2024-03-12_b4bf8a05a028956e02fff9923bf2d20a_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-12_b4bf8a05a028956e02fff9923bf2d20a_ryuk
Size

13.5MB
MD5

b4bf8a05a028956e02fff9923bf2d20a
SHA1

012c6d03ee06edb1849f8e77216c378f82fd7235
SHA256

d830b0195f9768e39fe8133697126eea7ee713162506b4f1ed3678b7af63143a
SHA512

f5fd472dac2f54cc3c48e1e8a51dec45f94605e27480bcd80f86cb75db54295a98504d4be88f284e8d519ef13e1090720b862b0437b4f6a79bf44eeac3841d96
SSDEEP

49152:IF/XLSy4WiyekyIJ6vtO2x5EK2FHP6dJx6nbh8s0+z9d29vjB87Otbjeo47pLLIh:I50Ft2K3a7L7pLLILSh/uxXrcVmMQR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-12_b4bf8a05a028956e02fff9923bf2d20a_ryuk

Files

2024-03-12_b4bf8a05a028956e02fff9923bf2d20a_ryuk
.exe windows:6 windows x64 arch:x64

f26c032a4fa8c7fc97b7d090b50b2f30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r390\r391_33\drivers\ui\Sedona\Sedona\x64\Release\bin\nvCplUI.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

UuidFromStringW

gdiplus

GdipSetStringFormatAlign
GdipGetDpiY
GdipGetFontHeightGivenDPI
GdipLoadImageFromStream
GdipDeleteStringFormat
GdipGetLogFontW
GdipDisposeImage
GdiplusStartup
GdipGetFontHeight
GdipDrawImageRectI
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipCreateFontFromLogfontW
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCloneImage
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageDimension
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdipFree
GdipAlloc
GdipGetImageGraphicsContext

wtsapi32

WTSRegisterSessionNotification
WTSQueryUserToken
WTSUnRegisterSessionNotification

shlwapi

StrFormatKBSizeW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFileExistsW
SHSetValueW
PathRemoveFileSpecW
SHGetValueW

comctl32

ord17
ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_ReplaceIcon
InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

kernel32

CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
SearchPathW
GetTempPathW
GetProfileIntW
FileTimeToLocalFileTime
GetFileAttributesExW
LocalFileTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GlobalFlags
InitializeCriticalSection
TlsAlloc
DuplicateHandle
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
GetSystemDefaultUILanguage
VirtualProtect
SetErrorMode
lstrcpyW
GetCurrentDirectoryW
GetWindowsDirectoryW
Sleep
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GlobalGetAtomNameW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFileSize
FlushFileBuffers
DeleteFileW
GetUserDefaultLCID
SystemTimeToFileTime
ReplaceFileW
SetFileTime
GetTempFileNameW
GetFileTime
GetDiskFreeSpaceW
ResumeThread
SetThreadPriority
CreateEventW
CopyFileW
GlobalSize
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
GetModuleHandleExW
EncodePointer
OutputDebugStringA
LoadLibraryExA
ExpandEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetStringTypeExW
IsProcessorFeaturePresent
MoveFileW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
GetStringTypeW
LCMapStringW
GetCPInfo
FormatMessageA
VerifyVersionInfoW
lstrcmpA
CreateProcessW
GetFullPathNameW
VerSetConditionMask
GetModuleHandleExA
FreeResource
FindResourceExW
GetVersionExW
OpenMutexW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
WideCharToMultiByte
GetSystemTimeAsFileTime
GetProcessTimes
CreateEventA
WaitForSingleObjectEx
SetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
WriteFile
GetFileSizeEx
SetThreadUILanguage
SetThreadLocale
LocalAlloc
GetSystemDirectoryW
GetCurrentThread
GetCurrentProcess
DecodePointer
GetComputerNameW
GetLocalTime
CreateFileW
GetTickCount
CreateMutexW
ReleaseMutex
CreateDirectoryW
FindNextFileW
OutputDebugStringW
GetUserDefaultLangID
GetLocaleInfoW
lstrcpynW
lstrcmpW
CreateThread
OpenEventW
WaitForSingleObject
GetFileAttributesW
FindFirstFileW
FindClose
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
lstrcatW
lstrlenW
lstrcmpiW
MulDiv
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
RaiseException
GetCurrentThreadId
GetThreadLocale
IsBadReadPtr
GetSystemDefaultLCID
GetUserDefaultUILanguage
MultiByteToWideChar
FormatMessageW
LocalFree
FindResourceW
SizeofResource
LockResource
LoadResource
ProcessIdToSessionId
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
RemoveDirectoryW
SetFilePointerEx
DeviceIoControl
GetModuleHandleA
MoveFileExW
AreFileApisANSI
RtlPcToFileHeader
RtlUnwindEx
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
HeapQueryInformation
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
ExitProcess
GetACP
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
TlsGetValue

user32

HideCaret
EnableScrollBar
GetIconInfo
GetMenuDefaultItem
CreateMenu
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
PostThreadMessageW
MessageBeep
GetTabbedTextExtentW
IsClipboardFormatAvailable
GetAsyncKeyState
CopyImage
RealChildWindowFromPoint
UnionRect
LockWindowUpdate
MonitorFromPoint
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
ShowOwnedPopups
PostQuitMessage
IsZoomed
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
SendDlgItemMessageA
CharUpperW
MapVirtualKeyW
GetKeyNameTextW
GetMessageW
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
GetMenuState
GetMenuStringW
GetActiveWindow
CreateDialogIndirectParamW
CheckDlgButton
GetScrollInfo
GetLastActivePopup
GetTopWindow
EqualRect
MessageBoxW
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
DeferWindowPos
GetWindowPlacement
IsMenu
GetClassInfoExW
GetClassInfoW
GetMessageTime
GetMessagePos
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
SetRectEmpty
GetWindowThreadProcessId
GetShellWindow
PeekMessageW
DispatchMessageW
TranslateMessage
DrawFocusRect
GetUpdateRect
DestroyCursor
CallWindowProcW
SystemParametersInfoW
GetClassLongPtrW
GetDCEx
GetSystemMenu
ReleaseCapture
SetCapture
EndDeferWindowPos
BeginDeferWindowPos
MapWindowPoints
SendDlgItemMessageW
IsDlgButtonChecked
SetDlgItemTextW
EndDialog
SetWindowPos
GetDoubleClickTime
InvertRect
DrawIcon
SetParent
EnumDisplayDevicesW
EnumWindows
FindWindowExW
SetWindowTextW
SetForegroundWindow
GetDlgItem
IsIconic
OffsetRect
GetCursorPos
InflateRect
IsChild
GetClassNameW
GetKeyState
SetFocus
GetMenuItemInfoW
DeleteMenu
DestroyMenu
LoadMenuIndirectW
WindowFromPoint
ScreenToClient
EnumDisplayMonitors
EnumDisplaySettingsW
GetWindow
FindWindowW
GetDesktopWindow
SetRect
LockSetForegroundWindow
UpdateWindow
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
CreatePopupMenu
LoadMenuW
IsWindowEnabled
GetFocus
CharLowerW
GetNextDlgTabItem
DialogBoxParamW
CreateWindowExW
SendNotifyMessageW
wsprintfW
SetWindowLongW
GetWindowLongW
CopyRect
GetWindowTextLengthW
GetWindowTextW
DrawTextW
IsRectEmpty
EndPaint
BeginPaint
GetDlgCtrlID
RegisterClassW
DefWindowProcW
GetParent
NotifyWinEvent
SetLayeredWindowAttributes
SetClassLongPtrW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
SetCursorPos
CopyIcon
FrameRect
WaitMessage
UpdateLayeredWindow
GetComboBoxInfo
GetKeyboardLayout
IntersectRect
SetCursor
TrackMouseEvent
WinHelpW
IsDialogMessageW
DestroyIcon
ReleaseDC
GetDC
GetSystemMetrics
CharNextW
GetDialogBaseUnits
CreateDialogParamW
ShowWindow
DestroyWindow
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
UnregisterClassW
DrawIconEx
LoadIconW
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
PtInRect
GetSysColorBrush
GetSysColor
ClientToScreen
RedrawWindow
SetWindowRgn
KillTimer
SetTimer
IsWindowVisible
RegisterClassExW
DrawFrameControl
MessageBoxExW
IsWindow
PostMessageW
InvalidateRect
SendMessageW
LoadBitmapW
RegisterWindowMessageW
GetMonitorInfoW
MonitorFromWindow
SetScrollInfo
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowRect
GetClientRect
SetScrollPos
ScrollWindow
EnableWindow
MoveWindow
SetMenuDefaultItem
DestroyAcceleratorTable
GetWindowRgn
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
CharUpperBuffW
FillRect
ModifyMenuW
LoadImageW
CreateAcceleratorTableW
SetWindowPlacement

gdi32

GetObjectW
GetDeviceCaps
GetBitmapDimensionEx
DeleteDC
SetWindowOrgEx
GetPixel
StretchBlt
SelectObject
SetWindowExtEx
SetBitmapDimensionEx
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W
CombineRgn
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
FrameRgn
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetRectRgn
GetBkColor
CreateEllipticRgn
Ellipse
LPtoDP
CreateFontW
GetCharWidthW
StretchDIBits
SetViewportExtEx
StartPage
EndPage
AbortDoc
SetAbortProc
GetViewportOrgEx
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetWindowOrgEx
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
GetTextCharsetInfo
SetPixel
SetDIBColorTable
Polygon
Polyline
OffsetRgn
RoundRect
FillRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
TextOutW
MoveToEx
StartDocW
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
CreateCompatibleDC
CreateBitmap
LineTo
IntersectClipRect
GetWindowExtEx
EndDoc
BitBlt
GetObjectType
GetCurrentPositionEx
ExcludeClipRect
Escape
CreatePatternBrush
CreateHatchBrush
CopyMetaFileW
DPtoLP
SetMapMode
SetBkColor
GetMapMode
SetTextColor
CreateDIBSection
SetDIBitsToDevice
SetViewportOrgEx
Rectangle
PatBlt
CreatePen
CreateDCW
GetTextColor
ExtTextOutW
EnumFontFamiliesW
CreateRectRgnIndirect
OffsetWindowOrgEx
SetBkMode
GetClipBox
GetTextFaceW
CreateCompatibleBitmap
GetTextMetricsW
GetTextExtentPointW
GetCurrentObject
DeleteObject
CreatePolygonRgn
GetRgnBox
GetViewportExtEx

winspool.drv

GetJobW
ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumKeyW
SetFileSecurityW
GetFileSecurityW
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
TraceMessage
RegEnumValueW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
ImpersonateSelf
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RevertToSelf
ImpersonateLoggedOnUser
RegQueryValueW

shell32

ShellExecuteExW
ShellExecuteW
ExtractAssociatedIconW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHAddToRecentDocs
ExtractIconW
SHGetPathFromIDListW
SHGetFolderPathW
SHAppBarMessage
SHBrowseForFolderW
SHGetDesktopFolder
SHGetSpecialFolderLocation

ole32

CoDisconnectObject
DoDragDrop
RegisterDragDrop
CoUninitialize
CoInitializeEx
CoCreateGuid
CoInitialize
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CLSIDFromProgID
CoGetClassObject
ReleaseStgMedium
OleDuplicateData
StringFromCLSID
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoGetMalloc
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
OleLockRunning
RevokeDragDrop

oleaut32

OleCreateFontIndirect
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantClear
VariantInit
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocStringLen

oledlg

OleUIBusyW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

uxtheme

CloseThemeData
DrawThemeBackground
GetThemePartSize
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeText
DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
OpenThemeData

winmm

PlaySoundW

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 965KB - Virtual size: 965KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 640KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f26c032a4fa8c7fc97b7d090b50b2f30

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

rpcrt4

gdiplus

wtsapi32

shlwapi

comctl32

msimg32

setupapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

oledlg

oleacc

uxtheme

winmm

imm32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 965KB - Virtual size: 965KB

.data Size: 52KB - Virtual size: 103KB

.pdata Size: 128KB - Virtual size: 128KB

.gfids Size: 109KB - Virtual size: 108KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9.0MB - Virtual size: 9.0MB

.reloc Size: 640KB - Virtual size: 644KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 965KB - Virtual size: 965KB

.data
Size: 52KB - Virtual size: 103KB

.pdata
Size: 128KB - Virtual size: 128KB

.gfids
Size: 109KB - Virtual size: 108KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9.0MB - Virtual size: 9.0MB

.reloc
Size: 640KB - Virtual size: 644KB