2024-04-09_d600432cb1f06a27245ac282ff66081e_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-09_d600432cb1f06a27245ac282ff66081e_ryuk
Size

6.2MB
MD5

d600432cb1f06a27245ac282ff66081e
SHA1

3662cfe0b409e85bf4000badd2769488d0e1c236
SHA256

ea5a3a9d10ec3b3624618a3d66097611d4b65e75da87681bc5f7e0fce31088ce
SHA512

22c46baccdfa46773fa9d93e17b7ba8d1b797c0e79df6dfb09d4844f4a2ed8059e8725376e266fb5dcf5a1a001b5dd43daba21f585f13c4db53ad7048f3a86fd
SSDEEP

49152:QqLdwrt2IEEFKNfuYG83HmFrVOt8KHT8uhsv2GeSgW+MZgtAkdN4TZSU6KRTfudq:uwJGIHektWgGoCTZSUDRTfXBH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-09_d600432cb1f06a27245ac282ff66081e_ryuk

Files

2024-04-09_d600432cb1f06a27245ac282ff66081e_ryuk
.exe windows:6 windows x64 arch:x64

fd6e8f4e8129f480ba7f52a27c4efdc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\PlagueRoad_SRC\tools\ext\project\vstudio\PlagueRoad\PlagueRoad.pdb

Imports

opengl32

wglMakeCurrent
wglDeleteContext
wglCreateContext
wglShareLists
glDepthFunc
glDisable
glColor4f
glClearDepth
glDrawElements
glDrawArrays
glClearColor
glColorMask
glBlendFunc
glLineWidth
glFrontFace
glDepthMask
glEnable
glViewport
glDrawBuffer
glTexImage2D
glReadBuffer
glDeleteTextures
glTexParameteri
glGenTextures
glBindTexture
wglGetProcAddress
glGetError
glGetIntegerv
glGetString
glClear

ws2_32

recv
send
htons
ntohs
WSAGetLastError
WSACleanup
getsockname
listen
bind
ioctlsocket
connect
WSAStartup
recvfrom
accept
setsockopt
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
socket
sendto
gethostname
WSAIoctl
closesocket
WSASetLastError
getpeername
getsockopt

openal32

alcCreateContext
alcOpenDevice
alcDestroyContext
alcMakeContextCurrent
alGetError
alcGetContextsDevice
alListener3f
alSourcef
alSourcei
alSourceQueueBuffers
alGenBuffers
alSourceStop
alDeleteSources
alBufferData
alDeleteBuffers
alSource3f
alGenSources
alSourceUnqueueBuffers
alGetSourcei
alSourcePlay
alcCloseDevice

xinput9_1_0

XInputGetState

dinput8

DirectInput8Create

steam_api64

SteamAPI_RunCallbacks
SteamAPI_Init
SteamClient
SteamFriends
SteamAPI_RestartAppIfNecessary
SteamUtils
SteamAPI_RegisterCallback
SteamUser
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamUserStats

kernel32

GetExitCodeThread
GetNativeSystemInfo
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
HeapSize
SetEndOfFile
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
WaitForSingleObjectEx
FindNextFileA
FindFirstFileExA
FindClose
GetProcessHeap
CreatePipe
GetFileAttributesExW
GetExitCodeProcess
GetTimeZoneInformation
FlushFileBuffers
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFullPathNameW
SetStdHandle
GetStringTypeW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
WriteFile
HeapFree
HeapAlloc
GetTempPathW
CreateProcessA
WriteConsoleW
MoveFileExW
DeleteFileW
GetModuleHandleExW
DuplicateHandle
IsValidCodePage
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
CreateFileW
SetFilePointerEx
RtlPcToFileHeader
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
SetLastError
GetLastError
FormatMessageA
ReadFile
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileType
GetVersionExA
SleepEx
WaitForSingleObject
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
Sleep
GetCurrentThreadId
RaiseException
GetModuleFileNameA
RtlCaptureContext
OutputDebugStringA
GetEnvironmentVariableA
SuspendThread
GetCurrentDirectoryA
ResumeThread
GetFileAttributesA
GetCurrentThread
GetThreadContext
ReadProcessMemory
GetCurrentDirectoryW
GetCurrentProcess
GetModuleHandleA
GetCurrentProcessId
WideCharToMultiByte
GlobalMemoryStatusEx
ExitProcess
MultiByteToWideChar
LoadLibraryW
GetModuleHandleW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
RtlUnwindEx
VirtualFree
VirtualQuery
CreateThread
LoadLibraryExA
GetModuleHandleExA
VirtualAlloc
VirtualProtect
InterlockedPopEntrySList
ReleaseSemaphore
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
EncodePointer
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetSystemTimeAsFileTime
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
DecodePointer

user32

GetWindowLongPtrW
WindowFromPoint
ShowWindow
GetAsyncKeyState
DispatchMessageW
ClientToScreen
PeekMessageW
RegisterClassW
TrackMouseEvent
GetMessageTime
SetFocus
BringWindowToTop
TranslateMessage
SetWindowPos
LoadCursorW
SetCapture
GetClientRect
ReleaseCapture
SetForegroundWindow
GetCursorPos
ChangeDisplaySettingsExW
EnumDisplaySettingsExW
EnumDisplayDevicesW
EnumDisplaySettingsW
UnregisterClassW
SystemParametersInfoW
LoadCursorA
GetDC
DestroyIcon
CreateIconIndirect
SetCursor
ShowCursor
ReleaseDC
MessageBoxA
GetKeyState
ClipCursor
DestroyWindow
IsIconic
MapVirtualKeyW
CreateWindowExW
SetCursorPos
SetWindowLongPtrW
AdjustWindowRectEx
DefWindowProcW
LoadIconW

gdi32

PatBlt
DeleteDC
CreateCompatibleDC
DeleteObject
CreateBitmap
CreateDIBSection
SelectObject
SetPixelFormat
SwapBuffers
DescribePixelFormat
GetDeviceCaps
CreateDCW
SetBkMode
SetDeviceGammaRamp

advapi32

CryptCreateHash
GetUserNameA
CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam

shell32

ShellExecuteA
SHCreateDirectoryExW
SHGetSpecialFolderPathA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd6e8f4e8129f480ba7f52a27c4efdc7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

ws2_32

openal32

xinput9_1_0

dinput8

steam_api64

kernel32

user32

gdi32

advapi32

shell32

version

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 45KB - Virtual size: 369KB

.pdata Size: 202KB - Virtual size: 201KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 3KB - Virtual size: 2KB

.rsrc Size: 51KB - Virtual size: 50KB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 45KB - Virtual size: 369KB

.pdata
Size: 202KB - Virtual size: 201KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 51KB - Virtual size: 50KB

.reloc
Size: 61KB - Virtual size: 60KB