2024-04-29_79a6516423680a7d470bc839b30a6b79_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-29_79a6516423680a7d470bc839b30a6b79_ryuk
Size

14.0MB
MD5

79a6516423680a7d470bc839b30a6b79
SHA1

dc8ccd39efb34ab9984c3f333bdd1bcdf3e073ec
SHA256

5ec2276c87a5e73a8e82f31b04b68bc180955b5916770dd755381440bd04eb81
SHA512

39875d0ed4314f128026fbec3b5871b536240f685c1aed4c4999654e8855a87234d40a8fbe3e567b30e0d7d42452791af80dc739179fb9c9c5a5cae773af3fc7
SSDEEP

98304:s8fjrjQSQkiSfGMb2KU0fxdibpFl5sD5NDi1iKZb:s8rjYSU0JP/k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-29_79a6516423680a7d470bc839b30a6b79_ryuk

Files

2024-04-29_79a6516423680a7d470bc839b30a6b79_ryuk
.exe windows:6 windows x64 arch:x64

60902e0c028ec30cb6821f22f9a0aaf3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r470\r470_00\drivers\ui\Sedona\Sedona\x64\Release\bin\nvCplUI.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

UuidFromStringW

gdiplus

GdipDrawImageRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFontFromLogfontW
GdipCreateFont
GdipDeleteFont
GdipGetLogFontW
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipSetStringFormatAlign
GdipGetDpiY
GdipGetFontHeightGivenDPI
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipGetFontHeight
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageDimension
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipDeleteStringFormat
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipAlloc

wtsapi32

WTSRegisterSessionNotification
WTSQueryUserToken
WTSUnRegisterSessionNotification

shlwapi

StrFormatKBSizeW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFileExistsW
SHSetValueW
SHGetValueW
PathRemoveFileSpecW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_ReplaceIcon
InitCommonControlsEx
ord17

msimg32

TransparentBlt
AlphaBlend

setupapi

SetupDiEnumDeviceInfo
CM_Get_Parent
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList

kernel32

SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
MoveFileW
GetStringTypeExW
GlobalGetAtomNameW
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
SearchPathW
GetTempPathW
GetProfileIntW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSize
SystemTimeToTzSpecificLocalTime
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
GetSystemDefaultUILanguage
GlobalFlags
VirtualProtect
lstrcpyW
GetCurrentDirectoryW
SetErrorMode
GetWindowsDirectoryW
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FlushFileBuffers
DeleteFileW
GetUserDefaultLCID
SystemTimeToFileTime
ReplaceFileW
SetFileTime
GetTempFileNameW
GetFileTime
GetDiskFreeSpaceW
ResumeThread
SetThreadPriority
CreateEventW
InitializeCriticalSectionAndSpinCount
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
GetModuleHandleExW
EncodePointer
OutputDebugStringA
CopyFileW
GlobalSize
LoadLibraryExA
ExpandEnvironmentStringsA
lstrcmpA
GetModuleFileNameA
CreateProcessW
GetFullPathNameW
LockFile
GetVolumeInformationW
RtlVirtualUnwind
GetShortPathNameW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
GetModuleHandleExA
OpenMutexW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
WideCharToMultiByte
GetSystemTimeAsFileTime
GetProcessTimes
CreateEventA
WaitForSingleObjectEx
SetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
WriteFile
GetFileSizeEx
ExpandEnvironmentStringsW
SetThreadUILanguage
SetThreadLocale
GetSystemDirectoryW
GetCurrentThread
GetCurrentProcess
DecodePointer
GetComputerNameW
GetLocalTime
CreateFileW
GetTickCount
CreateMutexW
ReleaseMutex
OutputDebugStringW
lstrcmpW
OpenEventW
WaitForSingleObject
GetFileAttributesW
FindFirstFileW
FindClose
GetEnvironmentVariableW
GlobalFree
GlobalLock
GetStringTypeW
LCMapStringW
GetCPInfo
FormatMessageA
GlobalUnlock
GlobalAlloc
lstrcatW
lstrlenW
MultiByteToWideChar
lstrcmpiW
MulDiv
LoadLibraryExW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentThreadId
IsBadReadPtr
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
LoadLibraryW
ProcessIdToSessionId
GetCurrentProcessId
CloseHandle
FileTimeToSystemTime
GetProcAddress
FreeLibrary
LocalAlloc
CreateThread
Sleep
GetThreadLocale
VerifyVersionInfoW
lstrcpynW
FreeResource
FindResourceExW
GetVersionExW
VerSetConditionMask
GetSystemDefaultLCID
GetUserDefaultLangID
GetLocaleInfoW
FormatMessageW
LocalFree
FindResourceW
SizeofResource
LockResource
LoadResource
SetLastError
GetLastError
CreateDirectoryW
FindNextFileW
RemoveDirectoryW
SetFilePointerEx
DeviceIoControl
GetModuleHandleA
MoveFileExW
AreFileApisANSI
RtlUnwindEx
RtlPcToFileHeader
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
HeapQueryInformation
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
ExitProcess
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
LocalFileTimeToFileTime
WriteConsoleW

user32

EnableScrollBar
UpdateLayeredWindow
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetAsyncKeyState
RealChildWindowFromPoint
UnionRect
LockWindowUpdate
MonitorFromPoint
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
ShowOwnedPopups
PostQuitMessage
IsZoomed
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
CharUpperW
GetMessageW
GetIconInfo
CopyImage
GetNextDlgGroupItem
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
MapVirtualKeyW
GetKeyNameTextW
SendDlgItemMessageA
GetActiveWindow
CreateDialogIndirectParamW
CheckDlgButton
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetScrollInfo
GetLastActivePopup
GetTopWindow
EqualRect
MessageBoxW
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
DeferWindowPos
SetWindowPlacement
GetWindowPlacement
GetClassInfoExW
GetClassInfoW
GetMessageTime
GetMessagePos
GetMenuState
GetMenuStringW
SetRectEmpty
GetWindowThreadProcessId
GetShellWindow
PeekMessageW
DispatchMessageW
TranslateMessage
DrawFocusRect
GetUpdateRect
DestroyCursor
CallWindowProcW
SystemParametersInfoW
GetClassLongPtrW
GetDCEx
GetSystemMenu
ReleaseCapture
SetCapture
EndDeferWindowPos
BeginDeferWindowPos
LoadImageW
FillRect
DrawIcon
SetParent
EnumDisplayDevicesW
EnumWindows
FindWindowExW
SetWindowTextW
SetForegroundWindow
DestroyAcceleratorTable
IsClipboardFormatAvailable
GetCursorPos
InflateRect
IsChild
GetClassNameW
GetKeyState
SetFocus
GetMenuItemInfoW
DeleteMenu
DestroyMenu
LoadMenuIndirectW
WindowFromPoint
ScreenToClient
EnumDisplayMonitors
EnumDisplaySettingsW
GetWindow
FindWindowW
GetDesktopWindow
SetRect
LockSetForegroundWindow
UpdateWindow
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
CreatePopupMenu
LoadMenuW
IsWindowEnabled
GetFocus
CharLowerW
GetNextDlgTabItem
CreateWindowExW
SendNotifyMessageW
wsprintfW
SetWindowLongW
GetWindowLongW
CopyRect
GetWindowTextLengthW
GetWindowTextW
DrawTextW
IsRectEmpty
EndPaint
BeginPaint
RegisterClassW
DefWindowProcW
GetParent
IntersectRect
SetCursor
TrackMouseEvent
WinHelpW
IsDialogMessageW
DestroyIcon
ReleaseDC
GetDC
GetSystemMetrics
CharNextW
GetDialogBaseUnits
CreateDialogParamW
DestroyWindow
UnregisterClassW
DrawIconEx
LoadCursorW
CallNextHookEx
GetTabbedTextExtentW
MessageBeep
PostThreadMessageW
CopyAcceleratorTableW
InvalidateRgn
CreateMenu
GetMenuDefaultItem
HideCaret
InvertRect
NotifyWinEvent
SetClassLongPtrW
SetCursorPos
CopyIcon
FrameRect
UnhookWindowsHookEx
SetWindowsHookExW
PtInRect
ClientToScreen
RedrawWindow
SetWindowRgn
KillTimer
SetTimer
IsWindowVisible
RegisterClassExW
ToUnicodeEx
GetWindowRgn
DrawFrameControl
IsWindow
GetSysColorBrush
GetSysColor
LoadBitmapW
InvalidateRect
SetLayeredWindowAttributes
PostMessageW
RegisterWindowMessageW
GetMonitorInfoW
MonitorFromWindow
SetScrollInfo
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
SetScrollPos
ScrollWindow
EnableWindow
MoveWindow
LoadIconW
MapWindowPoints
MessageBoxExW
GetWindowRect
GetDlgCtrlID
SendDlgItemMessageW
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
SetWindowPos
ShowWindow
SendMessageW
CreateAcceleratorTableW
GetKeyboardState
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
CharUpperBuffW
MapVirtualKeyExW
IsCharLowerW
GetComboBoxInfo
WaitMessage
ModifyMenuW
SetMenuDefaultItem
OffsetRect
GetDoubleClickTime
IsIconic
GetKeyboardLayout
IsMenu

gdi32

GetObjectW
SetTextColor
SetBkMode
SelectObject
OffsetViewportOrgEx
CreateBitmap
BitBlt
SetWindowOrgEx
CreateCompatibleDC
GetBitmapDimensionEx
GetDeviceCaps
StretchBlt
SetBitmapDimensionEx
GetTextExtentPoint32W
CombineRgn
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
FrameRgn
GetRgnBox
ScaleViewportExtEx
ScaleWindowExtEx
SetRectRgn
GetBkColor
CreateEllipticRgn
Ellipse
LPtoDP
CreateFontW
GetCharWidthW
StretchDIBits
SetWindowExtEx
StartPage
EndPage
AbortDoc
SetAbortProc
GetViewportOrgEx
CreateDIBitmap
GetTextCharsetInfo
RealizePalette
SetPixel
SetDIBColorTable
Polygon
Polyline
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetWindowOrgEx
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
OffsetRgn
RoundRect
FillRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
SetViewportExtEx
GetViewportExtEx
TextOutW
MoveToEx
StartDocW
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
DeleteObject
LineTo
IntersectClipRect
EndDoc
CreateFontIndirectW
GetPixel
GetObjectType
GetCurrentPositionEx
ExcludeClipRect
Escape
CreatePatternBrush
CreateHatchBrush
CopyMetaFileW
DPtoLP
SetMapMode
SetBkColor
GetMapMode
CreateDIBSection
SetDIBitsToDevice
SetViewportOrgEx
Rectangle
PatBlt
CreatePen
CreateDCW
GetTextColor
ExtTextOutW
EnumFontFamiliesW
CreateRectRgnIndirect
OffsetWindowOrgEx
GetClipBox
GetTextFaceW
DeleteDC
CreateCompatibleBitmap
GetTextMetricsW
GetTextExtentPointW
GetCurrentObject
CreatePolygonRgn
GetWindowExtEx

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW
GetJobW

advapi32

RegEnumKeyW
SetFileSecurityW
GetFileSecurityW
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
EqualSid
TraceMessage
RegEnumValueW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
ImpersonateSelf
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
OpenThreadToken
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RevertToSelf
ImpersonateLoggedOnUser
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueW

shell32

SHGetFileInfoW
ShellExecuteExW
ExtractAssociatedIconW
ShellExecuteW
DragQueryFileW
DragFinish
SHAddToRecentDocs
ExtractIconW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation

ole32

RegisterDragDrop
DoDragDrop
OleDuplicateData
ReleaseStgMedium
OleLockRunning
StringFromCLSID
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoGetMalloc
CoDisconnectObject
CoUninitialize
CoInitializeEx
CoCreateGuid
CoInitialize
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CLSIDFromProgID
CoGetClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RevokeDragDrop

oleaut32

VarBstrFromDate
VariantCopy
OleCreateFontIndirect
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantClear
VariantInit
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

oledlg

OleUIBusyW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

uxtheme

CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeText
DrawThemeParentBackground
IsAppThemed
OpenThemeData

winmm

PlaySoundW

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1006KB - Virtual size: 1006KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 640KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60902e0c028ec30cb6821f22f9a0aaf3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

rpcrt4

gdiplus

wtsapi32

shlwapi

comctl32

msimg32

setupapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

oledlg

oleacc

uxtheme

winmm

imm32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 1006KB - Virtual size: 1006KB

.data Size: 52KB - Virtual size: 104KB

.pdata Size: 129KB - Virtual size: 129KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9.5MB - Virtual size: 9.5MB

.reloc Size: 640KB - Virtual size: 644KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 1006KB - Virtual size: 1006KB

.data
Size: 52KB - Virtual size: 104KB

.pdata
Size: 129KB - Virtual size: 129KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9.5MB - Virtual size: 9.5MB

.reloc
Size: 640KB - Virtual size: 644KB