2024-04-15_f743209305a097d36d22ba0e2145a67b_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-15_f743209305a097d36d22ba0e2145a67b_ryuk
Size

12.3MB
MD5

f743209305a097d36d22ba0e2145a67b
SHA1

cd6803e5ae37d1d856e0b1d699ffab5bf7c7dd44
SHA256

30dc3f0aecba118124f5308eda08a896cb814d557db39a21c3ce314f42dd11db
SHA512

661286466f4cb5059f809f3588ee317c3ac20451b11b9628faccf276800627fc504acf443daaedcd41b7aecc8424c9e43311ad8076715e8dcf6488b4947a343d
SSDEEP

98304:sReiXZ72ClSv8J3f/kQ6bUEZH1qBejArdhoApIAR1y2QhWaaB75+KWd5:niXVOu/GW3nDy2QhWaaB7O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-15_f743209305a097d36d22ba0e2145a67b_ryuk

Files

2024-04-15_f743209305a097d36d22ba0e2145a67b_ryuk
.exe windows:5 windows x64 arch:x64

4c60c4d37b967973db10650ba859915c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindFirstFileExA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
GetStdHandle
ExitProcess
FindNextFileA
FreeEnvironmentStringsW
QueryPerformanceFrequency
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
IsValidCodePage
GetFileType
GetEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
SearchPathA
GetProfileIntA
GetTempFileNameA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetTickCount
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
GetWindowsDirectoryA
GetVolumeInformationA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
CreateFileA
DeleteFileA
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetThreadLocale
GetUserDefaultUILanguage
FindResourceExW
GlobalFlags
GetACP
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
GetPrivateProfileIntA
GetModuleHandleA
ResumeThread
SetThreadPriority
WaitForSingleObject
SetEvent
CloseHandle
GetCurrentProcessId
GetModuleFileNameA
GetVersionExA
GetCurrentThread
lstrcmpA
GlobalReAlloc
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
FileTimeToSystemTime
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalSize
MultiByteToWideChar
GlobalAlloc
VirtualProtect
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
FindResourceA
LoadLibraryW
GlobalFree
GlobalUnlock
GlobalLock
GetModuleHandleExW
GetModuleFileNameW
FreeResource
SetLastError
OutputDebugStringA
WritePrivateProfileStringA
GetProcessHeap
DeleteCriticalSection
WideCharToMultiByte
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetPrivateProfileStringA
GetProcAddress
LoadLibraryA
FindResourceW
LoadResource
LockResource
SizeofResource
SetStdHandle
CreateFileW

user32

DestroyMenu
SetCursor
ShowOwnedPopups
GetCursorPos
TranslateMessage
GetMessageA
FillRect
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
GetWindowThreadProcessId
SetWindowContextHelpId
PostQuitMessage
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
ShowScrollBar
GetScrollRange
SetScrollRange
GetMenuItemInfoA
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CopyAcceleratorTableA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
InvalidateRgn
SetRect
IntersectRect
EnableWindow
LoadIconW
GetSystemMenu
AppendMenuA
SendMessageA
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
IsDialogMessageA
SetWindowLongA
SetWindowTextA
GetDlgCtrlID
SendDlgItemMessageA
CheckDlgButton
InflateRect
SystemParametersInfoA
GetKeyNameTextA
MapVirtualKeyA
SetRectEmpty
OffsetRect
RealChildWindowFromPoint
GetSysColorBrush
LoadCursorA
CharNextA
CopyImage
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
LoadCursorW
DeleteMenu
SetTimer
KillTimer
InvalidateRect
ScrollWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetParent
UnregisterClassA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
IsZoomed
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongA
GetDesktopWindow
PostMessageA
ShowWindow
SetWindowPos
SetFocus
GetFocus
GetAsyncKeyState
GetCapture
SetPropA
GetPropA
RemovePropA
GetWindowRect
GetWindow
MapDialogRect
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
RemoveMenu
SetScrollPos
GetScrollPos
GetWindowTextA
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
DestroyIcon
GetWindowTextLengthA
MoveWindow
CharUpperA
TrackMouseEvent
LoadImageW
CreatePopupMenu
GetMenuDefaultItem
BringWindowToTop
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
LoadImageA
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatA
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongPtrA
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
DrawEdge
DrawFrameControl
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
PostThreadMessageA
UnionRect
FrameRect
CopyIcon
SetCursorPos
LoadMenuW
IsMenu

gdi32

GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32A
CreateRectRgnIndirect
PatBlt
GetTextMetricsA
EnumFontFamiliesExA
ExcludeClipRect
GetTextColor
GetRgnBox
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
CreateCompatibleBitmap
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
Escape
DeleteObject
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
CreateBitmap
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCA
CopyMetaFileA
CreateSolidBrush
CreateFontIndirectA
GetBkColor
DeleteDC
GetObjectA

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA

shell32

SHBrowseForFolderA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
DragFinish
SHAppBarMessage
ShellExecuteA

shlwapi

PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
PathFindFileNameA
PathFindExtensionA

uxtheme

IsAppThemed
GetThemeSysColor
GetWindowTheme
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName

ole32

CoRevokeClassObject
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoFreeUnusedLibraries
CoInitializeEx
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc

oleaut32

OleCreateFontIndirect
LoadTypeLi
VarBstrFromDate
SysFreeString
SysAllocStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
SysStringLen
SafeArrayDestroy
VariantCopy
SysAllocString

oledlg

ord8

odbc32

ord1
ord41
ord76
ord39
ord45
ord15
ord14
ord10
ord9
ord2

crypt32

CryptProtectData
CryptUnprotectData

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 635KB - Virtual size: 635KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c60c4d37b967973db10650ba859915c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

odbc32

crypt32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 635KB - Virtual size: 635KB

.data Size: 9.6MB - Virtual size: 9.6MB

.pdata Size: 88KB - Virtual size: 87KB

.gfids Size: 106KB - Virtual size: 105KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 37KB - Virtual size: 36KB

.reloc Size: 60KB - Virtual size: 59KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 635KB - Virtual size: 635KB

.data
Size: 9.6MB - Virtual size: 9.6MB

.pdata
Size: 88KB - Virtual size: 87KB

.gfids
Size: 106KB - Virtual size: 105KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 37KB - Virtual size: 36KB

.reloc
Size: 60KB - Virtual size: 59KB