2024-03-16_75f36f335613f622aff1c0a3635ae4f7_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-16_75f36f335613f622aff1c0a3635ae4f7_ryuk
Size

26.6MB
MD5

75f36f335613f622aff1c0a3635ae4f7
SHA1

a9449f40030ce4ca0a38c17c8c0907e59fc199ad
SHA256

c5ebaa52173afa1d6ee926f165a4877de20b3f915d57bf0989963a67d0192b41
SHA512

35030cd74fede5925cb3718114443099489df952655553f812355bc6340ae370aae607c82327d135cf0a849c238ea40b8b415189efde869581bdab1a5d9acb4c
SSDEEP

393216:gEwffYpVtR5lToFDKbc1k8QcwLzwXEUSfv3HOpZ0rodnfeGZ:P55fokDIDSfPI0raeGZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-16_75f36f335613f622aff1c0a3635ae4f7_ryuk

Files

2024-03-16_75f36f335613f622aff1c0a3635ae4f7_ryuk
.exe windows:5 windows x64 arch:x64

06fb6c9567e3472dc72aa3bc850e4f97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\zm\9.14\ProxyDll\7.2\11.12\k\KUAI\letsvpn\MQQAppearance\x64\Release\MQQAppearance.pdb

Imports

kernel32

GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetACP
ExitProcess
GetModuleFileNameA
GetStdHandle
GetFileType
ReadConsoleW
FindNextFileA
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
SetFilePointerEx
FindFirstFileExA
SetStdHandle
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
LocalUnlock
LocalLock
GetUserDefaultLCID
ReplaceFileW
GetDiskFreeSpaceW
SearchPathW
GetProfileIntW
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetTickCount
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetWindowsDirectoryW
FindResourceExW
lstrcpyW
GetStringTypeExW
MoveFileW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
GetCurrentDirectoryW
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
GetThreadLocale
SystemTimeToFileTime
FileTimeToSystemTime
GetAtomNameW
GlobalGetAtomNameW
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
lstrcmpA
GetVersionExW
GetCurrentThread
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
WaitForSingleObject
SetEvent
GetCurrentProcessId
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
WideCharToMultiByte
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalUnlock
GlobalLock
GlobalSize
SetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
CreateFileW
LoadLibraryA
lstrcatW
CloseHandle
WriteFile
GetProcAddress
GlobalFree
GlobalReAlloc
GlobalAlloc
FreeResource
lstrlenW
lstrlenA
LockResource
lstrcpyA
Sleep
MultiByteToWideChar
FindResourceW
SizeofResource
LoadResource
QueryPerformanceFrequency
WriteConsoleW

user32

DestroyIcon
DeleteMenu
GetDialogBaseUnits
GetAsyncKeyState
SetRectEmpty
SendDlgItemMessageA
CopyImage
RealChildWindowFromPoint
GetSysColorBrush
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
GetCursorPos
GetActiveWindow
TranslateMessage
MapVirtualKeyW
GetKeyNameTextW
GetWindowThreadProcessId
GetMenuItemInfoW
DestroyMenu
IntersectRect
LoadMenuW
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
EqualRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CharUpperW
WaitMessage
WindowFromPoint
SendMessageW
PostMessageW
EnableWindow
GetClientRect
GetParent
CallWindowProcW
DefWindowProcW
GetMessageTime
PeekMessageW
RegisterWindowMessageW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
FillRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
CharNextW
CopyAcceleratorTableW
InvalidateRgn
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
TrackMouseEvent
LoadImageW
GetMenuDefaultItem
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
RemoveMenu
InsertMenuW
ReuseDDElParam
RegisterClipboardFormatW
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
DrawFrameControl
GetMessageW
DispatchMessageW
GetMessagePos
IsChild
GetFocus
GetCapture
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetSystemMetrics
CreatePopupMenu
AppendMenuW
DrawTextW
UpdateWindow
InvalidateRect
SetCursor
GetCursor
ClientToScreen
ScreenToClient
GetSysColor
SetRect
CopyRect
InflateRect
OffsetRect
PtInRect
LoadCursorW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
FrameRect
ModifyMenuW
DrawStateW
GetTabbedTextExtentW
LoadBitmapW
SystemParametersInfoW
IsIconic
GetSystemMenu
DrawIcon
LoadIconW
UnregisterClassW
GetMenuStringW
UnionRect
PostThreadMessageW
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
GetDCEx
EnumChildWindows
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
SendNotifyMessageW
MonitorFromRect
InSendMessage
CreateMenu
WindowFromDC
GetWindowRgn
DestroyCursor
CopyIcon
SetCursorPos
IsZoomed
DrawEdge
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
SetWindowRgn
SetClassLongPtrW
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent

gdi32

GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
GetMapMode
ExcludeClipRect
SetRectRgn
DPtoLP
GetTextMetricsW
GetBkColor
GetTextColor
GetRgnBox
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
CreateFontW
GetCharWidthW
StretchDIBits
Rectangle
OffsetRgn
GetCurrentObject
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
PatBlt
DeleteObject
GetStockObject

msimg32

TransparentBlt
AlphaBlend

winspool.drv

GetJobW
ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegSetValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
SHAddToRecentDocs
ExtractIconW
SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteExW
SHAppBarMessage
SHBrowseForFolderW
SHGetMalloc
DragFinish
DragQueryFileW
ShellExecuteW
SHGetDesktopFolder
SHGetSpecialFolderLocation

comctl32

ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_AddMasked
ImageList_Draw
ImageList_GetIcon

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
PathFindExtensionW

uxtheme

GetCurrentThemeName
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetThemeSysColor

ole32

OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
PropVariantCopy
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleCreateLinkFromData
OleCreateStaticFromData
OleRun
CoInitializeEx
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
OleFlushClipboard
StringFromGUID2

oleaut32

VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
VarDecFromStr
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysReAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SafeArrayDestroy
RegisterTypeLi

oledlg

OleUIBusyW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipDrawImageRectI
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStreamICM

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22.1MB - Virtual size: 22.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06fb6c9567e3472dc72aa3bc850e4f97

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 22.1MB - Virtual size: 22.1MB

.pdata Size: 169KB - Virtual size: 168KB

.gfids Size: 138KB - Virtual size: 138KB

.giats Size: 512B - Virtual size: 28B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 22.1MB - Virtual size: 22.1MB

.pdata
Size: 169KB - Virtual size: 168KB

.gfids
Size: 138KB - Virtual size: 138KB

.giats
Size: 512B - Virtual size: 28B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 78KB - Virtual size: 78KB