Static task
static1
Behavioral task
behavioral1
Sample
2024-04-26_0e33b23d5651e90dcce204ee86248217_ryuk.exe
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral2
Sample
2024-04-26_0e33b23d5651e90dcce204ee86248217_ryuk.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
Target
2024-04-26_0e33b23d5651e90dcce204ee86248217_ryuk
Size
16.1MB
MD5
0e33b23d5651e90dcce204ee86248217
SHA1
1f1dd806db1c04f2586fcc86378917014b32cac5
SHA256
6411e459df15c19e811edb31b4d821a36346b6642ff53797c6df9e9ff522d195
SHA512
712b2356f523d321c03d8d3bb78a8009400b7ff88b0785a0fcffd24968f77f02319cd23de1d190f5d5ec721e6f5a4a6bba89be9f2cda0671c0814c4801dc604f
SSDEEP
393216:haPGo0WDQKliDW3CxiTYKf3FjoOxb4PWU3FGkSKYYRf6aJEvoar9c1we20Ks+IBQ:M3sKR
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
C:\jenkins_home\workspace\indows-4.5-non-Arxan_release_5.5\build\x64\ReleaseProductionEnvironment\Agent\QualysAgent.pdb
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptVerifySignatureW
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegFlushKey
GetTokenInformation
CreateProcessAsUserW
DuplicateTokenEx
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetNamedSecurityInfoW
InitiateSystemShutdownExW
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
LookupAccountSidW
RegQueryInfoKeyW
RegEnumKeyExW
LookupPrivilegeValueA
CryptAcquireContextA
SystemFunction036
SetFileSecurityW
DeleteService
ControlService
StartServiceW
LsaEnumeratePrivileges
LsaEnumerateAccountsWithUserRight
RegEnumValueW
CryptImportKey
LsaLookupNames2
ConvertStringSidToSidW
ConvertSidToStringSidW
LsaQueryDomainInformationPolicy
GetNamedSecurityInfoW
QueryServiceConfigW
EnumServicesStatusExW
RegLoadKeyW
RegUnLoadKeyW
QueryServiceStatus
SetSecurityDescriptorSacl
LsaNtStatusToWinError
RegEnumKeyW
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy
LsaFreeMemory
RegOpenKeyW
CreateRestrictedToken
LogonUserW
CryptDeriveKey
CryptDecrypt
CryptEncrypt
RegNotifyChangeKeyValue
CryptGetHashParam
AbortSystemShutdownW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityInfo
RegGetKeySecurity
GetFileSecurityW
CryptDecodeObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertEnumCertificatesInStore
CertOpenSystemStoreW
CryptBinaryToStringA
CryptStringToBinaryW
CertCreateCertificateContext
CryptImportPublicKeyInfo
CertFreeCertificateContext
CertOpenStore
CertAddEncodedCertificateToStore
CertCloseStore
CryptUnprotectData
CryptMsgClose
CryptBinaryToStringW
CryptStringToBinaryA
CryptDecryptMessage
CryptMsgUpdate
CryptMsgOpenToDecode
CertGetCertificateContextProperty
CryptQueryObject
DhcpCApiInitialize
DhcpCApiCleanup
DhcpRequestParams
GetExtendedTcpTable
GetIpForwardTable
GetAdaptersInfo
GetAdaptersAddresses
GetExtendedUdpTable
GetIpAddrTable
GetTimeZoneInformation
SetFileAttributesW
FindNextFileW
RemoveDirectoryW
FindResourceW
LoadResource
SizeofResource
LockResource
FileTimeToLocalFileTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ExpandEnvironmentStringsW
GetComputerNameExW
GetCurrentProcessId
ReleaseMutex
CompareFileTime
GetWindowsDirectoryW
GetCommandLineW
CreateTimerQueueTimer
DeleteTimerQueueTimer
WTSGetActiveConsoleSessionId
OutputDebugStringW
DebugBreak
HeapSize
RaiseException
DecodePointer
HeapDestroy
OpenThread
SuspendThread
GetSystemInfo
CreateThread
GetVolumeInformationW
QueryDosDeviceW
FileTimeToSystemTime
SystemTimeToFileTime
GetTempPathW
GetCurrentProcess
OpenMutexW
VirtualQueryEx
CreateMutexA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetConsoleCtrlHandler
WriteConsoleW
SetStdHandle
CreateProcessA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetModuleFileNameA
GetCommandLineA
ReadConsoleW
GetConsoleMode
SystemTimeToTzSpecificLocalTime
GetFileType
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
OpenEventW
GetModuleHandleExW
ExitThread
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
SetProcessAffinityMask
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
CancelWaitableTimer
RtlCaptureContext
GetLocaleInfoW
GetSystemDefaultLCID
LCMapStringW
CompareStringW
GetModuleFileNameW
FindClose
FindFirstFileW
Sleep
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
ResumeThread
GetProcessId
CreateDirectoryW
GetProcessTimes
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
DeleteCriticalSection
CreateWaitableTimerW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetLocalTime
ResetEvent
SetEvent
FormatMessageW
LocalAlloc
LocalFree
CreateEventW
GetSystemTime
SetLastError
GlobalAlloc
GlobalFree
DeleteFileW
HeapReAlloc
HeapAlloc
SetFilePointer
WaitForMultipleObjectsEx
WaitForSingleObject
GetProcessHeap
HeapFree
CloseHandle
GetFileSizeEx
GetLastError
OpenProcess
CopyFileW
GetFileAttributesW
QueueUserWorkItem
RtlCaptureStackBackTrace
EncodePointer
RtlPcToFileHeader
GetExitCodeProcess
MoveFileW
GetTempFileNameW
WaitForMultipleObjects
TerminateProcess
CreateProcessW
DisconnectNamedPipe
ReadFile
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeW
MoveFileExW
QueryPerformanceFrequency
GetNativeSystemInfo
GetExitCodeThread
GetStringTypeW
IsDebuggerPresent
FileTimeToDosDateTime
WriteFile
CreateFileW
SetWaitableTimer
ExitProcess
TerminateThread
GetCurrentDirectoryW
SetUnhandledExceptionFilter
GetConsoleCP
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameW
GetVersion
VerSetConditionMask
VerifyVersionInfoW
GetDriveTypeW
GetCurrentThread
SetThreadPriority
CreatePipe
SetHandleInformation
PeekNamedPipe
GetFileInformationByHandle
GetSystemDirectoryW
LoadLibraryExW
GetSystemTimeAsFileTime
GetFileSize
MapViewOfFile
CreateFileMappingW
FormatMessageA
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnmapViewOfFile
GetVersionExW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
InitializeCriticalSection
TryEnterCriticalSection
ReadProcessMemory
ChangeTimerQueueTimer
GetEnvironmentVariableW
SetEnvironmentVariableW
lstrcmpA
DuplicateHandle
SetFilePointerEx
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
SetThreadAffinityMask
ReleaseSemaphore
CreateSemaphoreW
LoadLibraryExA
SetErrorMode
GetComputerNameExA
Thread32First
Thread32Next
SetFileTime
GetModuleHandleA
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
GetStdHandle
GetProcessAffinityMask
GlobalMemoryStatusEx
AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject
ExpandEnvironmentStringsA
TerminateJobObject
MoveFileExA
WaitNamedPipeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLongPathNameW
GetShortPathNameW
GetFileTime
DeviceIoControl
GetVolumePathNamesForVolumeNameW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetPrivateProfileStringW
IsWow64Process
ReadDirectoryChangesW
GetTempFileNameA
ProcessIdToSessionId
LocalFileTimeToFileTime
ReadFileEx
WriteFileEx
SetCurrentDirectoryW
DosDateTimeToFileTime
StgIsStorageFile
OleRun
StgOpenStorage
StgOpenStorageEx
PropVariantClear
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
StgIsStorageILockBytes
IIDFromString
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2
CreateStreamOnHGlobal
CoCreateGuid
CLSIDFromString
SysFreeString
VariantClear
VariantInit
CreateErrorInfo
GetErrorInfo
VariantTimeToSystemTime
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SetErrorInfo
SysAllocString
GetModuleFileNameExW
CommandLineToArgvW
SHGetFileInfoW
SHFileOperationW
SHGetFolderPathW
SHCreateDirectoryExW
SHDeleteKeyW
StrChrW
PathIsDirectoryEmptyW
PathStripPathA
PathFileExistsA
PathAppendW
PathRemoveFileSpecW
StrStrIA
PathCanonicalizeW
StrStrW
PathFileExistsW
PathCombineW
PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathStripPathW
StrStrIW
PathIsRelativeW
UnregisterClassW
PostThreadMessageW
CharUpperW
CharPrevExA
DestroyIcon
MessageBeep
WinHttpOpenRequest
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpGetDefaultProxyConfiguration
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpOpen
WinHttpCrackUrl
DestroyEnvironmentBlock
CreateEnvironmentBlock
WTSFreeMemory
WTSQuerySessionInformationW
WTSQueryUserToken
WTSEnumerateSessionsW
WSAGetLastError
WSAAddressToStringW
ntohs
WSACleanup
WSAStartup
inet_addr
WSAAddressToStringA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
SymSetOptions
SymInitialize
SymCleanup
SymGetModuleInfoW64
MiniDumpWriteDump
DnsFree
DnsQuery_W
NetUserGetInfo
NetLocalGroupGetMembers
NetLocalGroupEnum
NetUserModalsGet
NetUserEnum
NetApiBufferFree
NetShareEnum
NetShareGetInfo
WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
NtClose
FilterDetach
FilterAttach
FilterSendMessage
FilterConnectCommunicationPort
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ