2024-03-15_a8bc2762bf643709e0df89364d708e39_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-15_a8bc2762bf643709e0df89364d708e39_ryuk
Size

7.5MB
MD5

a8bc2762bf643709e0df89364d708e39
SHA1

07728e35594607f91eee87c02961ebf649c90113
SHA256

fda622846265181200c64e6b2c095996552fe6942e8699712591b60a699516a0
SHA512

610382c7c2359551f17ee21d9a511d69bfd450dec170a2b4aecea4e81c1aaec24b6cac968add8617e77ccf8fb6fd803112dc1ac62ac93b1021d3b9499cb63490
SSDEEP

196608:+QmDn+ulg+GKjEi2Z24CRSHEfqC7XBECgEkDft+:cD+uVZz2rT+qKXCvEkjt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-15_a8bc2762bf643709e0df89364d708e39_ryuk

Files

2024-03-15_a8bc2762bf643709e0df89364d708e39_ryuk
.exe windows:5 windows x64 arch:x64

84b36b50db49b3c608d6e49ef1b1d453

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\kjk\src\sumatrapdf\rel64\SumatraPDF.pdb

Imports

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_GetIconSize
CreatePropertySheetPageW
ord412
ord410
ord413
InitCommonControlsEx
ImageList_Destroy

gdiplus

GdipGetImageWidth
GdipDeleteRegion
GdipCreateBitmapFromGraphics
GdipGetClip
GdipCreateFromHDC
GdipSetClipRegion
GdipCreateRegion
GdipDrawRectangleI
GdipGetImageHeight
GdipTranslateWorldTransform
GdipFillEllipseI
GdipScaleWorldTransform
GdipSetStringFormatFlags
GdipSetStringFormatMeasurableCharacterRanges
GdipDeleteStringFormat
GdipGetImageEncodersSize
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipBitmapLockBits
GdipBitmapSetResolution
GdipGetStringFormatFlags
GdipCloneBitmapAreaI
GdipMeasureCharacterRanges
GdipDeleteBrush
GdipCreateLineBrushFromRect
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteFontFamily
GdipSetCompositingQuality
GdipCreateFontFamilyFromName
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipSetSmoothingMode
GdipCreateFont
GdipSetPageUnit
GdipDrawImageI
GdipGetGenericFontFamilySansSerif
GdipFree
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipCreatePen2
GdipDeletePen
GdipDrawLineI
GdipTransformPath
GdipDeletePath
GdiplusShutdown
GdipGetRegionBounds
GdipCreateBitmapFromStream
GdipScaleMatrix
GdipRotateMatrix
GdipBitmapUnlockBits
GdipCreateMatrix
GdipSetPropertyItem
GdipCreateHBITMAPFromBitmap
GdipGetImageHorizontalResolution
GdipGetFamilyName
GdipSetPenDashOffset
GdipDrawLine
GdipSetPenDashArray
GdipInvertMatrix
GdipSetWorldTransform
GdipTransformMatrixPoints
GdipGetFamily
GdipGetPropertyItemSize
GdipDrawImageRectRectI
GdipImageGetFrameCount
GdipSetImageAttributesWrapMode
GdipImageSelectActiveFrame
GdipCreateImageAttributes
GdipCreatePen1
GdipAddPathLine
GdipCreatePath
GdipClosePathFigure
GdipStartPathFigure
GdipGetLogFontW
GdipFillRectangleI
GdipDisposeImageAttributes
GdipGetPropertyItem
GdipDrawRectangle
GdipDrawImageRectRect
GdipWindingModeOutline
GdipAddPathRectangleI
GdipSetCompositingMode
GdipStringFormatGetGenericDefault
GdipResetWorldTransform
GdipCreateFontFromDC
GdipCreatePath2
GdipSetSolidFillColor
GdipGetPointCount
GdipIsVisiblePathPointI
GdipCreateRegionPath
GdipAddPathLineI
GdipCreateFromHWND
GdiplusStartup
GdipSetPenMiterLimit
GdipFillPath
GdipFillRectangle
GdipDrawPath
GdipIsVisibleRectI
GdipSetStringFormatTrimming
GdipTransformPointsI
GdipDeletePathIter
GdipPathIterRewind
GdipCreateBitmapFromGdiDib
GdipGetDC
GdipReleaseDC
GdipCreateStringFormat
GdipCreatePathIter
GdipDrawString
GdipTranslateMatrix
GdipGetPathData
GdipSetStringFormatLineAlign
GdipAddPathEllipseI
GdipSetPenColor
GdipAddPathArcI
GdipCreateFontFromLogfontA
GdipPathIterNextMarkerPath
GdipSetPathMarker
GdipGetRegionHRgn
GdipSetInterpolationMode
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipSetClipRectI
GdipClonePath
GdipGetPathWorldBoundsI
GdipSetPenMode
GdipDeleteMatrix
GdipGetImageEncoders
GdipGetFontHeight

kernel32

FileTimeToLocalFileTime
FileTimeToDosDateTime
lstrcpynW
CreateEventA
SetCurrentDirectoryA
GetCurrentDirectoryA
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
ExitProcess
Sleep
UnmapViewOfFile
SetErrorMode
GetFullPathNameW
GetCommandLineW
GetSystemTimeAsFileTime
CopyFileW
GetModuleHandleW
MoveFileExW
LocalFree
CloseHandle
GetLastError
FormatMessageW
SetFileAttributesW
GetFileAttributesW
WaitForSingleObject
HeapSize
GetTimeZoneInformation
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetFullPathNameA
GetCurrentDirectoryW
FlushFileBuffers
SetEndOfFile
SetStdHandle
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
CreateProcessA
GetStringTypeW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetConsoleCtrlHandler
GetFileType
GetModuleHandleExW
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetUserDefaultUILanguage
SetUnhandledExceptionFilter
Module32NextW
GlobalMemoryStatusEx
HeapDestroy
Module32FirstW
HeapAlloc
GetSystemInfo
HeapReAlloc
GetLocaleInfoA
GetEnvironmentVariableA
HeapFree
HeapCreate
GlobalFree
SetThreadExecutionState
SystemTimeToFileTime
GetTickCount
GetLogicalDrives
GetDateFormatW
GetTimeFormatW
GlobalAddAtomW
GlobalDeleteAtom
SetFilePointer
GetACP
TryEnterCriticalSection
GetExitCodeProcess
GetEnvironmentVariableW
TerminateProcess
GetSystemTime
RaiseException
OpenThread
VirtualQuery
GetThreadContext
GetCurrentThread
CreateToolhelp32Snapshot
GetModuleHandleA
ResumeThread
SuspendThread
Thread32First
Thread32Next
OutputDebugStringA
GetModuleFileNameA
ReadDirectoryChangesW
QueueUserAPC
ResetEvent
CreateThread
SetEvent
CreateEventW
WaitForMultipleObjectsEx
CompareFileTime
CancelIo
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetFileTime
GetDriveTypeW
GetTempFileNameW
DeleteFileW
GetFileAttributesExW
GetFileInformationByHandle
GetVolumePathNameW
GetTempPathW
GetPrivateProfileIntW
GetShortPathNameW
GetLongPathNameW
WritePrivateProfileStringW
GetFileSizeEx
ReadFile
CreateDirectoryW
CreateFileW
WriteFile
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
SizeofResource
GetConsoleScreenBufferInfo
GetCurrentProcess
SetConsoleScreenBufferSize
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
GetVersionExW
LockResource
GlobalAlloc
LoadResource
FindResourceW
GetWindowsDirectoryW
GlobalLock
VerSetConditionMask
CreateProcessW
VerifyVersionInfoW
FormatMessageA
GlobalUnlock
AllocConsole
MulDiv
FindFirstFileW
FindNextFileW
FindClose
EncodePointer

user32

MoveWindow
GetForegroundWindow
GetSysColor
SetTimer
IsWindow
ShowWindow
GetScrollPos
CharLowerBuffW
GetParent
UpdateWindow
GetAncestor
IsIconic
IsCharUpperW
SetMenu
DestroyMenu
SetFocus
SetWindowLongW
GetClientRect
IsZoomed
GetSystemMetrics
PostQuitMessage
ScreenToClient
CreateWindowExW
MessageBoxW
SetWindowPos
IsWindowVisible
DestroyWindow
GetFocus
GetWindowRect
MapVirtualKeyW
ShowScrollBar
GetKeyState
DefWindowProcW
SetScrollInfo
GetWindowLongW
SetParent
LoadCursorW
FindWindowW
LoadIconW
TranslateMessage
TranslateAcceleratorW
LoadBitmapW
DispatchMessageW
LoadAcceleratorsW
RegisterClassExW
FindWindowExW
AllowSetForegroundWindow
GetMessageW
GetWindowThreadProcessId
GetPropW
SendMessageW
KillTimer
SetPropW
RemovePropW
wsprintfA
GetMenuItemInfoW
GetSystemMenu
GetMenuItemCount
OffsetRect
SetMenuDefaultItem
DrawEdge
DrawFrameControl
ModifyMenuW
CheckMenuRadioItem
GetMenuItemID
GetMenu
InsertMenuW
CreatePopupMenu
TrackPopupMenu
AppendMenuW
CreateMenu
GetMessagePos
RedrawWindow
GetCursor
GetScrollInfo
CharLowerW
InvalidateRgn
ValidateRect
GetUpdateRect
HideCaret
SetClassLongPtrW
ShowCaret
LoadImageW
SetActiveWindow
GetWindowTextLengthW
ReuseDDElParam
ShowWindowAsync
MessageBeep
IsWindowUnicode
UnpackDDElParam
CallWindowProcW
GetWindow
CheckRadioButton
EndDialog
SetDlgItemTextW
MapWindowPoints
SendDlgItemMessageW
DialogBoxIndirectParamW
IsDlgButtonChecked
InvalidateRect
EndPaint
BeginPaint
GetCursorPos
SetCursor
ReleaseDC
SetForegroundWindow
DdeFreeStringHandle
SystemParametersInfoW
EnableMenuItem
DdeDisconnect
GetDesktopWindow
DrawTextW
CheckMenuItem
RemoveMenu
SetClipboardData
EndDeferWindowPos
GetWindowDC
DdeFreeDataHandle
DdeClientTransaction
DdeUninitialize
DdeInitializeW
EmptyClipboard
SetMenuItemInfoW
CloseClipboard
ClientToScreen
GetMonitorInfoW
GetWindowInfo
DdeConnect
DdeCreateStringHandleW
OpenClipboard
BeginDeferWindowPos
EnumDisplayMonitors
MonitorFromWindow
MonitorFromRect
CopyImage
GetDC
AdjustWindowRectEx
DeferWindowPos
TrackMouseEvent
GetWindowLongPtrW
FillRect
SetWindowLongPtrW
ReleaseCapture
SetCapture
GetCapture
SetLayeredWindowAttributes
PeekMessageW
PostMessageW
IsCharAlphaNumericW
EnableWindow
DialogBoxParamW
CheckDlgButton
GetDlgItem

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
CreateCompatibleDC
SetGraphicsMode
CreateBitmap
CreatePatternBrush
PatBlt
GetDIBits
GetDeviceCaps
DeleteDC
GetTextExtentPoint32W
SetBkMode
LineTo
GetObjectW
SetDIBits
MoveToEx
SetWorldTransform
ExtTextOutW
SetROP2
SetLayout
CreateRoundRectRgn
TextOutW
SelectClipRgn
RoundRect
GetClipBox
CreateRectRgn
SetViewportOrgEx
ExcludeClipRect
ExtSelectClipRgn
StartPage
AbortDoc
EndDoc
CreateDCW
SetMapMode
StartDocW
EndPage
SetStretchBltMode
StretchBlt
DeleteObject
GetStockObject
SetTextColor
CreateSolidBrush
SetBkColor
CreatePen
Rectangle
GetObjectA
IntersectClipRect
SetBrushOrgEx
CreateFontIndirectW

comdlg32

PrintDlgExW
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

shell32

ShellExecuteExW
SHGetFileInfoW
SHAddToRecentDocs
DragAcceptFiles
SHChangeNotify
SHGetFolderPathW
SHBindToParent
SHGetDesktopFolder
DragQueryFileW
DragFinish

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleUninitialize
ReleaseStgMedium
CoGetMalloc
OleInitialize

msimg32

GradientFill

shlwapi

PathIsNetworkPathW
SHDeleteKeyW
SHSetValueW
SHGetValueW
StrStrW
StrStrIW
StrRStrIW
SHDeleteValueW
ord219
PathAppendW
PathIsRelativeW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetConnectW
HttpSendRequestA
HttpOpenRequestW
InternetSetOptionW
InternetReadFile

winspool.drv

GetPrinterW
DocumentPropertiesW
ClosePrinter
DeviceCapabilitiesW
ord203
OpenPrinterW

advapi32

RegQueryValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
RegSetKeySecurity
RegCloseKey
SetSecurityDescriptorDacl
RegEnumKeyW

oleaut32

SysAllocString
SafeArrayPutElement
VariantClear
SysFreeString
SafeArrayCreateVector
VariantInit

urlmon

CoInternetGetSession

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data:
Size: 733KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84b36b50db49b3c608d6e49ef1b1d453

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

gdiplus

kernel32

user32

gdi32

comdlg32

shell32

ole32

msimg32

shlwapi

version

wininet

winspool.drv

advapi32

oleaut32

urlmon

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.data: Size: 733KB - Virtual size: 733KB

.rdata Size: 2.9MB - Virtual size: 2.9MB

.data Size: 142KB - Virtual size: 204KB

.pdata Size: 145KB - Virtual size: 144KB

.gfids Size: 512B - Virtual size: 276B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 48B

.rsrc Size: 140KB - Virtual size: 139KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.data:
Size: 733KB - Virtual size: 733KB

.rdata
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 142KB - Virtual size: 204KB

.pdata
Size: 145KB - Virtual size: 144KB

.gfids
Size: 512B - Virtual size: 276B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 48B

.rsrc
Size: 140KB - Virtual size: 139KB

.reloc
Size: 592KB - Virtual size: 596KB