2024-04-26_436d15071e4711a00d53af39f70deb7d_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-26_436d15071e4711a00d53af39f70deb7d_ryuk
Size

6.9MB
MD5

436d15071e4711a00d53af39f70deb7d
SHA1

8e60c4525fd9e7cbc31013cec46fde5dcbe4278a
SHA256

a0cfd30942249773ba86fdb59f30d47c7b3361181591e2f33b291de3b5c6bdf4
SHA512

3d0bbca1055a8b6f56f4f420abf0e78a81c078abdfb03e09d2dd0fb792da6664de41488cc63564fae0b92460809abbd47dcbb937cb7014eed4c460e84b3a6e03
SSDEEP

49152:xpY0nyIpcd77XY+n3PsYEjOtPtlkLpcX808KnWph/vaWn3Rq1diNNKi/8kcLMNpJ:FCavfKINN35iTchp4SEv4niAUJce0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-26_436d15071e4711a00d53af39f70deb7d_ryuk

Files

2024-04-26_436d15071e4711a00d53af39f70deb7d_ryuk
.exe windows:6 windows x64 arch:x64

1987b39590b72f7c01b94e5918c1959a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bthprops.cpl

BluetoothFindFirstRadio
BluetoothFindNextDevice
BluetoothFindFirstDevice
BluetoothGetRadioInfo
BluetoothFindRadioClose
BluetoothFindDeviceClose
BluetoothGetDeviceInfo
BluetoothFindNextRadio
BluetoothSendAuthenticationResponseEx
BluetoothUnregisterAuthentication
BluetoothRegisterForAuthenticationEx
BluetoothIsConnectable
BluetoothEnableIncomingConnections
BluetoothIsDiscoverable
BluetoothEnableDiscovery
BluetoothEnumerateInstalledServices
BluetoothSetServiceState
BluetoothAuthenticateDeviceEx
BluetoothRemoveDevice

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

hid

HidD_SetOutputReport

msvfw32

ICDecompress
ICOpen
ICSendMessage
ICClose

avifil32

AVIStreamGetFrameClose
AVIStreamGetFrame
AVIStreamGetFrameOpen
AVIStreamInfoA
AVIStreamRelease
AVIFileInit
AVIFileRelease
AVIFileOpenA
AVIFileGetStream

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

kernel32

ExitProcess
HeapReAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
ReadConsoleW
PeekNamedPipe
GetDateFormatW
GetTimeFormatW
GetLastError
LocalFree
FormatMessageW
GetCurrentProcessId
Sleep
GetTickCount
SwitchToThread
SetLastError
GetCurrentProcess
CloseHandle
DuplicateHandle
UnmapViewOfFile
CreateFileMappingA
MapViewOfFileEx
CreateFileA
GetSystemInfo
GetFileSizeEx
FormatMessageA
SetEndOfFile
SetFilePointerEx
WriteFile
GetProcAddress
GetModuleHandleA
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
WaitForSingleObject
SetEvent
ResetEvent
CreateEventA
CreateThread
GetCurrentThreadId
VerSetConditionMask
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseMutex
CreateMutexW
SetWaitableTimer
QueueUserAPC
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
GetModuleHandleW
WaitForMultipleObjects
CreateWaitableTimerExA
IsValidLocale
CreateSemaphoreA
WaitForSingleObjectEx
ReleaseSemaphore
GetProcessHeap
HeapAlloc
HeapFree
WideCharToMultiByte
RaiseException
GetOverlappedResult
DeviceIoControl
CancelIo
FreeLibrary
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
GetFileAttributesW
GetFullPathNameW
AreFileApisANSI
MultiByteToWideChar
GetSystemTimeAsFileTime
OpenEventA
WaitForMultipleObjectsEx
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
SystemTimeToFileTime
CreateEventW
SleepEx
GetVersionExA
SetThreadAffinityMask
GetProcessAffinityMask
DeleteFileA
TryEnterCriticalSection
GetTempPathA
GetTempFileNameA
GetTempPathW
GetDriveTypeW
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleExW
ExitThread
SetConsoleCtrlHandler
GetACP
RtlUnwindEx
RtlPcToFileHeader
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
UnregisterWait
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
LoadLibraryW
RegisterWaitForSingleObject
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetTimeZoneInformation
SetStdHandle
FindFirstFileExA
FindNextFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
HeapSize
VerifyVersionInfoA
InterlockedPushEntrySList
InterlockedPopEntrySList
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
GetExitCodeThread
GetCurrentThread

user32

UnregisterDeviceNotification
RegisterClassExA
RegisterDeviceNotificationA
DestroyWindow
GetMessageA
DefWindowProcA
UnregisterClassA
GetActiveWindow
PeekMessageA
DispatchMessageA
CreateWindowExA
TranslateMessage
GetRawInputDeviceInfoA
GetRawInputDeviceList
SendMessageA
IsWindow
SetWindowPos

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

OleCreatePropertyFrame
VariantClear
VariantInit

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
EnumServicesStatusA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A
ChangeServiceConfigA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceCtrlDispatcherA

winmm

timeBeginPeriod
timeEndPeriod

ws2_32

WSASocketW
WSARecv
WSAGetLastError
WSAAddressToStringW
WSASend
WSASendTo
WSARecvFrom
WSAStartup
WSACleanup
bind
closesocket
ioctlsocket
htonl
htons
listen
ntohl
ntohs
setsockopt
shutdown
WSASetLastError

mswsock

AcceptEx
GetAcceptExSockaddrs

Exports

Exports

hid_close
hid_enumerate
hid_error
hid_exit
hid_free_enumeration
hid_get_feature_report
hid_get_indexed_string
hid_get_manufacturer_string
hid_get_product_string
hid_get_serial_number_string
hid_init
hid_open
hid_open_path
hid_read
hid_read_timeout
hid_send_feature_report
hid_set_nonblocking
hid_write

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 788KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1987b39590b72f7c01b94e5918c1959a

Headers

DLL Characteristics

File Characteristics

Imports

bthprops.cpl

setupapi

hid

msvfw32

avifil32

avicap32

kernel32

user32

ole32

oleaut32

advapi32

winmm

ws2_32

mswsock

Exports

Exports

Sections

.text Size: 4.8MB - Virtual size: 4.8MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 119KB - Virtual size: 788KB

.pdata Size: 219KB - Virtual size: 218KB

.tls Size: 512B - Virtual size: 29B

.gfids Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 4.8MB - Virtual size: 4.8MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 119KB - Virtual size: 788KB

.pdata
Size: 219KB - Virtual size: 218KB

.tls
Size: 512B - Virtual size: 29B

.gfids
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 33KB - Virtual size: 32KB