Extracted

• 2024-04-25_871074d46d7e27838ff7ce2559e8e0d6_cobalt-strike_ryuk

  .exe windows:6 windows x64 arch:x64

  13235f12bec0089819abb93d2e545004

  
  

  Code Sign

  4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  19/01/2010, 00:00

  Not After

  18/01/2038, 23:59

  Subject

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  09/05/2013, 00:00

  Not After

  08/05/2028, 23:59

  Subject

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38

  Certificate

  Issuer

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  13/11/2018, 00:00

  Not After

  08/11/2021, 23:59

  Subject

  CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02/05/2019, 00:00

  Not After

  18/01/2038, 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  23/10/2020, 00:00

  Not After

  22/01/2032, 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  19/01/2010, 00:00

  Not After

  18/01/2038, 23:59

  Subject

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  09/05/2013, 00:00

  Not After

  08/05/2028, 23:59

  Subject

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38

  Certificate

  Issuer

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  13/11/2018, 00:00

  Not After

  08/11/2021, 23:59

  Subject

  CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02/05/2019, 00:00

  Not After

  18/01/2038, 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  23/10/2020, 00:00

  Not After

  22/01/2032, 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  8a:8d:4b:c5:ba:65:ba:92:23:0c:0a:b8:ef:9f:0e:2a:23:4c:ee:78:8e:82:41:91:a6:5c:e2:4b:3e:7d:49:80

  Signer

  Actual PE Digest

  8a:8d:4b:c5:ba:65:ba:92:23:0c:0a:b8:ef:9f:0e:2a:23:4c:ee:78:8e:82:41:91:a6:5c:e2:4b:3e:7d:49:80

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  71:6f:fa:76:91:45:96:e8:f7:40:df:47:79:3c:df:d3:dc:ca:02:ae

  Signer

  Actual PE Digest

  71:6f:fa:76:91:45:96:e8:f7:40:df:47:79:3c:df:d3:dc:ca:02:ae

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  gdi32

  CreateBitmap

  CreateCompatibleBitmap

  CreateCompatibleDC

  CreateFontA

  CreateFontIndirectA

  CreatePalette

  CreatePen

  CreateSolidBrush

  DeleteDC

  DeleteObject

  ExcludeClipRect

  ExtTextOutA

  ExtTextOutW

  GetBkMode

  GetCharABCWidthsFloatA

  GetCharWidth32A

  GetCharWidth32W

  GetCharWidthA

  GetCharWidthW

  GetCharacterPlacementW

  GetDeviceCaps

  GetObjectA

  GetOutlineTextMetricsA

  GetPixel

  GetStockObject

  GetTextExtentExPointA

  GetTextExtentPoint32A

  GetTextMetricsA

  IntersectClipRect

  LineTo

  MoveToEx

  Polyline

  RealizePalette

  Rectangle

  SelectObject

  SelectPalette

  SetBkColor

  SetBkMode

  SetMapMode

  SetPaletteEntries

  SetPixel

  SetTextAlign

  SetTextColor

  TextOutA

  TranslateCharsetInfo

  UnrealizeObject

  UpdateColors

  user32

  AppendMenuA

  BeginPaint

  CheckDlgButton

  CheckMenuItem

  CheckRadioButton

  CloseClipboard

  CreateCaret

  CreateDialogParamA

  CreateMenu

  CreatePopupMenu

  CreateWindowExA

  CreateWindowExW

  DefDlgProcA

  DefWindowProcA

  DefWindowProcW

  DeleteMenu

  DestroyCaret

  DestroyIcon

  DestroyWindow

  DialogBoxParamA

  DispatchMessageA

  DispatchMessageW

  DrawEdge

  DrawIconEx

  EmptyClipboard

  EnableMenuItem

  EnableWindow

  EndDialog

  EndPaint

  FindWindowA

  FlashWindow

  GetCapture

  GetCaretBlinkTime

  GetClientRect

  GetClipboardData

  GetClipboardOwner

  GetCursorPos

  GetDC

  GetDesktopWindow

  GetDlgItem

  GetDlgItemTextA

  GetDoubleClickTime

  GetForegroundWindow

  GetKeyboardLayout

  GetKeyboardState

  GetMessageA

  GetMessageTime

  GetParent

  GetQueueStatus

  GetScrollInfo

  GetSysColor

  GetSysColorBrush

  GetSystemMenu

  GetSystemMetrics

  GetWindowLongPtrA

  GetWindowPlacement

  GetWindowRect

  GetWindowTextA

  GetWindowTextLengthA

  HideCaret

  InsertMenuA

  InvalidateRect

  IsDialogMessageA

  IsDlgButtonChecked

  IsIconic

  IsWindow

  IsZoomed

  KillTimer

  LoadCursorA

  LoadIconA

  LoadImageA

  MapDialogRect

  MessageBeep

  MessageBoxA

  MessageBoxIndirectA

  MoveWindow

  MsgWaitForMultipleObjects

  OffsetRect

  OpenClipboard

  PeekMessageA

  PeekMessageW

  PostMessageA

  PostQuitMessage

  RegisterClassA

  RegisterClassW

  RegisterClipboardFormatA

  RegisterWindowMessageA

  ReleaseCapture

  ReleaseDC

  ScreenToClient

  SendDlgItemMessageA

  SendMessageA

  SetActiveWindow

  SetCapture

  SetCaretPos

  SetClassLongPtrA

  SetClipboardData

  SetCursor

  SetDlgItemTextA

  SetFocus

  SetForegroundWindow

  SetKeyboardState

  SetScrollInfo

  SetTimer

  SetWindowLongPtrA

  SetWindowPlacement

  SetWindowPos

  SetWindowTextA

  ShowCaret

  ShowCursor

  ShowWindow

  SystemParametersInfoA

  ToAsciiEx

  TrackPopupMenu

  TranslateMessage

  UpdateWindow

  comdlg32

  ChooseColorA

  ChooseFontA

  GetOpenFileNameA

  GetSaveFileNameA

  shell32

  ShellExecuteA

  ole32

  CoCreateInstance

  CoInitialize

  CoUninitialize

  imm32

  ImmGetCompositionStringW

  ImmGetContext

  ImmReleaseContext

  ImmSetCompositionFontA

  ImmSetCompositionWindow

  advapi32

  AllocateAndInitializeSid

  CopySid

  EqualSid

  GetLengthSid

  GetUserNameA

  InitializeSecurityDescriptor

  RegCloseKey

  RegCreateKeyA

  RegCreateKeyExA

  RegDeleteKeyA

  RegDeleteValueA

  RegEnumKeyA

  RegOpenKeyA

  RegQueryValueExA

  RegSetValueExA

  SetSecurityDescriptorDacl

  SetSecurityDescriptorOwner

  kernel32

  Beep

  ClearCommBreak

  CloseHandle

  CompareStringW

  ConnectNamedPipe

  CreateEventA

  CreateFileA

  CreateFileMappingA

  CreateFileW

  CreateMutexA

  CreateNamedPipeA

  CreatePipe

  CreateProcessA

  CreateThread

  DeleteCriticalSection

  DeleteFileA

  EncodePointer

  EnterCriticalSection

  ExitProcess

  FindClose

  FindFirstFileA

  FindFirstFileExW

  FindNextFileA

  FindNextFileW

  FindResourceA

  FlushFileBuffers

  FormatMessageA

  FreeEnvironmentStringsW

  FreeLibrary

  GetACP

  GetCPInfo

  GetCommState

  GetCommandLineA

  GetCommandLineW

  GetConsoleCP

  GetConsoleMode

  GetCurrentDirectoryA

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThread

  GetCurrentThreadId

  GetDateFormatW

  GetEnvironmentStringsW

  GetEnvironmentVariableA

  GetFileAttributesExA

  GetFileType

  GetLastError

  GetLocalTime

  GetLocaleInfoA

  GetModuleFileNameA

  GetModuleFileNameW

  GetModuleHandleA

  GetModuleHandleExW

  GetModuleHandleW

  GetOEMCP

  GetOverlappedResult

  GetProcAddress

  GetProcessHeap

  GetProcessTimes

  GetStartupInfoW

  GetStdHandle

  GetStringTypeW

  GetSystemDirectoryA

  GetSystemTimeAsFileTime

  GetTempPathA

  GetThreadTimes

  GetTickCount

  GetTimeFormatW

  GetTimeZoneInformation

  GetVersionExA

  GetWindowsDirectoryA

  GlobalAlloc

  GlobalFree

  GlobalLock

  GlobalMemoryStatus

  GlobalUnlock

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  InitializeCriticalSectionAndSpinCount

  InitializeSListHead

  IsDBCSLeadByteEx

  IsDebuggerPresent

  IsProcessorFeaturePresent

  IsValidCodePage

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryExA

  LoadLibraryExW

  LoadResource

  LocalAlloc

  LocalFileTimeToFileTime

  LocalFree

  LockResource

  MapViewOfFile

  MulDiv

  MultiByteToWideChar

  OpenProcess

  OutputDebugStringW

  QueryPerformanceCounter

  RaiseException

  ReadConsoleW

  ReadFile

  ReleaseMutex

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlPcToFileHeader

  RtlUnwindEx

  RtlVirtualUnwind

  SetCommBreak

  SetCommState

  SetCommTimeouts

  SetCurrentDirectoryA

  SetEndOfFile

  SetEnvironmentVariableW

  SetEvent

  SetFilePointerEx

  SetHandleInformation

  SetLastError

  SetStdHandle

  SetUnhandledExceptionFilter

  SizeofResource

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  UnmapViewOfFile

  WaitForSingleObject

  WaitNamedPipeA

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  Sections

  .text

  Size: 666KB - Virtual size: 666KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 189KB - Virtual size: 189KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 24KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .00cfg

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 334KB - Virtual size: 333KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ