2024-02-25_3548f252a14a9a2012169e3b41f01885_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-25_3548f252a14a9a2012169e3b41f01885_ryuk
Size

1.7MB
MD5

3548f252a14a9a2012169e3b41f01885
SHA1

4ebe5cc00a7d700293b451420a5c3d1930a12a00
SHA256

4e699502c3dff97b69b8e647ed4af29b30cede2fabc8816a7257560d71027383
SHA512

ffd91a28fb4e73fda53b06bc6e7f93ac905f06a4afeab3ec4264e38fb9614ac0eaac0e114914a7cf46e74b50ca91796c6630d83f35ab2dc77063da3ca3765f99
SSDEEP

49152:vz/fD6f5faFCI0J0FXPP0QogjVV/A6TeRlz:vznmfY0dKORR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-25_3548f252a14a9a2012169e3b41f01885_ryuk

Files

2024-02-25_3548f252a14a9a2012169e3b41f01885_ryuk
.exe windows:6 windows x64 arch:x64

dae707dd3032d9e58205acb7250647ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

opengl32

wglGetProcAddress
wglGetCurrentDC
glShadeModel
glScissor
glHint
glGetString
glColor3f
glVertex2f
glTexCoord2f
glOrtho
glBindTexture
glEnd
glClearColor
glBegin
glTexParameterf
glDepthMask
glViewport
glVertexPointer
glTexCoordPointer
glNormalPointer
glGetFloatv
glFogfv
glFogf
glDrawArrays
glColorPointer
glBlendFunc
glTexSubImage2D
glTexParameteri
glTexImage2D
glStencilOp
glStencilMask
glStencilFunc
glScalef
glPushMatrix
glPopMatrix
glPixelStorei
glMultMatrixf
glMatrixMode
glLoadMatrixf
glLoadIdentity
glGetTexLevelParameteriv
glGetIntegerv
glGetError
glGenTextures
glFrontFace
glEnableClientState
glEnable
glDisableClientState
glDisable
glDepthFunc
glDeleteTextures
glCullFace
glClearDepth
glClear
glTranslatef

glu32

gluPerspective
gluOrtho2D

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
RaiseException
CompareStringW
FreeLibrary
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
HeapReAlloc
GetModuleFileNameA
SetUnhandledExceptionFilter
GetModuleHandleW
GetLastError
GetModuleHandleA
GetProcAddress
LoadLibraryA
WideCharToMultiByte
SetEndOfFile
HeapSize
WriteConsoleW
CreateFileW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
LCMapStringW
GetLocaleInfoW
DeleteFileW
GetStringTypeW
RtlUnwindEx
FindFirstFileExA
FindClose
GetProcessHeap
GetTimeZoneInformation
GetStdHandle
WriteFile
GetCommandLineA
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetACP
GetCommandLineW
GetCPInfo

user32

SetWindowLongPtrA
GetWindowLongPtrA
CreateWindowExA
RegisterClassA
DefWindowProcA
PostMessageA
SendMessageA
RegisterWindowMessageA
EnumDisplaySettingsA
ScreenToClient
GetCursorPos
ShowCursor
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoSetProxyBlanket

oleaut32

SysFreeString
SysAllocString

sdl

SDL_GetWMInfo
SDL_Delay
SDL_KillThread
SDL_WaitThread
SDL_CreateThread
SDL_CondWait
SDL_CondBroadcast
SDL_CondSignal
SDL_DestroyCond
SDL_CreateCond
SDL_SemPost
SDL_SemWait
SDL_DestroySemaphore
SDL_CreateSemaphore
SDL_DestroyMutex
SDL_mutexV
SDL_mutexP
SDL_CreateMutex
SDL_PollEvent
SDL_JoystickGetButton
SDL_JoystickGetHat
SDL_JoystickGetAxis
SDL_JoystickEventState
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickNumAxes
SDL_JoystickOpen
SDL_JoystickName
SDL_NumJoysticks
SDL_ShowCursor
SDL_GetMouseState
SDL_GetKeyState
SDL_Quit
SDL_Init
SDL_GetTicks
SDL_WM_SetCaption
SDL_GL_SwapBuffers
SDL_GL_SetAttribute
SDL_SetVideoMode
SDL_GetVideoInfo
SDL_InitSubSystem
SDL_CloseAudio
SDL_UnlockAudio
SDL_LockAudio
SDL_PauseAudio
SDL_OpenAudio
SDL_GetError
SDL_SetModuleHandle
SDL_strlcpy
SDL_JoystickClose

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 162KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae707dd3032d9e58205acb7250647ae

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

glu32

kernel32

user32

advapi32

ole32

oleaut32

sdl

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 309KB - Virtual size: 309KB

.data Size: 162KB - Virtual size: 1.9MB

.pdata Size: 48KB - Virtual size: 48KB

.gfids Size: 512B - Virtual size: 364B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 32KB - Virtual size: 31KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 309KB - Virtual size: 309KB

.data
Size: 162KB - Virtual size: 1.9MB

.pdata
Size: 48KB - Virtual size: 48KB

.gfids
Size: 512B - Virtual size: 364B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 32KB - Virtual size: 31KB

.reloc
Size: 11KB - Virtual size: 10KB