2024-04-11_6622cbb294928cbb27cf88e52996073d_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-11_6622cbb294928cbb27cf88e52996073d_ryuk
Size

2.3MB
MD5

6622cbb294928cbb27cf88e52996073d
SHA1

a9500545b4d1125513f9494e9d09132a6ab830d6
SHA256

724df13050fe88e4270f1668160e02af55739aa9d310f501ca8824cefcec7236
SHA512

800d387fe880703a764355dc719a26342e2e53870c2a57308eb99d324b3922b398bbb96942f1abbecc2521f568395ad63e267d5fb83aab7fb691defb1457d189
SSDEEP

49152:HSfX3zAtWs6IxdL6PIVwy99MEHClzt3+OLxMafuF2EZ:ycYrOW/EZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-11_6622cbb294928cbb27cf88e52996073d_ryuk

Files

2024-04-11_6622cbb294928cbb27cf88e52996073d_ryuk
.exe windows:5 windows x64 arch:x64

a8d2306020cfedbe268aeab7e4a46710

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Source\Current\Disc\CDLabeler\x64\Release\CDLabeler.pdb

Imports

kernel32

TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetShortPathNameW
LockFile
UnlockFile
DuplicateHandle
lstrcmpiW
GetStringTypeExW
GetFileAttributesExW
GetFileSizeEx
LocalFileTimeToFileTime
SetErrorMode
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
TlsSetValue
FindFirstFileExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetOEMCP
IsValidCodePage
GetFileType
GetStdHandle
HeapQueryInformation
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
SetEnvironmentVariableA
ExitProcess
RtlUnwindEx
RtlPcToFileHeader
LCMapStringW
GetCPInfo
GetStringTypeW
TlsGetValue
TlsAlloc
GetThreadLocale
GetCurrentDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GlobalGetAtomNameW
SystemTimeToFileTime
ReplaceFileW
GetTempFileNameW
GetFullPathNameW
GetDiskFreeSpaceW
GetPrivateProfileIntW
CompareStringA
lstrcmpA
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
FreeResource
EncodePointer
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
GetACP
WritePrivateProfileStringW
lstrcmpW
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryW
MulDiv
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ResumeThread
SetThreadPriority
WaitForSingleObject
ResetEvent
SetEvent
TerminateThread
CreateEventW
FindNextFileW
FindClose
FindFirstFileW
GetCurrentThread
GetThreadPriority
GetCurrentThreadId
GetCurrentProcessId
GetVersionExW
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetTimeZoneInformation
LoadLibraryExW
FlushFileBuffers
ReadFile
WriteFile
GetFileSize
SetEndOfFile
SetFilePointer
GlobalSize
WideCharToMultiByte
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetLongPathNameW
SetFileTime
GetFileTime
DeleteFileW
MoveFileW
GetVolumeInformationW
CreateFileW
GetFileAttributesW
GetDriveTypeW
GetSystemDirectoryW
GetModuleFileNameW
Process32Next
Process32First
CreateToolhelp32Snapshot
LocalFree
FormatMessageW
TerminateProcess
WaitForMultipleObjects
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
GetCurrentProcess
GetTickCount
MultiByteToWideChar
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
lstrlenW
GetPrivateProfileStringW
GetEnvironmentStringsW
Sleep
WriteConsoleW

user32

CharUpperW
PostThreadMessageW
CopyAcceleratorTableW
CreateMenu
MoveWindow
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
SetScrollPos
ScrollWindow
SetActiveWindow
TrackPopupMenu
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
SendDlgItemMessageA
MapWindowPoints
SetFocus
keybd_event
DrawFrameControl
InsertMenuW
SubtractRect
GetMessageTime
AnimateWindow
GetSysColorBrush
EnableMenuItem
DeleteMenu
GetSystemMenu
AppendMenuW
RemoveMenu
GetClassLongPtrW
InsertMenuItemW
CreatePopupMenu
SetMenu
CallWindowProcW
SetMenuInfo
GetMenuInfo
GetSubMenu
GetMenuState
GetMenuItemInfoW
SetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
TrackPopupMenuEx
CreateCursor
CreateIconFromResource
DrawIcon
DestroyIcon
DrawIconEx
EmptyClipboard
SetClipboardData
RegisterClipboardFormatW
SystemParametersInfoW
GetMessagePos
FrameRect
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
MapVirtualKeyExW
GetKeyboardLayout
SetWindowPlacement
GetWindowPlacement
GetMonitorInfoW
MonitorFromRect
RealChildWindowFromPoint
ValidateRect
LoadImageW
ChangeClipboardChain
SetClipboardViewer
CreateWindowExW
FlashWindowEx
SetWindowLongPtrW
GetWindowLongPtrW
MessageBeep
EndPaint
BeginPaint
GetDoubleClickTime
GetGUIThreadInfo
KillTimer
AttachThreadInput
LockSetForegroundWindow
GetDesktopWindow
GetLastActivePopup
SetParent
SetWindowRgn
SetWindowLongW
SetWindowPos
ShowWindow
IsWindowEnabled
IsIconic
IsZoomed
DestroyWindow
SetCursorPos
GetCursorPos
ClientToScreen
ScreenToClient
GetScrollPos
SetWindowTextW
GetDlgItem
GetWindowTextW
GetWindowTextLengthW
DefWindowProcW
WindowFromPoint
GetForegroundWindow
IsWindowVisible
GetWindow
GetClassNameW
FindWindowExW
WaitMessage
PeekMessageW
EnumWindows
FindWindowW
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetWindowThreadProcessId
MessageBoxW
EnableWindow
UpdateWindow
IsWindow
InflateRect
PostMessageW
UnionRect
IsRectEmpty
SetRectEmpty
SendMessageW
OffsetRect
RegisterWindowMessageW
LoadCursorW
DestroyCursor
LoadIconW
LoadBitmapW
SetForegroundWindow
SetCapture
GetCapture
ReleaseCapture
SetCursor
InvalidateRect
GetClientRect
RedrawWindow
GetParent
GetWindowRect
GetWindowLongW
PtInRect
GetFocus
GetKeyState
TranslateMessage
DispatchMessageW
GetMenu
UnregisterClassW
SetTimer
GetSysColor
GetDC
ReleaseDC
FillRect
GetSystemMetrics
IntersectRect
EqualRect
CopyRect
GetTabbedTextExtentW
ReuseDDElParam
UnpackDDElParam
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
TranslateAcceleratorW
BringWindowToTop
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
SetRect
GetMenuStringW
ShowOwnedPopups
GetMessageW
DestroyMenu
LoadAcceleratorsW
PostQuitMessage
LoadMenuW
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageW
SetDlgItemTextW
EnumDisplayMonitors
SendDlgItemMessageW

gdi32

EndPath
FillPath
CreateRectRgnIndirect
CreateEllipticRgnIndirect
CombineRgn
PaintRgn
GetViewportOrgEx
CreatePolygonRgn
GetRgnBox
GetTextMetricsW
GetCurrentObject
CreateRectRgn
DeleteDC
StartDocW
StartPage
EndPage
AbortDoc
EndDoc
CreateDCW
SaveDC
RestoreDC
Rectangle
SelectClipRgn
RectVisible
CreateEllipticRgn
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
BitBlt
SetBkColor
SetTextColor
CreateBitmap
CreateDIBSection
SetAbortProc
GetStockObject
CreatePatternBrush
Escape
ExcludeClipRect
GetClipBox
GetCurrentPositionEx
GetPixel
GetWindowExtEx
IntersectClipRect
PtVisible
ExtSelectClipRgn
BeginPath
SetBkMode
SetMapMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontW
GetCharWidthW
StretchDIBits
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextColor
GetWindowOrgEx
GetTextFaceW
Ellipse
GetBkColor
DeleteObject
SelectObject
CreateFontIndirectW
GetTextExtentPoint32W
GetViewportExtEx
GetDeviceCaps
LPtoDP
CreatePen
DPtoLP
GetObjectW
CreateSolidBrush
MoveToEx
LineTo
Arc

advapi32

SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueW

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
StringFromCLSID
CoCreateInstance
OleUninitialize
CoUninitialize
CoInitialize
CoCreateGuid
CoTaskMemFree
OleInitialize

oleaut32

SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString

gdiplus

GdiplusShutdown

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8d2306020cfedbe268aeab7e4a46710

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

uxtheme

ole32

oleaut32

gdiplus

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 604KB - Virtual size: 603KB

.data Size: 33KB - Virtual size: 56KB

.pdata Size: 74KB - Virtual size: 74KB

.gfids Size: 17KB - Virtual size: 16KB

.giats Size: 512B - Virtual size: 8B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 183KB - Virtual size: 182KB

.reloc Size: 41KB - Virtual size: 41KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 604KB - Virtual size: 603KB

.data
Size: 33KB - Virtual size: 56KB

.pdata
Size: 74KB - Virtual size: 74KB

.gfids
Size: 17KB - Virtual size: 16KB

.giats
Size: 512B - Virtual size: 8B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 183KB - Virtual size: 182KB

.reloc
Size: 41KB - Virtual size: 41KB