2024-02-17_58c6e0c0d6c4d0e35f0c0bdbec698960_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-02-17_58c6e0c0d6c4d0e35f0c0bdbec698960_ryuk
Size

19.3MB
MD5

58c6e0c0d6c4d0e35f0c0bdbec698960
SHA1

dacab29f5bb4ba25557b815128860e8fa7f0ae29
SHA256

e4eee16bd83498cb901dab64a155a81d030a43e49ad994f3c41948ee9b3f7ae3
SHA512

a13276aa06548807d1aebd12c639e2c22e97befe614cca10cca54173ee9f33b096a7a32cb5036d3c00a908bdb0c4887d4d415fe98b3e205b59d5c63ceebcfe90
SSDEEP

393216:Obq1Tm6RjnjreiiMQO6Bkgxx7PA7vXM6:E08SExW

Score

1^/10

Malware Config

Signatures

Files

2024-02-17_58c6e0c0d6c4d0e35f0c0bdbec698960_ryuk
.exe windows:6 windows x64 arch:x64

16ad4db17362cc262ca7e86e5194c697

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:d1:29:01:13:0a:c2:14:dc:27:8f:02
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-10-2023 13:34

Not After

29-12-2026 13:34

Subject

SERIALNUMBER=839 045 697,CN=HarfangLab SAS,O=HarfangLab SAS,STREET=55 rue La Boétie,L=Paris,ST=Île-de-France,C=FR,1.2.840.113549.1.9.1=#0c15636f6e746163744068617266616e676c61622e6672,1.3.6.1.4.1.311.60.2.1.3=#13024652,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:44

Not After

08-05-2033 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ce:81:d5:b0:9b:c8:ac:07:17:91:d5:f9:07:bd:cd:8c:62:a0:b7:4d:9a:92:96:28:ba:0c:3f:15:b6:93:4e:17
Signer

Actual PE Digest

ce:81:d5:b0:9b:c8:ac:07:17:91:d5:f9:07:bd:cd:8c:62:a0:b7:4d:9a:92:96:28:ba:0c:3f:15:b6:93:4e:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

X:\\output\\hurukai_ui.pdb

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AreFileApisANSI
CancelIoEx
CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateMutexW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DuplicateHandle
EncodePointer
EnterCriticalSection
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetQueuedCompletionStatusEx
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetTimeZoneInformation
GetUserDefaultLocaleName
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InitializeSRWLock
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OpenEventW
OutputDebugStringA
OutputDebugStringW
PostQueuedCompletionStatus
ProcessIdToSessionId
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetFilePointerEx
SetLastError
SetNamedPipeHandleState
SetStdHandle
SetThreadErrorMode
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VerSetConditionMask
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrlenW

user32

AdjustWindowRectEx
AppendMenuW
BeginPaint
CallWindowProcW
ChangeDisplaySettingsExW
CheckMenuItem
ClientToScreen
ClipCursor
CloseClipboard
CloseTouchInputHandle
CloseWindow
CreateAcceleratorTableW
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyAcceleratorTable
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawIconEx
DrawMenuBar
DrawTextW
EmptyClipboard
EnableMenuItem
EndPaint
GetActiveWindow
GetAsyncKeyState
GetClassInfoExW
GetClassNameW
GetClientRect
GetClipCursor
GetClipboardData
GetCursorPos
GetDC
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetMenu
GetMenuBarInfo
GetMenuItemInfoW
GetMessageW
GetMonitorInfoW
GetPropW
GetRawInputData
GetSystemMenu
GetSystemMetrics
GetTouchInputInfo
GetWindowDC
GetWindowLongPtrW
GetWindowLongW
GetWindowPlacement
GetWindowRect
InsertMenuW
InvalidateRect
InvalidateRgn
IsIconic
IsProcessDPIAware
KillTimer
LoadCursorW
MapVirtualKeyExW
MapVirtualKeyW
MapWindowPoints
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterRawInputDevices
RegisterTouchWindow
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
SendInput
SendMessageA
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetPropW
SetTimer
SetWindowDisplayAffinity
SetWindowLongPtrW
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextW
ShowCursor
ShowWindow
SystemParametersInfoA
ToUnicodeEx
TrackMouseEvent
TrackPopupMenu
TranslateMessage
ValidateRect
VkKeyScanW

gdi32

BitBlt
ChoosePixelFormat
CreateCompatibleDC
CreateDIBSection
CreateFontW
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
DescribePixelFormat
GetDeviceCaps
LineTo
MoveToEx
SelectObject
SetBkColor
SetPixelFormat
SetTextColor
SwapBuffers
TextOutW

dwmapi

DwmEnableBlurBehindWindow
DwmExtendFrameIntoClientArea
DwmIsCompositionEnabled

winmm

PlaySoundW

comctl32

DefSubclassProc
RemoveWindowSubclass
SetWindowSubclass

shell32

DragFinish
DragQueryFileW
SHCreateItemFromParsingName
SHGetKnownFolderPath
Shell_NotifyIconGetRect
Shell_NotifyIconW

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
OleInitialize
RegisterDragDrop
RevokeDragDrop

oleaut32

GetErrorInfo
SafeArrayCreateVector
SafeArrayPutElement
SetErrorInfo
SysAllocStringLen
SysFreeString
SysStringLen

ntdll

NtCancelIoFileEx
NtDeviceIoControlFile
NtReadFile
NtWriteFile
RtlGetNtVersionNumbers
RtlNtStatusToDosError
RtlVerifyVersionInfo

uxtheme

CloseThemeData
DrawThemeBackground
DrawThemeText
OpenThemeData
SetWindowTheme

opengl32

wglCreateContext
wglDeleteContext
wglGetCurrentContext
wglGetProcAddress
wglMakeCurrent
wglShareLists

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleInformation

uiautomationcore

UiaGetReservedNotSupportedValue
UiaHostProviderFromHwnd
UiaLookupId
UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent
UiaReturnRawElementProvider

imm32

ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow

Sections

.text
Size: 13.6MB - Virtual size: 13.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 551KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16ad4db17362cc262ca7e86e5194c697

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

18:d1:29:01:13:0a:c2:14:dc:27:8f:02Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

ce:81:d5:b0:9b:c8:ac:07:17:91:d5:f9:07:bd:cd:8c:62:a0:b7:4d:9a:92:96:28:ba:0c:3f:15:b6:93:4e:17Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

dwmapi

winmm

comctl32

shell32

ole32

oleaut32

ntdll

uxtheme

opengl32

psapi

uiautomationcore

imm32

Sections

.text Size: 13.6MB - Virtual size: 13.6MB

.rdata Size: 5.0MB - Virtual size: 5.0MB

.data Size: 34KB - Virtual size: 45KB

.pdata Size: 551KB - Virtual size: 550KB

.00cfg Size: 512B - Virtual size: 40B

.tls Size: 2KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 84KB - Virtual size: 83KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

18:d1:29:01:13:0a:c2:14:dc:27:8f:02
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

ce:81:d5:b0:9b:c8:ac:07:17:91:d5:f9:07:bd:cd:8c:62:a0:b7:4d:9a:92:96:28:ba:0c:3f:15:b6:93:4e:17
Signer

.text
Size: 13.6MB - Virtual size: 13.6MB

.rdata
Size: 5.0MB - Virtual size: 5.0MB

.data
Size: 34KB - Virtual size: 45KB

.pdata
Size: 551KB - Virtual size: 550KB

.00cfg
Size: 512B - Virtual size: 40B

.tls
Size: 2KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 84KB - Virtual size: 83KB