2024-03-06_0d8b37fdb892a842d62af6d9254e48f4_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-06_0d8b37fdb892a842d62af6d9254e48f4_ryuk
Size

4.2MB
MD5

0d8b37fdb892a842d62af6d9254e48f4
SHA1

4e96dc2c46d2a3108a1480d78a96d243bf525f05
SHA256

aeddf36d7e9b5574c29c89411b2a4dba67669e62b981e3a49f1e358d8730ad6c
SHA512

a5acee55c99eb5117920f9d3f4d484daf6fa7ae243ce5042a9e4141dbfb086bb6d3e6cd3c65a7115b42999c39fae41861c3e43fbfb14ff5df0fc1a1c4052cf90
SSDEEP

49152:p7SebGhG1pgCzZVfhjoOc8hpB89INRS7TTxzEJTP6H+om4:ZSeFik1oxINRSnTpEt6H+o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-06_0d8b37fdb892a842d62af6d9254e48f4_ryuk

Files

2024-03-06_0d8b37fdb892a842d62af6d9254e48f4_ryuk
.exe windows:6 windows x64 arch:x64

9a0dec836d72f025b9dd11110f857aff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLocaleInfoW
CreateFileW
GetFileAttributesW
GetCurrentThreadId
ReleaseMutex
GetSystemDirectoryW
GetModuleHandleA
GetLogicalDriveStringsW
FormatMessageW
GetLastError
GetFileAttributesExW
OutputDebugStringW
TerminateThread
QueryPerformanceFrequency
DeleteFileW
LoadLibraryW
GetCurrentDirectoryW
SetCurrentDirectoryW
ReplaceFileW
ExitProcess
FreeLibrary
CopyFileW
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
IsDebuggerPresent
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
GlobalSize
GlobalAlloc
GlobalLock
GetCurrentProcessId
GlobalUnlock
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FindClose
SetFilePointer
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetProcessHeap
GetConsoleCP
GetOEMCP
IsValidCodePage
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
GetACP
FreeLibraryAndExitThread
ExitThread
CreateThread
GetTimeZoneInformation
LoadLibraryExW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
CreateMutexW
GetTempPathW
SetEndOfFile
FreeEnvironmentStringsW
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetModuleHandleExW
WriteFile
FindNextFileW
FindFirstFileW
GetVolumeInformationW
ReadFile
SetThreadAffinityMask
CreateDirectoryW
WideCharToMultiByte
DeleteCriticalSection
FindResourceW
LoadResource
LockResource
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SizeofResource
GetProcAddress
ResetEvent
CloseHandle
GetCurrentThread
SetEvent
Sleep
CreateEventW
WaitForSingleObject
SetThreadPriority
GetCurrentProcess
GetEnvironmentStringsW
HeapSize

user32

RegisterClassExW
GetDesktopWindow
IsWindow
MoveWindow
DefWindowProcW
DestroyWindow
SetWindowLongPtrW
GetWindowRect
GetWindow
CallWindowProcW
AttachThreadInput
GetWindowThreadProcessId
GetWindowTextW
TranslateMessage
SetFocus
EnumWindows
PeekMessageW
DispatchMessageW
GetFocus
CreateWindowExW
PostMessageW
UnregisterClassW
ReleaseDC
GetDC
SetWindowPos
EndPaint
BeginPaint
GetCursorPos
SetCursorPos
InvalidateRect
SetForegroundWindow
ReleaseCapture
GetParent
SystemParametersInfoW
EnableMenuItem
ShowCaret
UpdateLayeredWindow
SetWindowLongW
SetCursor
ToUnicode
SetClipboardData
SetCapture
DestroyCaret
LoadCursorW
FindWindowW
GetClipboardData
SetLayeredWindowAttributes
GetMessageTime
GetForegroundWindow
TrackMouseEvent
CreateCaret
IsChild
EmptyClipboard
SendMessageW
CloseClipboard
GetMessageW
GetWindowLongPtrW
OpenClipboard
GetAsyncKeyState
ShowWindow
GetActiveWindow
SetCaretPos
GetKeyboardState
DestroyCursor
GetWindowPlacement
WindowFromPoint
MessageBeep
SetWindowTextW
GetSystemMetrics
ScreenToClient
GetIconInfo
EnumDisplayMonitors
EnumChildWindows
MessageBoxW
IsWindowVisible
MapVirtualKeyW
GetMessagePos
GetUpdateRgn
GetMessageExtraInfo
GetSystemMenu
GetWindowLongW
GetCapture
RedrawWindow
DestroyIcon
GetWindowInfo
GetMonitorInfoW
CreateIconIndirect
SendMessageTimeoutW

gdi32

GetGlyphIndicesW
GetGlyphOutlineW
DeleteObject
RemoveFontMemResourceEx
SetMapMode
CreateFontIndirectW
GetOutlineTextMetricsW
GetObjectW
GetRegionData
SetMapperFlags
GetPixel
CreateRectRgnIndirect
StretchDIBits
CreateDIBSection
SetPixelFormat
SwapBuffers
ChoosePixelFormat
DeleteDC
GetDeviceCaps
GetTextMetricsW
CreateCompatibleDC
GetKerningPairsW
SelectObject
CombineRgn
CreateBitmap
RestoreDC
CreateRectRgn
SaveDC
ExcludeClipRect

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetMalloc
ExtractAssociatedIconW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

RevokeDragDrop
RegisterDragDrop
DoDragDrop
OleInitialize
OleUninitialize
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc

wininet

InternetReadFile
InternetSetOptionW
FtpOpenFileW
InternetCloseHandle
HttpSendRequestExW
HttpEndRequestW
InternetCrackUrlW
InternetSetFilePointer
HttpQueryInfoW
InternetWriteFile
HttpOpenRequestW
InternetConnectW
InternetOpenW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathStripToRootW

winmm

timeGetTime
timeBeginPeriod

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

opengl32

wglCreateContext
wglGetProcAddress
glTexParameteri
glDeleteTextures
glClearColor
glGetBooleanv
glDrawArrays
wglDeleteContext
glTexImage2D
glReadPixels
glDisable
wglMakeCurrent
glPixelStorei
glTexSubImage2D
glGetString
glGetError
glGetIntegerv
glClear
glBlendFunc
glScissor
glEnable
glGenTextures
glBindTexture
wglGetCurrentContext
wglShareLists
glViewport
glDrawElements

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a0dec836d72f025b9dd11110f857aff

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

wininet

version

shlwapi

winmm

imm32

opengl32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 67KB - Virtual size: 74KB

.pdata Size: 94KB - Virtual size: 94KB

.gfids Size: 1024B - Virtual size: 524B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 10KB - Virtual size: 9KB

.rsrc Size: 91KB - Virtual size: 91KB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 67KB - Virtual size: 74KB

.pdata
Size: 94KB - Virtual size: 94KB

.gfids
Size: 1024B - Virtual size: 524B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 91KB - Virtual size: 91KB

.reloc
Size: 30KB - Virtual size: 29KB