2024-04-20_92dc572b1377f19a5559206cbd136afb_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-20_92dc572b1377f19a5559206cbd136afb_ryuk
Size

8.2MB
MD5

92dc572b1377f19a5559206cbd136afb
SHA1

5b8534c36fbb0a1d7e1b05f931262459392a4ecd
SHA256

763b409a9e24b29567d0de7988607a58a10170b381a7729a3739d69143a5a791
SHA512

7181ad1b3415373b502f517c83352e90ec92cd274aed7efa4eb1999cf976f1b2ecffec76ad3861f1420f9e7d67ae2b57bff27fcfec5b4dc2b219e187327e19ee
SSDEEP

98304:oyA6xc5C4LeVswhWgq67K9YJCr88IIbedhvQZLQ:nc0CeV8gMuBnQQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-20_92dc572b1377f19a5559206cbd136afb_ryuk

Files

2024-04-20_92dc572b1377f19a5559206cbd136afb_ryuk
.exe windows:5 windows x64 arch:x64

a62fca158ffd4c3359312000da2b541a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
DisconnectNamedPipe
RtlCaptureStackBackTrace
GetLogicalDriveStringsW
FormatMessageW
GetLastError
GetFileAttributesExW
OutputDebugStringW
TerminateThread
QueryPerformanceFrequency
DeleteFileW
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
ReplaceFileW
DeleteCriticalSection
ExitProcess
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
IsDebuggerPresent
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
GlobalSize
GlobalAlloc
GlobalLock
GetCurrentProcessId
GlobalUnlock
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
UnmapViewOfFile
GetLocaleInfoW
FindNextFileA
FindFirstFileExA
GetProcessHeap
GetConsoleCP
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
FreeLibraryAndExitThread
ExitThread
CreateThread
GetTimeZoneInformation
GetModuleHandleExW
LoadLibraryExW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
WideCharToMultiByte
GetSystemDirectoryW
ReleaseMutex
GetCurrentThreadId
GetFileAttributesW
GetOEMCP
CreateFileW
FindClose
CreateMutexW
GetTempPathW
SetEndOfFile
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetModuleFileNameW
SetFileTime
RemoveDirectoryW
TerminateProcess
WriteFile
FindNextFileW
EnterCriticalSection
FindFirstFileW
CancelIo
GetVolumeInformationW
TryEnterCriticalSection
ReadFile
SetThreadAffinityMask
CreateDirectoryW
GetProcAddress
GetPriorityClass
ResetEvent
SetPriorityClass
CloseHandle
GetThreadPriority
LoadLibraryA
GetCurrentThread
SetEvent
Sleep
MultiByteToWideChar
CreateEventW
WaitForSingleObject
SetThreadPriority
GetCurrentProcess
IsValidCodePage
HeapSize

user32

MessageBoxW
EnumChildWindows
EnumDisplayMonitors
SetWindowPos
IsWindowVisible
GetWindowRect
MapVirtualKeyW
GetMessagePos
GetUpdateRgn
GetMessageExtraInfo
GetSystemMenu
GetWindowLongW
GetDesktopWindow
RegisterClassExW
GetWindowLongPtrW
UnregisterClassW
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
DefWindowProcW
AttachThreadInput
GetWindowThreadProcessId
GetWindowTextW
TranslateMessage
SetFocus
EnumWindows
PeekMessageW
DispatchMessageW
GetFocus
SendMessageTimeoutW
GetMessageW
ReleaseDC
GetDC
EndPaint
BeginPaint
GetCursorPos
SetCursorPos
InvalidateRect
SetForegroundWindow
ReleaseCapture
GetParent
SystemParametersInfoW
EnableMenuItem
ShowCaret
GetClientRect
SetWindowLongW
SetCursor
ToUnicode
SetClipboardData
SetCapture
DestroyCaret
LoadCursorW
FindWindowW
GetClipboardData
SetLayeredWindowAttributes
GetMessageTime
GetForegroundWindow
TrackMouseEvent
CreateCaret
IsChild
EmptyClipboard
CloseClipboard
CreateIconIndirect
GetMonitorInfoW
GetWindowInfo
DestroyIcon
RedrawWindow
GetCapture
OpenClipboard
GetAsyncKeyState
PostMessageW
ShowWindow
GetActiveWindow
SetCaretPos
GetKeyboardState
DestroyCursor
GetWindowPlacement
WindowFromPoint
MessageBeep
SetWindowTextW
GetSystemMetrics
SendMessageW
ScreenToClient
GetIconInfo

gdi32

CreateCompatibleDC
EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
DeleteDC
SetMapperFlags
GetGlyphIndicesW
GetKerningPairsW
DeleteObject
RemoveFontMemResourceEx
SetMapMode
CreateFontIndirectW
GetOutlineTextMetricsW
SelectObject
CreateBitmap
CombineRgn
RestoreDC
ExcludeClipRect
GetObjectW
GetRegionData
CreateRectRgn
GetPixel
CreateRectRgnIndirect
StretchDIBits
CreateDIBSection
GetGlyphOutlineW
AddFontMemResourceEx
SaveDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW

shell32

SHFileOperationW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
ExtractAssociatedIconW
SHGetMalloc
ShellExecuteW

ole32

RevokeDragDrop
RegisterDragDrop
CoTaskMemAlloc
OleInitialize
OleUninitialize
CLSIDFromString
CoTaskMemFree
CoCreateInstance
PropVariantClear
CoInitialize
DoDragDrop

wininet

HttpSendRequestExW
HttpEndRequestW
InternetCrackUrlW
InternetSetFilePointer
InternetCloseHandle
InternetOpenW
HttpOpenRequestW
InternetQueryOptionW
InternetWriteFile
FtpOpenFileW
InternetConnectW
InternetSetOptionW
HttpQueryInfoW
InternetReadFile

ws2_32

send
inet_ntoa
recv
getsockopt
setsockopt
WSAStartup
select
closesocket
accept
__WSAFDIsSet

shlwapi

PathStripToRootW

winmm

midiInGetDevCapsW
midiInStart
midiInReset
midiOutOpen
midiOutPrepareHeader
midiOutGetDevCapsW
midiInOpen
midiInUnprepareHeader
midiInClose
midiInAddBuffer
midiInGetNumDevs
midiOutShortMsg
timeBeginPeriod
timeGetTime
timeKillEvent
midiInStop
midiOutClose
midiOutLongMsg
midiInPrepareHeader
midiOutGetNumDevs
midiOutUnprepareHeader

dbghelp

SymFromAddr
SymInitialize
SymGetModuleInfo64

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a62fca158ffd4c3359312000da2b541a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

wininet

ws2_32

shlwapi

winmm

dbghelp

imm32

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 4.5MB - Virtual size: 4.5MB

.data Size: 79KB - Virtual size: 88KB

.pdata Size: 168KB - Virtual size: 167KB

.gfids Size: 1024B - Virtual size: 524B

.tls Size: 512B - Virtual size: 25B

_RDATA Size: 10KB - Virtual size: 9KB

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 42KB - Virtual size: 42KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 4.5MB - Virtual size: 4.5MB

.data
Size: 79KB - Virtual size: 88KB

.pdata
Size: 168KB - Virtual size: 167KB

.gfids
Size: 1024B - Virtual size: 524B

.tls
Size: 512B - Virtual size: 25B

_RDATA
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 42KB - Virtual size: 42KB