2024-04-27_32ff42e073fb995ecf2d7205a8bc4667_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-27_32ff42e073fb995ecf2d7205a8bc4667_ryuk
Size

2.0MB
MD5

32ff42e073fb995ecf2d7205a8bc4667
SHA1

b8520c38b3d6481c1fd8ee3063e435ad7f07a330
SHA256

a314deea0d46112bb422532c222cfbbfe2ba6a61e45f250c9d44960388ee26b7
SHA512

012a82e087f9f4dc261e2ca38b37fc98d1d681f8b2c49b22a55f8958068ce61e204630c996e9ff89e2a18dc210c9626575d2edfc647fc4c2affa05fb8b1b5ed1
SSDEEP

49152:W6OKbqrZDnEp74i1PfknvcD0yI/wcT2laJ:0C90yDlO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-27_32ff42e073fb995ecf2d7205a8bc4667_ryuk

Files

2024-04-27_32ff42e073fb995ecf2d7205a8bc4667_ryuk
.exe windows:6 windows x64 arch:x64

feabe836a6c8cfd8ebcedcf996ad5ffb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Prod2015x64\YtriaSupport\Release\YtriaSupport2_64.pdb

Imports

psapi

GetProcessMemoryInfo

ws2_32

htons
htonl
connect
closesocket
ntohs
inet_addr
inet_ntoa
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
socket
send
recv

dnsapi

DnsQuery_W
DnsFree

wininet

InternetCloseHandle
InternetConnectW
InternetReadFile
InternetWriteFile
InternetQueryOptionW
InternetSetOptionW
HttpOpenRequestW
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
InternetOpenW

rpcrt4

RpcStringFreeA
UuidToStringA

gdi32

GetDIBits
CreateDCW
SetViewportOrgEx
TextOutW
CreateHalftonePalette
GetDIBColorTable
CreateDIBSection
SetStretchBltMode
StretchBlt
SetDIBits
SelectPalette
SelectClipRgn
SetLayout
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
SelectObject
SetBkMode
SetTextColor
GetObjectW
Polygon
CreateSolidBrush
SetBkColor
BitBlt
CreateFontW
CreatePalette
CreateRectRgn
RealizePalette

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW
CommandLineToArgvW
ExtractIconW
SHGetFileInfoW
Shell_NotifyIconW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetModuleHandleExW
HeapReAlloc
GetModuleFileNameA
GetStdHandle
GetACP
GetCurrentThread
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
SetCurrentDirectoryW
ExitProcess
PeekNamedPipe
GetFileType
GetDriveTypeW
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
QueryPerformanceCounter
GetCurrentDirectoryW
GetFullPathNameA
SetStdHandle
GetStartupInfoW
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
CloseHandle
GetSystemInfo
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
lstrlenW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetTempFileNameW
GetTempPathW
DebugBreak
OutputDebugStringW
GetLastError
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalFree
FindFirstFileExA
GetConsoleMode
GetPrivateProfileStringW
WritePrivateProfileStringW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
WideCharToMultiByte
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileSizeEx
GetFullPathNameW
SetLastError
GetProcessTimes
OpenProcess
GetSystemTime
ReadProcessMemory
CopyFileW
FileTimeToSystemTime
GetCommandLineW
DecodePointer
RaiseException
GetCurrentThreadId
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
MulDiv
lstrcmpW
lstrcmpiW
CompareStringW
GetVersionExW
GetFileInformationByHandle
ReadFile
WriteFile
CreateMutexW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateThread
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InitializeCriticalSection
Sleep
GlobalLock
GlobalUnlock
GetSystemDirectoryA
LoadLibraryA
GetTimeZoneInformation
DeleteFileW
MoveFileW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
FindFirstFileExW
HeapFree
HeapAlloc
EncodePointer
IsDebuggerPresent
ReadConsoleW
GetConsoleCP
SetFilePointerEx
FlushFileBuffers
lstrlenA
SetConsoleCtrlHandler
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringA
WriteConsoleW
FormatMessageW
SetEndOfFile

user32

DestroyMenu
EnableMenuItem
GetSubMenu
DeleteMenu
TrackPopupMenu
SetMenuItemInfoW
SetWindowTextW
CheckMenuRadioItem
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
PostQuitMessage
FlashWindow
DialogBoxParamW
EnableWindow
GetMenu
DrawIcon
DrawTextExW
AdjustWindowRectEx
MessageBoxW
CopyRect
LoadIconW
GetIconInfo
IsDialogMessageW
PostMessageW
SetProcessDefaultLayout
CharUpperW
SetTimer
KillTimer
DrawTextExA
SetScrollInfo
GetScrollInfo
AnimateWindow
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
IntersectRect
EnumWindows
GetWindowThreadProcessId
EnumDisplayMonitors
GetCursorInfo
GetWindowLongPtrW
PtInRect
OffsetRect
SetRectEmpty
LoadMenuW
DrawFocusRect
GetSysColorBrush
GetSysColor
ScreenToClient
GetCursorPos
SetCursor
GetWindowTextLengthW
GetWindowTextW
RedrawWindow
GetActiveWindow
EndDialog
SystemParametersInfoW
LoadImageW
DestroyIcon
LoadCursorW
GetClassNameW
GetParent
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
UpdateWindow
DrawTextW
IsWindowEnabled
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
CreateDialogParamW
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetGuiResources
GetWindow
SetWindowLongW
GetWindowLongW
MapWindowPoints
GetWindowRect
GetClientRect
GetDC
CharNextW
MoveWindow
LoadStringW
GetDesktopWindow
FillRect
SetWindowLongPtrW
ShowWindow

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
LookupPrivilegeValueW

ole32

CoCreateGuid
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize

oleaut32

VarR8FromStr
VarDateFromStr
VarUI4FromStr
VarDecFromStr
VarDecCmp
SysFreeString
VarI4FromStr

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_Remove
_TrackMouseEvent

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

feabe836a6c8cfd8ebcedcf996ad5ffb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

ws2_32

dnsapi

wininet

rpcrt4

gdi32

shell32

comdlg32

version

kernel32

user32

advapi32

ole32

oleaut32

comctl32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 419KB - Virtual size: 419KB

.data Size: 13KB - Virtual size: 22KB

.pdata Size: 67KB - Virtual size: 66KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 419KB - Virtual size: 419KB

.data
Size: 13KB - Virtual size: 22KB

.pdata
Size: 67KB - Virtual size: 66KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 6KB - Virtual size: 6KB