2024-04-24_ad4720acfbf019605c9ce2e57516621a_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-24_ad4720acfbf019605c9ce2e57516621a_ryuk
Size

619KB
MD5

ad4720acfbf019605c9ce2e57516621a
SHA1

0daa9d2548c5ceac398de30e6ccf8181725bfd23
SHA256

cabbfe0445d93ae8a9075970f08ce1fdaba0b4b915ad05e765366271b638d128
SHA512

bb3cae11beb4cb5a73f054636c3ea1fba862ed0e3fcb0855823458e05b3a28d5b77f4c6095208ce7f5e990fd3bb9b63d46366fc0dd610dd7ce71f0ee53c868e5
SSDEEP

12288:GLY7soB7Vn6KK2sL/g9N9/5nbIIcM47uo3xQ4I:qY7soB7jK219HRnkU4Q4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-24_ad4720acfbf019605c9ce2e57516621a_ryuk

Files

2024-04-24_ad4720acfbf019605c9ce2e57516621a_ryuk
.exe windows:5 windows x64 arch:x64

78beeb738826e0b9408f6182f314ac92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\C\Projects\Saver\x64\Release\Hypno.pdb

Imports

comctl32

ImageList_Destroy
ImageList_Create
ImageList_AddMasked
PropertySheetA
ord17
ord16

kernel32

LockResource
QueryPerformanceFrequency
LoadResource
SetFileAttributesA
GetPriorityClass
LocalFree
VerSetConditionMask
VerifyVersionInfoW
GetPrivateProfileIntA
QueryPerformanceCounter
WritePrivateProfileStructA
SetLastError
GetPrivateProfileStructA
lstrcmpiA
GetPrivateProfileStringA
WritePrivateProfileSectionA
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetStringTypeW
WriteConsoleW
SetFilePointerEx
SetStdHandle
HeapFree
GetModuleHandleExW
GetStdHandle
GetCommandLineW
GetFileType
CreateFileW
GetConsoleCP
WideCharToMultiByte
GetConsoleMode
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
GetModuleFileNameW
RaiseException
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GlobalSize
GlobalAlloc
GlobalFree
ReadFile
WriteFile
GetTickCount
lstrlenA
UnmapViewOfFile
CreateFileA
CloseHandle
CreateFileMappingA
CompareStringA
FreeResource
LocalAlloc
FindResourceA
OpenFile
TerminateProcess
GetCurrentProcess
SetPriorityClass
GetVersionExA
GetCommandLineA
WritePrivateProfileStringA
CreateEventA
CreateProcessA
FreeLibrary
SystemTimeToFileTime
DeleteFileA
LoadLibraryA
GetLastError
CopyFileA
WaitForSingleObject
WinExec
Sleep
MulDiv
GetLocalTime
GetProcAddress
GetWindowsDirectoryA
lstrcpyA
GetFileAttributesA
MultiByteToWideChar
GetACP
lstrcatA
GetCurrentDirectoryA
FindClose
GetFullPathNameA
FindNextFileA
FindFirstFileA
GetModuleFileNameA
_lclose
_hwrite
lstrcmpA
HeapAlloc
MapViewOfFile
ExitProcess
GetFileSize

user32

ReleaseCapture
CreateDialogParamA
GetWindowTextA
SendDlgItemMessageA
SetCapture
LoadBitmapA
GetDlgItemTextA
EndDialog
GetKeyState
WaitForInputIdle
SetRect
GetClientRect
ReleaseDC
FindWindowExA
PostMessageA
GetDC
PtInRect
FrameRect
ScreenToClient
FillRect
CharLowerA
wsprintfA
LoadImageA
WindowFromDC
EnableWindow
GetParent
CheckDlgButton
GetDlgItem
DispatchMessageA
DialogBoxParamA
GetForegroundWindow
TranslateMessage
SetCursor
SystemParametersInfoA
PostQuitMessage
SetWindowTextA
MessageBoxA
GetDlgItemInt
MapDialogRect
PeekMessageA
SetDlgItemInt
DrawTextA
MoveWindow
GetDesktopWindow
DrawEdge
SetWindowLongPtrA
InvalidateRect
BeginPaint
EndPaint
GetWindowRect
LoadCursorA
DestroyWindow
SetWindowPos
CreatePopupMenu
GetWindowPlacement
TrackPopupMenu
ShowWindow
IsWindow
SetTimer
CharUpperBuffA
SetWindowPlacement
RegisterClassA
DefWindowProcA
DestroyMenu
CreateWindowExA
GetWindowDC
LoadIconA
AppendMenuA
GetWindowLongPtrA
KillTimer
UpdateWindow
GetCursorPos
EnumDisplayMonitors
GetSystemMetrics
OffsetRect
ClientToScreen
GetMonitorInfoA
GetActiveWindow
IsDlgButtonChecked
SetDlgItemTextA
SendMessageA
SetFocus

gdi32

LineDDA
GetPaletteEntries
IntersectClipRect
PolyBezier
Polyline
CreatePen
CreateRectRgn
SetTextColor
ExcludeClipRect
GetTextExtentPoint32A
FillPath
BeginPath
SelectClipPath
EndPath
TextOutA
SetBkMode
SelectClipRgn
CreateFontIndirectA
GdiFlush
Rectangle
BitBlt
CreateCompatibleBitmap
GetDIBColorTable
SetDIBColorTable
GetDeviceCaps
GetSystemPaletteEntries
GetObjectA
RealizePalette
GetStockObject
AnimatePalette
SelectPalette
CreatePalette
CreateSolidBrush
SelectObject
CreateDIBSection
CreateCompatibleDC
PatBlt
StretchBlt
SetStretchBltMode
DeleteObject
LineTo
Polygon
MoveToEx
DeleteDC

comdlg32

ChooseColorA
GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

SystemFunction036
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
GetUserNameA
RegOpenKeyA
RegCreateKeyA
RegOpenKeyExA

shell32

ShellExecuteA

ole32

CoInitialize

winmm

sndPlaySoundA

gdiplus

GdipLoadImageFromFile
GdipCloneImage
GdiplusShutdown
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipFree
GdiplusStartup
GdipAlloc

Sections

.text
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78beeb738826e0b9408f6182f314ac92

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

winmm

gdiplus

Sections

.text Size: 298KB - Virtual size: 297KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 3KB - Virtual size: 69KB

.pdata Size: 12KB - Virtual size: 12KB

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 232KB - Virtual size: 231KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 298KB - Virtual size: 297KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 3KB - Virtual size: 69KB

.pdata
Size: 12KB - Virtual size: 12KB

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 232KB - Virtual size: 231KB

.reloc
Size: 2KB - Virtual size: 1KB