2024-04-27_34c4254e235fc7eec9583e60f9caa6aa_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-27_34c4254e235fc7eec9583e60f9caa6aa_ryuk
Size

3.7MB
MD5

34c4254e235fc7eec9583e60f9caa6aa
SHA1

9618ce799603ab29f6bcf6ad6980cc9fb9ca61ac
SHA256

db1d66eed8459ce1b7c72d2c4e1326a1cc5bed50e4535679b8e7890fe3106d91
SHA512

992043000c63a9ce9cfe0f3cae0a64f161500727e49debdf70969291c4c03921fd34920bba3743f8aa0df3a5f9653b4367496ef54112ad6a87d4ce929bc79a04
SSDEEP

49152:LFg351Jg2TDu3Smqh7U91MWbkujdGXEBj3liyBteB9hFtYdqlMMNPFd1YMGyNNAW:S/Gbk2GXmtdqPPFrYMzYHD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-04-27_34c4254e235fc7eec9583e60f9caa6aa_ryuk

Files

2024-04-27_34c4254e235fc7eec9583e60f9caa6aa_ryuk
.exe windows:5 windows x64 arch:x64

283f4ce510df26dff8de5f0d08db43d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\jnks\workspace\K29_Production_Build\build4570\SxS\src\x64\Release\HPInstallerExe.pdb

Imports

kernel32

HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
GetCurrentThread
GetCurrentThreadId
GetVersionExW
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
LoadResource
LockResource
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemDefaultLCID
GetUserDefaultLangID
ProcessIdToSessionId
GetComputerNameExW
WaitNamedPipeW
CreateNamedPipeW
MoveFileExW
CreateDirectoryW
GetDiskFreeSpaceExW
SetCurrentDirectoryW
GetEnvironmentVariableW
CreateProcessW
OpenFileMappingW
OpenEventW
OpenMutexW
FlushViewOfFile
PeekNamedPipe
DisconnectNamedPipe
ConnectNamedPipe
CreatePipe
GetLocalTime
GetSystemTime
DeviceIoControl
WaitForMultipleObjects
TryEnterCriticalSection
GetExitCodeThread
TerminateThread
GetExitCodeProcess
GlobalMemoryStatusEx
SizeofResource
LeaveCriticalSection
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingW
CreateMutexW
GetLongPathNameW
OpenProcess
ExpandEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetACP
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GlobalAlloc
CreateEventW
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpW
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
CompareStringA
CloseHandle
SetEvent
WaitForSingleObject
HeapFree
SetThreadPriority
ResumeThread
GetModuleHandleW
GetProcAddress
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
GetCurrentProcessId
OutputDebugStringA
SetLastError
FreeResource
GetModuleHandleExW
GlobalUnlock
GlobalFree
LoadLibraryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
EncodePointer
GetSystemDirectoryW
GlobalFindAtomW
GlobalSize
LocalFree
MulDiv
FormatMessageW
CopyFileW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
DeleteFileW
GlobalGetAtomNameW
VerSetConditionMask
lstrcpyW
VerifyVersionInfoW
CreateFileW
GetFileAttributesW
GetFileSize
FindClose
FindFirstFileW
FlushFileBuffers
GetFullPathNameW
GetShortPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
VirtualProtect
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetFileAttributesW
SystemTimeToTzSpecificLocalTime
SearchPathW
GetTempFileNameW
GetTempPathW
GetTickCount
GetProfileIntW
Sleep
GetWindowsDirectoryW
FindResourceExW
GetUserDefaultLCID
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW

user32

DestroyAcceleratorTable
CreateAcceleratorTableW
MapVirtualKeyW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
PostThreadMessageW
ModifyMenuW
NotifyWinEvent
InflateRect
SetWindowRgn
GetSystemMenu
GetAsyncKeyState
CharUpperW
TrackMouseEvent
IsRectEmpty
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
GetSysColorBrush
SetLayeredWindowAttributes
MonitorFromPoint
MessageBeep
RedrawWindow
IsZoomed
GetLastActivePopup
IsWindow
DestroyWindow
CreateDialogIndirectParamW
EndDialog
SetParent
GetSystemMetrics
ReuseDDElParam
UnpackDDElParam
LoadImageW
DestroyIcon
IntersectRect
SetRectEmpty
CopyAcceleratorTableW
DestroyMenu
CreatePopupMenu
LoadMenuW
TranslateAcceleratorW
LoadAcceleratorsW
RegisterClipboardFormatW
LockWindowUpdate
SetClassLongPtrW
SendDlgItemMessageA
GetMenuItemInfoW
MapDialogRect
GetKeyNameTextW
UnionRect
SetRect
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
BringWindowToTop
FillRect
SetCursorPos
CharUpperBuffW
UpdateLayeredWindow
EnableScrollBar
GetMenuDefaultItem
SetMenuDefaultItem
CopyIcon
FrameRect
GetDlgItem
GetNextDlgTabItem
SetActiveWindow
GetDesktopWindow
RegisterWindowMessageW
PostQuitMessage
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
IsClipboardFormatAvailable
DrawMenuBar
InsertMenuItemW
EnumChildWindows
DefFrameProcW
DefMDIChildProcW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
AllowSetForegroundWindow
MsgWaitForMultipleObjects
SendMessageCallbackW
ExitWindowsEx
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
OpenWindowStationW
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenDesktopW
MsgWaitForMultipleObjectsEx
WaitForInputIdle
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
UpdateWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
TranslateMDISysAccel
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetUpdateRect
PostMessageW
GetWindowRect
AdjustWindowRectEx
FlashWindowEx
wsprintfW
ScreenToClient
MapWindowPoints
GetSysColor
CopyRect
EqualRect
GetWindowThreadProcessId
PtInRect
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetClassLongPtrW
GetDoubleClickTime
GetIconInfo
CreateMenu
DestroyCursor
GetNextDlgGroupItem
GetComboBoxInfo
DrawIcon
GetWindowRgn
HideCaret
InvertRect
GetWindowLongW
MessageBoxW
IsWindowEnabled
SetCursor
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
SystemParametersInfoW
OffsetRect
GetClassNameW
GetTopWindow
GetWindow
UnhookWindowsHookEx
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
MoveWindow
CheckDlgButton
SetWindowTextW
IsDialogMessageW
WaitMessage
SetCapture
ReleaseCapture
ClientToScreen
WindowFromPoint
LoadCursorW
GetMenuStringW
GetMenuState
SendMessageW
UnregisterClassW
GetMessagePos
EnableWindow
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
InsertMenuW
AppendMenuW
GrayStringW
DrawTextExW
DrawTextW
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
CopyImage
RemoveMenu

gdi32

SetPixelV
GetTextFaceW
GetSystemPaletteEntries
GetNearestPaletteIndex
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
SetPaletteEntries
ExtFloodFill
GetPaletteEntries
CreatePalette
RoundRect
EnumFontFamiliesExW
Rectangle
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
GetBkColor
DPtoLP
SetRectRgn
GetTextExtentPoint32W
GetTextColor
OffsetRgn
GetRgnBox
CreateRoundRectRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
RealizePalette
PatBlt
GetDIBits
CombineRgn
GetTextMetricsW
GetTextCharsetInfo
EnumFontFamiliesW
CreateRectRgnIndirect
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleBitmap
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
DeleteObject
DeleteDC

msimg32

TransparentBlt
GradientFill
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

SetEntriesInAclW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
ChangeServiceConfigW
CreateProcessAsUserW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
OpenEventLogW
CloseEventLog
BackupEventLogW
RegQueryInfoKeyW
GetUserNameW
CheckTokenMembership
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegCloseKey

shell32

DragFinish
CommandLineToArgvW
SHGetSpecialFolderPathW
DragQueryFileW
SHGetFolderPathW
SHAppBarMessage
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
ExtractIconW
ShellExecuteExW
ShellExecuteW
SHGetFileInfoW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
PathIsFileSpecW
PathFindFileNameW

uxtheme

GetThemePartSize
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
OpenThemeData
CloseThemeData
GetThemeColor
IsAppThemed

ole32

RevokeDragDrop
CoLockObjectExternal
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
OleLockRunning
OleGetClipboard
DoDragDrop
CLSIDFromString
StringFromGUID2
CoDisconnectObject
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoCreateGuid
CoUninitialize
OleInitialize
OleUninitialize
RegisterDragDrop

oleaut32

VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString

gdiplus

GdipCloneImage
GdipLoadImageFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdiplusStartup
GdipCreateHBITMAPFromBitmap

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules
GetModuleBaseNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

msi

ord94
ord141
ord8
ord72

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 730KB - Virtual size: 729KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 628KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

283f4ce510df26dff8de5f0d08db43d0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

psapi

version

secur32

msi

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 730KB - Virtual size: 729KB

.data Size: 32KB - Virtual size: 87KB

.pdata Size: 93KB - Virtual size: 93KB

.gfids Size: 105KB - Virtual size: 104KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 144KB - Virtual size: 143KB

.reloc Size: 628KB - Virtual size: 632KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 730KB - Virtual size: 729KB

.data
Size: 32KB - Virtual size: 87KB

.pdata
Size: 93KB - Virtual size: 93KB

.gfids
Size: 105KB - Virtual size: 104KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 144KB - Virtual size: 143KB

.reloc
Size: 628KB - Virtual size: 632KB