2024-02-28_5073e231d9d841c362235a8ec9c69c32_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-28_5073e231d9d841c362235a8ec9c69c32_ryuk
Size

15.1MB
MD5

5073e231d9d841c362235a8ec9c69c32
SHA1

e63e092fdcce050ff0c8038aa92261498fe0e6f8
SHA256

c1d74f3eb7050658c4d01162ed219c83086b5fa1b2eb6c5d6570220219cdb1b6
SHA512

fbceddc577dc3badcc0debaac8fc1fab4fadcb96a5d9a93f3bf3c8debe90e9058319175e7725a9436e6bce4d1a8c511d12bdc4eb84dbcae0e8d74ab43b848857
SSDEEP

98304:6gBuQ2wBrKJoKdEi4zXYv2aRW6HZucQc4t1Omsn8Y3NlaqfjLqmCOkr:TuQ2q+Jo+Ei4S2aRWLZc0If3vLvOr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-02-28_5073e231d9d841c362235a8ec9c69c32_ryuk

Files

2024-02-28_5073e231d9d841c362235a8ec9c69c32_ryuk
.exe windows:6 windows x64 arch:x64

bf3cba024c2023cb1df8e1c945d1a2be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Workspace\GB-Dev_Steam\ghost\test\ghost_w64_final.pdb

Imports

kernel32

VirtualQuery
GetModuleFileNameA
GetVersionExA
MulDiv
VirtualProtect
CreateSemaphoreW
TerminateThread
SetEndOfFile
HeapReAlloc
HeapSize
SetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetProcessHeap
MoveFileExW
DeleteFileW
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
SetConsoleCtrlHandler
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCurrentThread
HeapAlloc
HeapFree
WriteConsoleW
SystemTimeToTzSpecificLocalTime
GetFileType
GetFileInformationByHandle
FreeLibraryAndExitThread
ResumeThread
ExitThread
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
GetDriveTypeW
HeapWalk
HeapValidate
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ExitProcess
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateFileA
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExA
SetFileTime
CloseHandle
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
IsDBCSLeadByte
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GetSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
RaiseException
GetLastError
TryEnterCriticalSection
Sleep
CreateThread
GetCurrentThreadId
OpenThread
SetThreadPriority
GetLocalTime
GetCommandLineA
GetCommandLineW
ReadFile
OutputDebugStringA
DecodePointer
SetHandleInformation
CreatePipe
PeekNamedPipe
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseMutex
CreateMutexA
GetExitCodeProcess
CreateProcessA
OpenProcess
GlobalMemoryStatusEx
SetSystemTime
FreeLibrary
GetProcAddress
LoadLibraryA
LocalFree
FormatMessageA
GetComputerNameA
FileTimeToSystemTime
WideCharToMultiByte
GetUserDefaultLangID
K32EnumProcesses
K32EnumProcessModules
K32GetModuleBaseNameA
K32GetProcessMemoryInfo
CreateDirectoryW
CreateFileW
SetFilePointer
WriteFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetModuleHandleA
MultiByteToWideChar
VerSetConditionMask
OutputDebugStringW
VerifyVersionInfoW
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
ReleaseSemaphore
GetFileSizeEx
FlushFileBuffers
CreateSemaphoreA
GetSystemDirectoryA
RtlPcToFileHeader
EncodePointer
RtlUnwindEx
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
GetFullPathNameW
LoadLibraryExA

user32

BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDC
ReleaseDC
GetClientRect
MessageBoxA
GetSystemMetrics
GetMonitorInfoA
UpdateWindow
ShowWindow
CreateWindowExA
FillRect
GetDesktopWindow
SetScrollInfo
SendMessageA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetKeyState
SetWindowPos
AdjustWindowRectEx
GetWindowLongA
TranslateMessage
DispatchMessageA
PeekMessageA
DefWindowProcA
PostQuitMessage
RegisterClassA
UnregisterClassA
IsIconic
BringWindowToTop
GetKeyNameTextA
MapVirtualKeyA
TranslateAcceleratorA
SetForegroundWindow
GetWindowTextA
GetWindowRect
ShowCursor
SetCursor
ScreenToClient
ClipCursor
EnumWindows
GetClassNameA
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
LoadCursorA
LoadIconA
ChangeDisplaySettingsA
SetCursorPos
ClientToScreen
wsprintfW
DrawEdge
PostMessageA
IsWindow
DestroyWindow
CloseWindow
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsZoomed
SetFocus
GetActiveWindow
GetFocus
GetCapture
SetCapture
ReleaseCapture
EnableWindow
CopyAcceleratorTableA
GetMenu
CreatePopupMenu
GetMenuItemCount
AppendMenuA
GetMenuItemInfoA
SetActiveWindow
GetForegroundWindow
InvalidateRect
ValidateRect
SetWindowTextA
GetWindowTextLengthA
GetCursorPos
ChildWindowFromPointEx
OffsetRect
GetWindowLongPtrA
SetWindowLongPtrA
GetParent
SetParent
GetTopWindow
GetWindow
UnhookWindowsHookEx
MonitorFromRect
MonitorFromWindow
GetAncestor
CheckDlgButton
IsDlgButtonChecked
GetSysColor
DestroyIcon
CreateIconIndirect
GetIconInfo
DrawFrameControl
SetMenuItemInfoA
DrawTextA
DrawStateA
FrameRect
LoadImageA
DrawIconEx
CallWindowProcA
MoveWindow
CreateDialogParamA
DialogBoxParamA
EndDialog
GetDlgItem
GetDlgCtrlID
RedrawWindow
ScrollWindow
SetScrollPos
ShowScrollBar
SetCaretPos
GetCaretPos
MapWindowPoints

gdi32

CreateFontA
GetDIBits
DeleteObject
GetDeviceCaps
GetTextExtentPoint32A
GetStockObject
SetBkColor
SetTextColor
SetTextAlign
TextOutA
StretchDIBits
CreateCompatibleBitmap
SetBrushOrgEx
ExtTextOutA
PatBlt
CreatePatternBrush
CreateBitmap
SelectObject
SetBkMode
CreateSolidBrush

shell32

SHGetPathFromIDListA
SHGetMalloc
ord189
ShellExecuteA
CommandLineToArgvW
DragQueryFileA
DragQueryPoint
SHFileOperationA
SHGetFolderPathW
SHBrowseForFolderA
DragFinish

ole32

CLSIDFromString
CoCreateGuid
PropVariantClear
CoInitializeEx
CoSetProxyBlanket
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitializeSecurity

steam_api64

SteamAPI_UnregisterCallback
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_Init
SteamInternal_FindOrCreateUserInterface
SteamInternal_ContextInit
SteamAPI_GetHSteamUser

d3dcompiler_43

D3DReflect

netapi32

NetApiBufferFree
NetRemoteTOD

xinput1_3

ord2
ord3
ord4

dinput8

DirectInput8Create

winmm

timeGetDevCaps
waveOutGetDevCapsW
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutReset
timeGetTime
timeEndPeriod
timeBeginPeriod
waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveOutGetPosition
waveOutGetNumDevs
waveInGetNumDevs
waveInPrepareHeader
waveInClose
waveInOpen
waveInGetDevCapsW

ws2_32

listen
htons
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket
WSAStartup
WSACleanup
WSAGetLastError
htonl
__WSAFDIsSet
accept
bind
getsockname
closesocket
connect
ioctlsocket
getpeername
freeaddrinfo
getsockopt
ntohl
shutdown
WSAIoctl
getaddrinfo

msacm32

acmStreamPrepareHeader
acmStreamConvert
acmFormatSuggest
acmStreamOpen
acmStreamSize
acmStreamUnprepareHeader

dxgi

CreateDXGIFactory

d3d11

D3D11CreateDevice

comdlg32

GetOpenFileNameA
ChooseColorA
GetSaveFileNameA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
GetUserNameA

oleaut32

VariantInit
SysFreeString
VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysAllocString

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces

hid

HidP_GetCaps
HidP_GetValueCaps
HidD_GetAttributes
HidD_GetHidGuid
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetFeature
HidD_SetFeature
HidD_GetManufacturerString
HidD_GetProductString
HidD_GetSerialNumberString

Exports

Exports

SecuROM

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 421KB - Virtual size: 35.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf3cba024c2023cb1df8e1c945d1a2be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

steam_api64

d3dcompiler_43

netapi32

xinput1_3

dinput8

winmm

ws2_32

msacm32

dxgi

d3d11

comdlg32

advapi32

oleaut32

setupapi

hid

Exports

Exports

Sections

.text Size: 7.2MB - Virtual size: 7.2MB

.rdata Size: 6.6MB - Virtual size: 6.6MB

.data Size: 421KB - Virtual size: 35.1MB

.pdata Size: 377KB - Virtual size: 377KB

.tls Size: 16KB - Virtual size: 15KB

.gfids Size: 512B - Virtual size: 488B

_RDATA Size: 42KB - Virtual size: 41KB

.rsrc Size: 406KB - Virtual size: 405KB

.reloc Size: 96KB - Virtual size: 95KB

.text
Size: 7.2MB - Virtual size: 7.2MB

.rdata
Size: 6.6MB - Virtual size: 6.6MB

.data
Size: 421KB - Virtual size: 35.1MB

.pdata
Size: 377KB - Virtual size: 377KB

.tls
Size: 16KB - Virtual size: 15KB

.gfids
Size: 512B - Virtual size: 488B

_RDATA
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 406KB - Virtual size: 405KB

.reloc
Size: 96KB - Virtual size: 95KB