2024-04-18_6de84d8c14ce720bd1f9ef95f0ec6908_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-18_6de84d8c14ce720bd1f9ef95f0ec6908_ryuk
Size

16.5MB
MD5

6de84d8c14ce720bd1f9ef95f0ec6908
SHA1

0e83956e2be365d5434a82002b235005e38342bd
SHA256

ec2208d2634041060f096e2d8066d34d6718d417a61c211877acea782bc427d3
SHA512

6759e95908ca57a8fc7e4fb94ab23f789c97145fae175329fa13eaec19920afeab5faef43e98f768b22d4322c00b6152f87d993801db2f09cf32bd23a3cd86df
SSDEEP

196608:JZzDOm8B+WUuI9Ecn4GhRYpcfI9GjjwwwBJmBwAYko+Sy:JZzDOm8P7I9Ecn4GhRYpcfI9GjMkZSy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-18_6de84d8c14ce720bd1f9ef95f0ec6908_ryuk

Files

2024-04-18_6de84d8c14ce720bd1f9ef95f0ec6908_ryuk
.exe windows:5 windows x64 arch:x64

e7b6633c2b12fa9d487de811178766ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

kernel32

RtlCaptureStackBackTrace
GlobalMemoryStatusEx
ExitProcess
TerminateProcess
GetExitCodeProcess
SetUnhandledExceptionFilter
GetCurrentThread
SetThreadPriority
IsDebuggerPresent
TryEnterCriticalSection
GetFileInformationByHandle
FlushFileBuffers
SetEndOfFile
SetFilePointer
FindClose
SetFileTime
SetHandleInformation
SetLocalTime
GetNativeSystemInfo
FormatMessageW
CreatePipe
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateEventW
CreateFileMappingW
GetLogicalDriveStringsW
LoadLibraryW
GetModuleFileNameW
CreateProcessW
GetEnvironmentVariableW
OutputDebugStringW
GetDriveTypeW
GetSystemDirectoryW
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDiskFreeSpaceExW
CreateDirectoryW
RemoveDirectoryW
CreateFileW
SetFileAttributesW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileW
CreateNamedPipeW
GetVolumeInformationW
SetPriorityClass
GetComputerNameW
VerifyVersionInfoW
CreateSymbolicLinkW
GetLocaleInfoW
LocalFree
GetCommandLineW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
Sleep
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
MoveFileExW
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
HeapReAlloc
HeapFree
HeapAlloc
GetTimeZoneInformation
CreateProcessA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
WideCharToMultiByte
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
FindResourceA
SizeofResource
LoadResource
HeapSize
FormatMessageA
lstrcmpW
MultiByteToWideChar
VerSetConditionMask
VerifyVersionInfoA
GetSystemTimeAsFileTime
GetProcAddress
GetCurrentProcess
GetCurrentThreadId
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
GetModuleFileNameA
FreeLibrary
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileA
LoadLibraryA
CreateSemaphoreA
DeviceIoControl
ReadFile
WriteFile
ReleaseSemaphore
GetOverlappedResult
TerminateThread
SetThreadAffinityMask
GetCurrentProcessId
CreateMutexA
SystemTimeToFileTime
GetSystemTime
ReleaseMutex
CancelIo
GetModuleHandleA
CreateEventA
SleepEx
DuplicateHandle
CloseHandle
WaitForMultipleObjects
WaitForSingleObject
LockResource

user32

UnregisterClassW
RegisterClassExW
CreateWindowExW
DestroyWindow
SetFocus
GetFocus
GetWindowTextW
GetWindowLongPtrW
SetWindowLongPtrW
EnumWindows
GetDC
ReleaseDC
TrackMouseEvent
GetMessagePos
GetMessageTime
GetMessageExtraInfo
SendMessageW
IsChild
ShowWindow
SetLayeredWindowAttributes
SetWindowPos
GetWindowPlacement
OpenClipboard
DefWindowProcW
SetClipboardData
SetForegroundWindow
EmptyClipboard
SendMessageTimeoutW
GetAsyncKeyState
GetKeyboardState
ToUnicode
MapVirtualKeyW
GetCapture
SetCapture
ReleaseCapture
GetSystemMetrics
GetSystemMenu
EnableMenuItem
GetForegroundWindow
BeginPaint
EndPaint
GetUpdateRgn
InvalidateRect
RedrawWindow
SetWindowTextW
GetClientRect
GetWindowRect
CloseClipboard
PostMessageW
MessageBoxW
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
SendInput
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowThreadProcessId
AttachThreadInput
IsWindowVisible
FindWindowExA
GetActiveWindow
GetWindowTextA
GetDesktopWindow
GetParent
EnumChildWindows
LoadCursorW
DestroyCursor
DestroyIcon
CreateIconIndirect
GetIconInfo
SystemParametersInfoW
SetWindowLongW
GetWindowLongW
WindowFromPoint
ScreenToClient
SetCaretPos
ShowCaret
GetMonitorInfoW
EnumDisplayMonitors
GetWindowInfo
GetAncestor
RegisterWindowMessageW
CallWindowProcW
MoveWindow
GetClipboardData

gdi32

SwapBuffers
SetPixelFormat
ChoosePixelFormat
GetObjectW
CreateDIBSection
StretchDIBits
SaveDC
RestoreDC
GetRegionData
GetPixel
ExcludeClipRect
CreateRectRgnIndirect
CreateRectRgn
CreateBitmap
CombineRgn
BitBlt
GetKerningPairsW
GetTextMetricsW
SetMapMode
SetMapperFlags
SelectObject
RemoveFontMemResourceEx
AddFontMemResourceEx
GetGlyphIndicesW
GetOutlineTextMetricsW
GetGlyphOutlineW
GetDeviceCaps
EnumFontFamiliesExW
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SystemFunction036
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
CommandLineToArgvW
ExtractAssociatedIconW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
SHFileOperationW

ole32

OleSetContainedObject
OleCreate
DoDragDrop
RegisterDragDrop
CoTaskMemAlloc
OleUninitialize
OleInitialize
CoCreateInstance
CoInitialize
RevokeDragDrop

wininet

HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
HttpOpenRequestW
InternetCloseHandle
InternetSetOptionW
InternetQueryOptionW
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenW
InternetCrackUrlW
FtpOpenFileW
InternetConnectW

ws2_32

listen
htons
ioctlsocket
bind
accept
WSAGetLastError
socket
sendto
send
connect
htonl
getnameinfo
freeaddrinfo
getaddrinfo
setsockopt
inet_addr
closesocket
select
__WSAFDIsSet
ntohl
recv
recvfrom
gethostbyname
gethostname
WSACleanup
getsockname
getsockopt
inet_ntoa
ntohs
WSAStartup

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

PathStripToRootW

winmm

midiOutLongMsg
midiOutShortMsg
midiInGetNumDevs
midiOutPrepareHeader
midiOutClose
midiOutOpen
midiOutGetDevCapsW
midiOutGetNumDevs
midiInGetDevCapsW
midiInOpen
midiInClose
midiInPrepareHeader
midiInUnprepareHeader
midiInAddBuffer
midiInStart
midiInStop
midiInReset
timeGetTime
timeKillEvent
timeSetEvent
timeGetDevCaps
timeBeginPeriod
midiOutUnprepareHeader

dbghelp

SymGetModuleInfo64
SymInitialize
SymFromAddr

imm32

ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCandidateWindow

opengl32

glBindTexture
wglShareLists
wglMakeCurrent
wglGetProcAddress
wglGetCurrentContext
wglDeleteContext
wglCreateContext
glClear
glClearColor
glDeleteTextures
glDisable
glDrawArrays
glDrawElements
glEnable
glGenTextures
glGetBooleanv
glGetError
glGetIntegerv
glGetString
glPixelStorei
glReadPixels
glScissor
glTexImage2D
glTexParameteri
glTexSubImage2D
glViewport
glBlendFunc

Sections

.text
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 976KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 546KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 37B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 937KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7b6633c2b12fa9d487de811178766ac

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

wininet

ws2_32

version

shlwapi

winmm

dbghelp

imm32

opengl32

Sections

.text Size: 8.1MB - Virtual size: 8.1MB

.rdata Size: 6.0MB - Virtual size: 6.0MB

.data Size: 976KB - Virtual size: 1.0MB

.pdata Size: 546KB - Virtual size: 545KB

.tls Size: 512B - Virtual size: 37B

.gfids Size: 512B - Virtual size: 444B

_RDATA Size: 10KB - Virtual size: 9KB

.rsrc Size: 937KB - Virtual size: 936KB

.reloc Size: 107KB - Virtual size: 107KB

.text
Size: 8.1MB - Virtual size: 8.1MB

.rdata
Size: 6.0MB - Virtual size: 6.0MB

.data
Size: 976KB - Virtual size: 1.0MB

.pdata
Size: 546KB - Virtual size: 545KB

.tls
Size: 512B - Virtual size: 37B

.gfids
Size: 512B - Virtual size: 444B

_RDATA
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 937KB - Virtual size: 936KB

.reloc
Size: 107KB - Virtual size: 107KB