2024-04-10_c06a3cb0523c348d6809ae23457388ff_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-10_c06a3cb0523c348d6809ae23457388ff_ryuk
Size

3.4MB
MD5

c06a3cb0523c348d6809ae23457388ff
SHA1

949b677453a113b6be0e4ff1b0311a1a6dcf3d47
SHA256

032369a76ace2cb8f7130ff96292da7408b9e3c86895f4683d748cfe6efde1bb
SHA512

b4b88f649b875a7af439b9440c1ea09f6ca802b715a695a5504b3713eefecef8cb380f0a18576e1aa14967b7a00531c7e350a497768fe5e133c5d40088e80412
SSDEEP

49152:a11d8lniByABcPcuC1uLxiUQ3J+QCKDvYMhRgrOAdZVH4CjeaGjFRkgIDS+Yqm7y:andqqFSMhRghWRkgIUqk/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-10_c06a3cb0523c348d6809ae23457388ff_ryuk

Files

2024-04-10_c06a3cb0523c348d6809ae23457388ff_ryuk
.exe windows:6 windows x64 arch:x64

4a6aab736ccba97e7c54c8eb5b145def

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libiomp5md

ord703
ord705

uic_bmp

??0BMPEncoder@UIC@@QEAA@XZ
??1BMPEncoder@UIC@@UEAA@XZ
?Init@BMPEncoder@UIC@@UEAAHXZ
?AttachStream@BMPEncoder@UIC@@UEAAHAEAVBaseStreamOutput@2@@Z
?AttachImage@BMPEncoder@UIC@@UEAAHAEBVImage@2@@Z
?WriteHeader@BMPEncoder@UIC@@UEAAHXZ
?WriteData@BMPEncoder@UIC@@UEAAHXZ

uic_core

?SetEnumSampling@ImageSamplingGeometry@UIC@@QEAAHW4ImageEnumSampling@2@@Z
?SetAsRange8u@ImageDataRange@UIC@@QEAAXE@Z
?Attach@ImageBuffer@UIC@@QEAAHPEBVImageDataPtr@2@AEBVImageDataOrder@2@AEBVImageSamplingGeometry@2@@Z
?ArrCountOf@UIC@@YAIPEBX@Z
?ArrFree@UIC@@YAXPEBX@Z
?ArrAlloc@UIC@@YAPEAXII@Z
??0ImageDataRange@UIC@@QEAA@XZ

uic_io

??1CStdFileOutput@@UEAA@XZ
?Open@CStdFileOutput@@QEAA?AW4TStatus@BaseStream@UIC@@PEBD@Z
??0CStdFileOutput@@QEAA@XZ

uic_jpeg

?Init@JPEGEncoder@UIC@@UEAAHXZ
?SetParams@JPEGEncoder@UIC@@QEAAHW4_JPEG_MODE@@W4_JPEG_COLOR@@W4_JPEG_SAMPLING@@HHH@Z
?AttachStream@JPEGEncoder@UIC@@UEAAHAEAVBaseStreamOutput@2@@Z
?AttachImage@JPEGEncoder@UIC@@UEAAHAEBVImage@2@@Z
??0JPEGEncoder@UIC@@QEAA@XZ
??1JPEGEncoder@UIC@@UEAA@XZ
?WriteHeader@JPEGEncoder@UIC@@UEAAHXZ
?WriteData@JPEGEncoder@UIC@@UEAAHXZ

uic_png

??1PNGEncoder@UIC@@UEAA@XZ
?Init@PNGEncoder@UIC@@UEAAHXZ
?AttachStream@PNGEncoder@UIC@@UEAAHAEAVBaseStreamOutput@2@@Z
?AttachImage@PNGEncoder@UIC@@UEAAHAEBVImage@2@@Z
?WriteHeader@PNGEncoder@UIC@@UEAAHXZ
?WriteData@PNGEncoder@UIC@@UEAAHXZ
??0PNGEncoder@UIC@@QEAA@XZ

uic_tiff

??0TIFFEncoder@UIC@@QEAA@XZ
??1TIFFEncoder@UIC@@UEAA@XZ
?Init@TIFFEncoder@UIC@@UEAAHXZ
?AttachStream@TIFFEncoder@UIC@@UEAAHAEAVBaseStreamOutput@2@@Z
?WriteData@TIFFEncoder@UIC@@UEAAHXZ
?WriteHeader@TIFFEncoder@UIC@@UEAAHXZ
?AttachImage@TIFFEncoder@UIC@@UEAAHAEBVImage@2@@Z

kernel32

SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
lstrcmpiW
GetWindowsDirectoryW
FindResourceExW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
SearchPathW
GetTempFileNameW
GetTempPathW
GetTickCount
GetProfileIntW
GetUserDefaultLCID
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
GetFullPathNameW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadFile
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetACP
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
LCMapStringW
GetCPInfo
GetStringTypeW
FlushFileBuffers
FindClose
GetFileSize
CreateFileW
lstrcpyW
GetCurrentDirectoryW
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetThreadLocale
FileTimeToSystemTime
GlobalGetAtomNameW
GlobalFlags
OutputDebugStringW
LockFile
GetVolumeInformationW
GetOEMCP
SizeofResource
LockResource
LoadResource
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetCurrentProcessId
ResumeThread
SetThreadPriority
CreateEventW
SetEvent
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
lstrcmpA
GetVersionExW
GetCurrentThread
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
WideCharToMultiByte
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
FreeResource
OutputDebugStringA
SetLastError
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
CloseHandle
WaitForSingleObject
Sleep
CreateThread
GetProcessHeap
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
FindNextFileW
DeleteFileW
FindFirstFileW
FindResourceW
MultiByteToWideChar
GetCommandLineW
VerifyVersionInfoW
VerSetConditionMask
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
SetPriorityClass
GetCurrentProcess
GetPriorityClass
QueryPerformanceFrequency
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetFileAttributesW

user32

GetIconInfo
HideCaret
InvertRect
GetDoubleClickTime
CreateMenu
DestroyCursor
GetComboBoxInfo
GetWindowRgn
GetNextDlgGroupItem
SetRect
InvalidateRgn
CharNextW
SetClassLongPtrW
LockWindowUpdate
RegisterClipboardFormatW
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
MapVirtualKeyW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
PostThreadMessageW
ModifyMenuW
NotifyWinEvent
SetWindowRgn
CharUpperW
TrackMouseEvent
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
MonitorFromPoint
SetParent
ReuseDDElParam
UnpackDDElParam
LoadImageW
DestroyIcon
IntersectRect
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
KillTimer
DeleteMenu
WaitMessage
GetAsyncKeyState
CopyImage
RealChildWindowFromPoint
GetSysColorBrush
ClientToScreen
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
InflateRect
GetMenuItemInfoW
DestroyMenu
SetRectEmpty
SendDlgItemMessageA
GetWindowThreadProcessId
ShowOwnedPopups
TranslateMessage
GetMessageW
LoadMenuW
MapDialogRect
SetWindowContextHelpId
MessageBeep
IsZoomed
PostQuitMessage
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
IsDialogMessageW
SetWindowTextW
GetFocus
GetDlgCtrlID
CheckDlgButton
SetWindowPos
MoveWindow
ShowWindow
GetWindow
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
SetFocus
GetDesktopWindow
GetWindowLongW
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
EnumChildWindows
IsWindowVisible
IsWindowEnabled
GetUpdateRect
SubtractRect
MapVirtualKeyExW
IsCharLowerW
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
IsClipboardFormatAvailable
FrameRect
CopyIcon
SetMenuDefaultItem
EnableScrollBar
UpdateLayeredWindow
SetCursorPos
CharUpperBuffW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
UnionRect
GetKeyNameTextW
UnhookWindowsHookEx
GetMenuDefaultItem
ReleaseDC
GetWindowDC
RedrawWindow
UpdateWindow
GetClassNameW
GetParent
IsWindow
ReleaseCapture
SetCursor
WindowFromPoint
GetCursorPos
LoadBitmapW
UnregisterClassW
OffsetRect
PtInRect
FillRect
SetCapture
SetWindowLongW
EqualRect
SetLayeredWindowAttributes
LoadCursorW
SystemParametersInfoW
SetForegroundWindow
BringWindowToTop
IsRectEmpty
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
RegisterHotKey
SetTimer
SendMessageW
AppendMenuW
GetSystemMenu
LoadIconW
InvalidateRect
CopyRect
GetDC
GetWindowRect
EnableWindow
GetMonitorInfoW

gdi32

CreateFontIndirectW
GetTextExtentPoint32W
ExtTextOutW
CreateHatchBrush
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
CreateBitmap
ScaleWindowExtEx
GetTextMetricsW
CreateDIBitmap
CreateRectRgnIndirect
EnumFontFamiliesW
GetTextCharsetInfo
CombineRgn
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
GetRgnBox
OffsetRgn
GetTextColor
GetBkColor
GetMapMode
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
GetWindowOrgEx
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetTextFaceW
SetPixelV
GetObjectW
SetTextColor
SetBkColor
GetDeviceCaps
CopyMetaFileW
CreatePen
Rectangle
PatBlt
CreateDCW
GetStockObject
GetDIBits
BitBlt
DeleteDC
DeleteObject
SelectObject
ScaleViewportExtEx
CreateCompatibleDC
CreateCompatibleBitmap

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetDesktopFolder
CommandLineToArgvW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
DragQueryFileW
SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderLocation
SHAppBarMessage
DragFinish

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathFileExistsW
PathRemoveFileSpecW

uxtheme

DrawThemeText
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
IsAppThemed
GetThemePartSize
CloseThemeData
OpenThemeData
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeParentBackground

ole32

CreateStreamOnHGlobal
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
OleGetClipboard
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleLockRunning
DoDragDrop

oleaut32

SysFreeString
OleCreateFontIndirect
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringLen

oledlg

OleUIBusyW

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdiplusStartup
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetInterpolationMode
GdiplusShutdown
GdipDrawImageRectI
GdipGetImagePixelFormat

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW
timeKillEvent
timeSetEvent
timeEndPeriod

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a6aab736ccba97e7c54c8eb5b145def

Headers

DLL Characteristics

File Characteristics

Imports

libiomp5md

uic_bmp

uic_core

uic_io

uic_jpeg

uic_png

uic_tiff

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

RT_CODE Size: 2KB - Virtual size: 2KB

.rdata Size: 710KB - Virtual size: 710KB

.data Size: 32KB - Virtual size: 78KB

.pdata Size: 100KB - Virtual size: 100KB

.gfids Size: 106KB - Virtual size: 106KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 389KB - Virtual size: 389KB

.reloc Size: 62KB - Virtual size: 61KB

.text
Size: 2.1MB - Virtual size: 2.1MB

RT_CODE
Size: 2KB - Virtual size: 2KB

.rdata
Size: 710KB - Virtual size: 710KB

.data
Size: 32KB - Virtual size: 78KB

.pdata
Size: 100KB - Virtual size: 100KB

.gfids
Size: 106KB - Virtual size: 106KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 389KB - Virtual size: 389KB

.reloc
Size: 62KB - Virtual size: 61KB