2024-04-30_79dd6a0341f62bf459dc03d53386bd8f_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-30_79dd6a0341f62bf459dc03d53386bd8f_ryuk
Size

5.1MB
MD5

79dd6a0341f62bf459dc03d53386bd8f
SHA1

fd7eb8fcfec70ad66c641b535fe5d03cfc341b6f
SHA256

db4158c9e6cde370ea1d57198e2ddd4bc289011193bff41f8561f4b4fae41ff8
SHA512

1c2e2f7c637302f4c2dc2b5431cdee4f41d3593c068b2b8ad1cf9aea377077206b2ed29adbcfc534d9f0ddc2410e4e5b06620ffea5dd0d14084271106be34a99
SSDEEP

49152:Ff8Hf36Ra91p1oN85IWx7UyVATtFZsHm:q5pJINFWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-30_79dd6a0341f62bf459dc03d53386bd8f_ryuk

Files

2024-04-30_79dd6a0341f62bf459dc03d53386bd8f_ryuk
.exe windows:6 windows x64 arch:x64

6a74cf42c52c30891f93041660d90d91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\VSTworkspace\wdl-ol\IPlugExamples\IPlugSpectFFT\build-win\app\x64\bin\IPlugSpectFFT.pdb

Imports

dsound

ord6
ord7
ord1
ord2

winmm

midiInGetDevCapsA
timeBeginPeriod
timeEndPeriod
midiOutGetNumDevs
midiInReset
midiInStop
midiInStart
midiInAddBuffer
midiInUnprepareHeader
midiInPrepareHeader
midiInClose
midiOutGetDevCapsA
midiInOpen
midiInGetNumDevs
midiOutReset
midiOutLongMsg
midiOutShortMsg
midiOutUnprepareHeader
midiOutPrepareHeader
midiOutClose
midiOutOpen

opengl32

glBindTexture
glGenTextures
glPixelStorei
glTexImage2D
glTexParameteri
glBegin
glBlendFunc
glClear
glClearColor
glColor3f
glColor4f
glDisable
glDrawPixels
glEnable
glEnd
glEvalCoord1f
glFinish
glFlush
glGetString
wglGetCurrentDC
wglGetProcAddress
wglCreateContext
wglDeleteContext
glLoadIdentity
glMap1f
glMatrixMode
glOrtho
glPointSize
glPopMatrix
glPushMatrix
glRasterPos2i
glReadPixels
glRotatef
glScalef
glShadeModel
glTexCoord2f
glTexSubImage2D
glVertex2d
glVertex2f
glVertex3fv
glViewport
wglMakeCurrent
wglGetCurrentContext
glDeleteTextures

glu32

gluOrtho2D
gluNurbsProperty
gluDeleteNurbsRenderer
gluNewNurbsRenderer
gluPerspective

comctl32

InitCommonControlsEx
ord17

wininet

InternetGetConnectedState

kernel32

FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
SetStdHandle
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapQueryInformation
HeapReAlloc
GetConsoleMode
IsValidCodePage
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
OutputDebugStringW
GetACP
WriteFile
ReadFile
WriteConsoleW
GetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetConsoleCP
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetFileType
SetEnvironmentVariableW
SetEndOfFile
GetDriveTypeW
OpenFile
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
FreeLibrary
LoadLibraryA
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
SetThreadPriority
CreateDirectoryA
ReleaseMutex
CreateMutexA
CreateTimerQueue
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
OutputDebugStringA
GetCurrentProcessId
GetModuleFileNameA
GlobalLock
GlobalUnlock
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
ExitProcess
CreateFileW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
GetSystemInfo
HeapValidate
HeapSize
GetModuleHandleExW
InterlockedFlushSList
InterlockedPushEntrySList
GetModuleFileNameW
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
TryEnterCriticalSection
QueryPerformanceFrequency
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
DuplicateHandle
FormatMessageW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetStartupInfoW
RaiseException
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCaptureStackBackTrace
SignalObjectAndWait
SwitchToThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
SetProcessAffinityMask
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
LoadLibraryW
OpenMutexA

user32

IsDialogMessageA
FindWindowA
GetParent
GetClassLongA
GetWindowLongA
SetForegroundWindow
CreateDialogParamA
DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
MessageBoxA
SetWindowPos
GetClientRect
GetSystemMetrics
EnableWindow
SendDlgItemMessageA
GetDlgItem
EndDialog
DialogBoxParamA
MoveWindow
ShowWindow
PostQuitMessage
wsprintfA
GetDesktopWindow
GetForegroundWindow
ReleaseDC
TrackMouseEvent
DestroyWindow
CreateWindowExA
UnregisterClassA
RegisterClassA
DefWindowProcA
CharLowerBuffA
OpenClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
SetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
SetTimer
CreatePopupMenu
DestroyMenu
AppendMenuA
TrackPopupMenu
UpdateWindow
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
ValidateRect
SetWindowTextA
PeekMessageA
SendMessageA
GetDC
CallWindowProcA
SetCursorPos
GetCursorPos
ClientToScreen
ScreenToClient
GetWindowLongPtrA
SetWindowLongPtrA
EnumWindows
GetClassNameA
GetWindowThreadProcessId
LoadCursorA
GetAncestor
DrawTextA
DrawTextW
GetWindowRect
ShowCursor

gdi32

GetTextMetricsA
SelectObject
ChoosePixelFormat
SetPixelFormat
CreateFontA
BitBlt
GetStockObject
SetBkColor
SetBkMode
SetTextColor
DeleteObject
CreateCompatibleDC
DeleteDC
CreateDIBSection

comdlg32

GetSaveFileNameA
ChooseColorA
GetOpenFileNameA

advapi32

RegOpenKeyExA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CoInitialize

Sections

.textbss
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 19.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a74cf42c52c30891f93041660d90d91

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dsound

winmm

opengl32

glu32

comctl32

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.textbss Size: - Virtual size: 1.8MB

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 850KB - Virtual size: 850KB

.data Size: 21KB - Virtual size: 19.7MB

.pdata Size: 163KB - Virtual size: 162KB

.idata Size: 16KB - Virtual size: 15KB

.gfids Size: 7KB - Virtual size: 7KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 220KB - Virtual size: 219KB

.reloc Size: 71KB - Virtual size: 70KB

.textbss
Size: - Virtual size: 1.8MB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 850KB - Virtual size: 850KB

.data
Size: 21KB - Virtual size: 19.7MB

.pdata
Size: 163KB - Virtual size: 162KB

.idata
Size: 16KB - Virtual size: 15KB

.gfids
Size: 7KB - Virtual size: 7KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 220KB - Virtual size: 219KB

.reloc
Size: 71KB - Virtual size: 70KB