2024-02-24_26e6eed40071a90e07347f512737dd0b_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-24_26e6eed40071a90e07347f512737dd0b_ryuk
Size

3.8MB
MD5

26e6eed40071a90e07347f512737dd0b
SHA1

0fe63192e4594e3b37e6055016d8a942587a2a03
SHA256

2d3f49b124ae5676e627b580b89e9c110c687320f0fff558abda9aa153caf87a
SHA512

d8bf0eea35e9ba8cc7845ff22f403b5796308b1a05817a18fe630c3e270218191d7300bba4c36848e45cb6dcf20d24d705c8f8db1bd7c40111e330ee3c4fe041
SSDEEP

49152:3NCKNAmsWvlRCbTj2ViSyi9czK4i5ZPnxTuyipZtz8HEi0MIrYIqRGVkgkcA9OY:jNfF1jiNuIr/1kld

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-24_26e6eed40071a90e07347f512737dd0b_ryuk

Files

2024-02-24_26e6eed40071a90e07347f512737dd0b_ryuk
.exe windows:5 windows x64 arch:x64

856cab43e7754e9674b7953b03d0ca28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\sources\notepad-plus-plus\PowerEditor\bin64\npp.pdb

Imports

comctl32

ImageList_DragMove
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_SetIconSize
ord17
ImageList_AddMasked
ImageList_GetImageCount
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_Draw

shlwapi

PathStripPathW
PathAddExtensionW
PathIsDirectoryW
PathRemoveExtensionW
AssocQueryStringW
PathMatchSpecW
PathIsRelativeW
PathGetDriveNumberW
PathCompactPathExW
PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
PathAppendW

shell32

DragQueryPoint
CommandLineToArgvW
Shell_NotifyIconW
SHFileOperationW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
DragQueryFileW
DragFinish
ShellExecuteW
ord165
SHGetFolderPathW

dbghelp

ImageNtHeader

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CryptQueryObject
CertGetNameStringW
CertNameToStrW
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

wintrust

WinVerifyTrust

sensapi

IsDestinationReachableW
IsNetworkAlive

kernel32

GetFullPathNameW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
GetTimeFormatW
GetDateFormatW
GlobalLock
GlobalUnlock
GlobalAlloc
FormatMessageW
GetCurrentDirectoryW
LCMapStringW
LockResource
FreeLibrary
LoadResource
SizeofResource
lstrcmpiW
LoadLibraryExW
FindResourceW
GetCurrentThreadId
SetCurrentDirectoryW
CreateThread
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventW
CopyFileW
GetCurrentProcess
GetCurrentProcessId
LoadLibraryW
CreateFileW
GlobalSize
ReleaseMutex
Sleep
CreateMutexW
lstrcpynW
WaitForMultipleObjects
ExpandEnvironmentStringsW
GetSystemInfo
GetVersionExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateDirectoryW
GetACP
SetLastError
GetTempPathW
QueueUserAPC
SleepEx
WaitForSingleObjectEx
CancelIo
ReadDirectoryChangesW
RaiseException
RtlPcToFileHeader
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetLocaleInfoW
CompareStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
DecodePointer
EncodePointer
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
lstrcpyW
CompareFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetLongPathNameW
FindNextFileW
FindFirstFileW
GetFileAttributesW
lstrlenW
lstrcmpW
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GlobalFree
GetVersion
GetProcAddress
GetModuleHandleW
MulDiv
OutputDebugStringW
GetLastError
LocalFree
LocalAlloc
RtlUnwindEx
ReadFile
ExitProcess
GetModuleHandleExW
ExitThread
HeapAlloc
HeapFree
HeapReAlloc
GetStdHandle
WriteFile
GetFileType
GetConsoleMode
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
IsValidCodePage
GetOEMCP
GetProcessHeap
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
HeapSize
SetEndOfFile
GetLocalTime

user32

SystemParametersInfoW
TrackMouseEvent
GetCapture
SetRectEmpty
AppendMenuW
RegisterWindowMessageW
ShowCursor
CreateCursor
DestroyCursor
ScrollWindow
SetPropW
GetPropW
RemovePropW
SetScrollInfo
InsertMenuItemW
LoadStringW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetSubMenu
RemoveMenu
DestroyIcon
LoadIconW
GetDesktopWindow
PtInRect
WindowFromPoint
LockWindowUpdate
GetDCEx
mouse_event
SetDlgItemInt
LoadBitmapW
GetSysColorBrush
MapWindowPoints
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthW
TrackPopupMenu
FlashWindowEx
RegisterClassExW
UnregisterClassW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
ReleaseCapture
SetCapture
GetActiveWindow
GetDlgCtrlID
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetParent
GetCursorPos
RedrawWindow
InsertMenuW
EnableMenuItem
CheckMenuItem
DestroyMenu
CreatePopupMenu
CreateMenu
GetMenuState
ScreenToClient
EmptyClipboard
SetClipboardData
IsWindow
GetDlgItemInt
FrameRect
FillRect
DrawFocusRect
CreateDialogParamW
GetClassNameA
CreateDialogIndirectParamW
ClientToScreen
GetWindowRect
IsWindowVisible
ShowWindow
IsClipboardFormatAvailable
RegisterClipboardFormatW
GetClipboardData
ChangeClipboardChain
SetClipboardViewer
CloseClipboard
IsCharLowerW
IsCharAlphaNumericW
IsCharAlphaW
OpenClipboard
LoadCursorW
GetParent
GetWindowLongW
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
SetCursor
MessageBeep
GetClientRect
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
DrawTextExW
DrawTextW
GetMenu
GetSystemMetrics
ToAscii
GetKeyboardState
GetFocus
SetWindowPlacement
GetWindowPlacement
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageW
DrawFrameControl
DrawEdge
SetWindowPos
SetFocus
MoveWindow
DrawIconEx
LoadImageW
EnableWindow
GetKeyState
SendDlgItemMessageW
EndDialog
DialogBoxIndirectParamW
DialogBoxParamW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowTextW
GetDlgItemTextW
SetDlgItemTextW
SetDlgItemTextA
GetDlgItem
CallWindowProcW
SendMessageW
MessageBoxW
wsprintfW
FindWindowW
GetSysColor
CreateAcceleratorTableW
CharLowerW
CharUpperW
DrawIcon
GetDlgItemTextA
GetClassNameW
LoadMenuW
IsDialogMessageW
SetMenu
RealChildWindowFromPoint
GetMonitorInfoW
MonitorFromWindow
CheckMenuRadioItem
SetForegroundWindow
SetMenuItemInfoW
GetMenuItemInfoW
DeleteMenu
GetMenuItemCount
DrawMenuBar
GetMenuStringW
TranslateAcceleratorW
DestroyAcceleratorTable
IsZoomed
IsIconic
ModifyMenuW
InflateRect
GetMenuItemID
GetWindowTextW

gdi32

CreateBitmap
CreatePatternBrush
PatBlt
SetBrushOrgEx
EnumFontFamiliesExW
SetTextAlign
SetWindowOrgEx
GetDeviceCaps
CreateFontIndirectW
GetObjectW
SaveDC
RestoreDC
BitBlt
GetPixel
CreateHatchBrush
DeleteDC
StartDocW
EndDoc
StartPage
EndPage
ExtTextOutW
DPtoLP
GetTextExtentPointW
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
MoveToEx
LineTo
SetBkColor
GetTextMetricsW
SetTextColor
SetROP2
SetBkMode
SelectObject
Rectangle
GetTextExtentPoint32W
GetStockObject
GetROP2
DeleteObject
CreateSolidBrush
CreatePen
CreateFontW
OffsetWindowOrgEx
CreateFontA

comdlg32

PrintDlgW
GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

advapi32

RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
IsTextUnicode
RegCloseKey

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 735KB - Virtual size: 735KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

856cab43e7754e9674b7953b03d0ca28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

shell32

dbghelp

version

crypt32

wintrust

sensapi

kernel32

user32

gdi32

comdlg32

advapi32

ole32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 735KB - Virtual size: 735KB

.data Size: 41KB - Virtual size: 120KB

.pdata Size: 80KB - Virtual size: 79KB

.gfids Size: 4KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 681KB - Virtual size: 680KB

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 735KB - Virtual size: 735KB

.data
Size: 41KB - Virtual size: 120KB

.pdata
Size: 80KB - Virtual size: 79KB

.gfids
Size: 4KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 681KB - Virtual size: 680KB

.reloc
Size: 580KB - Virtual size: 584KB