2024-04-10_ff32d64945d03fd7d833b70d0db23043_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-10_ff32d64945d03fd7d833b70d0db23043_ryuk
Size

501KB
MD5

ff32d64945d03fd7d833b70d0db23043
SHA1

ae091e35d13f86245c23a9909912c2c3a3deb171
SHA256

9d043b658280729d86b3ddf2e02137881619f779907d9f3b079f1dd04b26df60
SHA512

900c1d4c1f12554ffeca35c3fd3c0684ab115d9c3bfddf805dbc5c7f1380b13d41a6ee05d941a40865dc5d017d36c247e4a3a686242e55793a72eeab90d859a6
SSDEEP

12288:Hga9KcirvEH0IQJ/B7CEKwd8c0y7cxx68j3B82UoY+XusB2WHvcVzdJIxGot3JEX:Hga9cgH0IQJZ7CEKwd8ty7cxx68j3B8F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-10_ff32d64945d03fd7d833b70d0db23043_ryuk

Files

2024-04-10_ff32d64945d03fd7d833b70d0db23043_ryuk
.exe windows:5 windows x64 arch:x64

c32e919e6e328df7239e1070b0803dd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Branch\win\Release\stubs\x64\aijclw.pdb

Imports

msi

ord173

kernel32

RemoveDirectoryW
GetLastError
CreateDirectoryW
GetFileSize
ReadFile
ExpandEnvironmentStringsW
WriteFile
RaiseException
GetEnvironmentVariableW
MultiByteToWideChar
WideCharToMultiByte
MulDiv
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringW
GetLocalTime
GetModuleFileNameW
FlushFileBuffers
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
SetThreadLocale
GetSystemDefaultLCID
DecodePointer
lstrlenW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetExitCodeThread
CreateThread
WaitForSingleObject
OpenProcess
GetExitCodeProcess
Sleep
CreateProcessW
GetCommandLineW
CreateEventW
SetEvent
GlobalMemoryStatus
SetEnvironmentVariableW
SetCurrentDirectoryW
GetTimeFormatW
GetDateFormatW
GetUserDefaultLangID
CreateFileMappingW
GetVersionExW
CompareStringW
GetOEMCP
IsValidCodePage
FindFirstFileExA
LCMapStringW
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
RtlUnwindEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
GetCPInfo
VirtualFree
VirtualAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
FindNextFileW
DeleteFileW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
SetLastError
GetFullPathNameW
FindFirstFileW
FindClose
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
UnmapViewOfFile
FindNextFileA
MapViewOfFile
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW

user32

GetCapture
SetCapture
SetFocus
SetCursor
DrawFocusRect
GetFocus
GetSysColor
ReleaseCapture
GetDlgCtrlID
GetCursorPos
ScreenToClient
PtInRect
IsWindowEnabled
FillRect
MessageBoxW
LoadStringW
SetRectEmpty
GetClassNameW
SystemParametersInfoW
GetWindowTextLengthW
GetWindowTextW
DrawTextW
OffsetRect
EnableWindow
DialogBoxParamW
DispatchMessageW
TranslateMessage
UpdateWindow
PeekMessageW
GetActiveWindow
GetMessageW
PostThreadMessageW
EndPaint
BeginPaint
LoadCursorW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
GetWindowLongPtrW
GetSystemMetrics
SetWindowLongPtrW
InvalidateRect
RedrawWindow
IsWindowVisible
ShowWindow
EndDialog
CreateWindowExW
IsWindow
SendMessageW
SetWindowLongW
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
SetWindowPos
SetWindowTextW
GetDlgItem
UnregisterClassW
DestroyWindow
DefWindowProcW
CharNextW
ReleaseDC
GetClientRect
GetDC
RegisterWindowMessageW

gdi32

GetStockObject
CreateFontIndirectW
GetObjectW
BitBlt
SetTextColor
SelectObject
CreateCompatibleDC
DeleteDC
CreateCompatibleBitmap
DeleteObject
SetBkMode

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptDestroyKey
CryptDeriveKey
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
CryptDecrypt
RegEnumKeyExW

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr

comctl32

_TrackMouseEvent

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c32e919e6e328df7239e1070b0803dd5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 9KB - Virtual size: 9KB

.gfids Size: 512B - Virtual size: 212B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 216KB - Virtual size: 216KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 9KB - Virtual size: 9KB

.gfids
Size: 512B - Virtual size: 212B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 216KB - Virtual size: 216KB

.reloc
Size: 2KB - Virtual size: 1KB