - Virtual size: 236B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 2KB - Virtual size: 1KB