2024-04-09_d8194f8eaf61682f1323c690925f5f70_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-09_d8194f8eaf61682f1323c690925f5f70_ryuk
Size

2.8MB
MD5

d8194f8eaf61682f1323c690925f5f70
SHA1

9b81871c505393464cbcae1e784525515faf0d47
SHA256

f8faa16195751ba413b724c623a48d2abfbc37ea0c81b06f6fefb70c806edf33
SHA512

19dde8b0a19aa4bbf10e4a1fe510be15a71300fb4d5322dbe8e6cab516cd65ab66b44398bd2d7acd017198b5602589613a7a3c911f6b5af4d89f8e8c1572d893
SSDEEP

49152:NAmE0R+yofIs27qfb0NHY74Smz8zZMtOmmlJHVVIeSE6uf:NASReAy77ZFXHVVPS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-09_d8194f8eaf61682f1323c690925f5f70_ryuk

Files

2024-04-09_d8194f8eaf61682f1323c690925f5f70_ryuk
.exe windows:6 windows x64 arch:x64

7c1a2146a113507d7462c9d4e4135e3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Gitlab-Runner\builds\BRXjXj5X\0\scanner-sdk-windows\smartcarddll\scTest\x64\release\scTest.pdb

Imports

kernel32

IsValidCodePage
FindNextFileA
FindFirstFileExA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
GetStdHandle
GetEnvironmentStringsW
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
FindResourceExW
GetTempFileNameA
GetTempPathA
Sleep
GetProfileIntA
GetTickCount
SearchPathA
GetWindowsDirectoryA
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
GetCPInfo
GetOEMCP
VirtualProtect
VerifyVersionInfoA
VerSetConditionMask
GetVolumeInformationA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
CreateFileA
lstrcpyA
FileTimeToSystemTime
GetACP
DeleteFileA
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetSystemDirectoryW
EncodePointer
GlobalAddAtomA
ResumeThread
SetThreadPriority
WaitForSingleObject
SetEvent
CloseHandle
InitializeCriticalSectionAndSpinCount
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalSize
GetCurrentProcessId
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
FindResourceA
LoadLibraryW
GlobalFree
GlobalUnlock
GetModuleHandleExW
GetModuleFileNameW
FreeResource
SetLastError
OutputDebugStringA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleW
GetModuleHandleA
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetModuleFileNameA
FreeLibrary
GetVersionExA
GetCurrentThreadId
GetCurrentThread
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
LoadLibraryA
ExitProcess
GetProcAddress
CreateFileW

user32

DestroyMenu
UpdateLayeredWindow
IsRectEmpty
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuItemInfoA
CreatePopupMenu
NotifyWinEvent
MessageBeep
SetWindowRgn
GetSystemMenu
LoadMenuW
GetAsyncKeyState
CharUpperA
IsZoomed
TrackMouseEvent
GetSysColorBrush
OffsetRect
SetRectEmpty
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
SystemParametersInfoA
CopyImage
LoadCursorW
LoadCursorA
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
GetTopWindow
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
EqualRect
MapWindowPoints
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
EnableScrollBar
GetMessageTime
GetMessagePos
IsDialogMessageA
GetWindow
SetWindowLongA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
SetFocus
GetDlgCtrlID
LoadAcceleratorsA
CheckDlgButton
SetWindowPos
MoveWindow
ShowWindow
IntersectRect
InflateRect
CopyRect
GetClassNameA
InvalidateRect
UpdateWindow
DrawStateA
SetCursor
ShowOwnedPopups
ValidateRect
GetKeyState
IsWindowVisible
PeekMessageA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
LoadIconW
SendMessageA
IsIconic
GetSystemMetrics
GetClientRect
GetMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
PtInRect
GetCursorPos
GetWindowRect
GetFocus
FillRect
GetSysColor
LoadImageA
UnpackDDElParam
ReuseDDElParam
LoadImageW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawIconEx
SetRect
RegisterClipboardFormatA
DrawEdge
ModifyMenuA
UnionRect
MonitorFromPoint
DestroyIcon
SetLayeredWindowAttributes
EnumDisplayMonitors
MapDialogRect
DefWindowProcA
BringWindowToTop
DrawIcon
EnableWindow
UnregisterClassA
PostMessageA
PostQuitMessage
RegisterWindowMessageA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongA
GetDesktopWindow
GetParent
MessageBoxA
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
DrawFrameControl
DrawFocusRect
SetClassLongPtrA
SetParent
CharUpperBuffA
LockWindowUpdate
GetWindowRgn
SubtractRect
CreateMenu
GetUpdateRect
GetComboBoxInfo
MapVirtualKeyExA
IsCharLowerA
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
DestroyCursor
GetDoubleClickTime
IsClipboardFormatAvailable
InvertRect
HideCaret
GetIconInfo
GetNextDlgGroupItem
GetKeyNameTextA
PostThreadMessageA
FrameRect
CopyIcon
SetCursorPos
CopyAcceleratorTableA
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
MapVirtualKeyA
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
SendDlgItemMessageA

gdi32

GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectA
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateFontIndirectA
CreateRectRgnIndirect
GetClipBox
SetRectRgn
DPtoLP
GetTextExtentPoint32A
GetTextMetricsA
CreateRoundRectRgn
CreateCompatibleBitmap
CreateDIBSection
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
GetTextColor
GetRgnBox
OffsetRgn
CreateEllipticRgn
Ellipse
GetBkColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceA
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
CreateDCA
PatBlt
DeleteDC
CopyMetaFileA

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

DragFinish
DragQueryFileA
SHGetFileInfoA
SHGetDesktopFolder
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHAppBarMessage
ShellExecuteA

shlwapi

StrFormatKBSizeA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW

uxtheme

GetThemePartSize
GetThemeSysColor
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName

ole32

OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize

oleaut32

LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VariantCopy
VarBstrFromDate
SysAllocString
VariantClear
VariantInit
SysAllocStringByteLen
SysFreeString
SysAllocStringLen

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

winmm

PlaySoundA

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 611KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c1a2146a113507d7462c9d4e4135e3f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

oleacc

winmm

imm32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 611KB - Virtual size: 610KB

.data Size: 27KB - Virtual size: 71KB

.pdata Size: 84KB - Virtual size: 83KB

.gfids Size: 104KB - Virtual size: 103KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 58KB - Virtual size: 58KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 611KB - Virtual size: 610KB

.data
Size: 27KB - Virtual size: 71KB

.pdata
Size: 84KB - Virtual size: 83KB

.gfids
Size: 104KB - Virtual size: 103KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 58KB - Virtual size: 58KB