General

Malware Config

Signatures

Files

• 2024-04-10_c1c6c2df10c36dfc85d03e1d95b833f2_ryuk

  .exe windows:6 windows x64 arch:x64

  d422d42843191f20ad0be6176200c3f3

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  F:\v61A11src\v4builds\x64\Release\WSD64.pdb

  Imports

  newdev

  UpdateDriverForPlugAndPlayDevicesW

  kernel32

  GetProcAddress

  LoadLibraryExW

  RaiseException

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionEx

  DeleteCriticalSection

  GetModuleFileNameW

  GetModuleHandleW

  LoadResource

  SizeofResource

  FindResourceW

  MultiByteToWideChar

  FreeLibrary

  DecodePointer

  WaitForSingleObject

  Sleep

  CreateThread

  GetCurrentThreadId

  CreateFileW

  WriteConsoleW

  FlushFileBuffers

  SetFilePointerEx

  lstrcmpiW

  CreateEventW

  ResetEvent

  SetEvent

  GetLastError

  CloseHandle

  FindClose

  GetCommandLineW

  IsDebuggerPresent

  GetConsoleMode

  GetConsoleCP

  GetStringTypeW

  SetStdHandle

  GetProcessHeap

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetCPInfo

  GetOEMCP

  IsValidCodePage

  FindNextFileW

  LCMapStringW

  GetFileType

  HeapReAlloc

  HeapSize

  HeapAlloc

  HeapFree

  GetACP

  FindFirstFileExW

  LocalFree

  WriteFile

  OutputDebugStringW

  WaitForSingleObjectEx

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  GetStartupInfoW

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  InitializeSListHead

  RtlPcToFileHeader

  RtlUnwindEx

  EncodePointer

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  SetLastError

  ExitProcess

  GetModuleHandleExW

  WideCharToMultiByte

  GetStdHandle

  user32

  CharNextW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  PostThreadMessageW

  CharUpperW

  advapi32

  RegQueryInfoKeyW

  RegOpenKeyExW

  RegEnumKeyExW

  RegDeleteValueW

  RegDeleteKeyW

  RegCreateKeyExW

  RegCloseKey

  RegSetValueExW

  ole32

  CoTaskMemRealloc

  CoTaskMemAlloc

  CoTaskMemFree

  CoWaitForMultipleHandles

  PropVariantClear

  CoCreateInstance

  CoUninitialize

  CoRegisterClassObject

  CoRevokeClassObject

  CoResumeClassObjects

  CoAddRefServerProcess

  CoReleaseServerProcess

  StringFromGUID2

  CoInitialize

  CoGetClassObject

  oleaut32

  UnRegisterTypeLi

  RegisterTypeLi

  LoadRegTypeLi

  LoadTypeLi

  VarUI4FromStr

  SafeArrayUnaccessData

  SafeArrayAccessData

  SafeArrayCreate

  SysStringLen

  SysAllocString

  SysFreeString

  shlwapi

  SHStrDupW

  Sections

  .text

  Size: 101KB - Virtual size: 101KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 56KB - Virtual size: 56KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .gfids

  Size: 512B - Virtual size: 244B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .zero

  Size: 8KB - Virtual size: 4KB

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ