2024-02-28_3ef36f827cd638bc1d29a23ca4f80dc3_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-28_3ef36f827cd638bc1d29a23ca4f80dc3_ryuk
Size

315KB
MD5

3ef36f827cd638bc1d29a23ca4f80dc3
SHA1

8eca8bc1b72fabbcc939898e5d625895800b6dfd
SHA256

895211eeb92b468d642bc51625b65bc2c733bb6214d91c0331585c549904dfff
SHA512

51b5198f6ebf2ad3bc6e4134a182f9c766defee143da95f69d81a0ff114d5b0766220a9ca0844795aabdf9857673a6324d1eb12d3fe0f7414261cc519f43b43b
SSDEEP

6144:wUP1/rpPUYBbHY6nfza1ORwiIG/4h9+IgnNz4+L:wCJrpPU8H3za4RwiNKvgnJ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-28_3ef36f827cd638bc1d29a23ca4f80dc3_ryuk

Files

2024-02-28_3ef36f827cd638bc1d29a23ca4f80dc3_ryuk
.exe windows:5 windows x64 arch:x64

a0af731e5932bc0a47100563e0398947

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Michal\Documents\Mercurial\HylaPrintMon\x64\Release_BRA\HylaPrintUI.pdb

Imports

kernel32

ReadFile
GetFileSize
lstrcpyW
SetFilePointer
GetModuleFileNameW
SetLastError
LocalFree
GetModuleHandleW
CreateEventW
FormatMessageW
SetEvent
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
RaiseException
WriteConsoleW
GetConsoleCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
WriteFile
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetStringTypeW
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
RtlUnwindEx
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetNamedPipeHandleState
WaitNamedPipeW
GetLastError
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
CreateFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
ReleaseSemaphore
DeleteFileW
InitializeCriticalSection
CreateSemaphoreW
WTSGetActiveConsoleSessionId
CloseHandle
GetCurrentThread
WideCharToMultiByte
EncodePointer
RtlPcToFileHeader
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetEndOfFile
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
lstrlenW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
CreateDirectoryW

user32

SendDlgItemMessageW
DestroyIcon
SendMessageW
GetDlgItem
EndDialog
DialogBoxParamW
SetClassLongPtrW
LoadIconW
SetWindowTextW
SetWindowLongPtrW
PostMessageW
CheckMenuRadioItem
GetSystemMenu
GetWindowTextW
ShowWindow
CallWindowProcW
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
LoadMenuW
GetSubMenu
SetMenuDefaultItem
GetCursorPos
ModifyMenuW
TrackPopupMenu
DestroyMenu
CreateWindowExW
GetClientRect
AppendMenuW
GetMenuItemInfoW
InvalidateRect
SetTimer
IsWindowEnabled
wsprintfW
KillTimer
EnableWindow
MessageBeep
GetWindowTextLengthW
GetParent
GetDesktopWindow
EnumChildWindows
CopyRect
OffsetRect
SetWindowPos
GetWindowRect
LoadImageW
SetDlgItemTextW
GetWindowLongW

gdi32

SetTextColor
SetBkMode
Rectangle
SetDCPenColor
SetDCBrushColor
GetStockObject
SelectObject
CreateSolidBrush
SetBkColor

advapi32

OpenThreadToken
DuplicateTokenEx
ImpersonateSelf
SetNamedSecurityInfoW
SetEntriesInAclW
ConvertStringSidToSidW
IsTextUnicode
RevertToSelf
GetTokenInformation

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
SHGetMalloc

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

wtsapi32

WTSSendMessageW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

select
closesocket
htons
freeaddrinfo
socket
getaddrinfo
WSAStartup
WSACleanup
send
WSAGetLastError
accept
inet_ntoa
gethostbyname
gethostname
getsockname
listen
bind
inet_addr
connect
htonl
recv

iphlpapi

GetAdaptersInfo

wldap32

ord27
ord41
ord208
ord26
ord36
ord147
ord127
ord140
ord73
ord88
ord12
ord329
ord14
ord219
ord145
ord301
ord167
ord97
ord224
ord13

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0af731e5932bc0a47100563e0398947

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wtsapi32

comctl32

version

ws2_32

iphlpapi

wldap32

Sections

.text Size: 205KB - Virtual size: 204KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 11KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 244B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 205KB - Virtual size: 204KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 11KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 244B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 2KB - Virtual size: 2KB