2024-05-01_5cf2b8866634890e7792d610896a517a_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-01_5cf2b8866634890e7792d610896a517a_ryuk
Size

6.0MB
MD5

5cf2b8866634890e7792d610896a517a
SHA1

d3b018d7e77af1c3b6e62f12eb33f7bc9a74c3b3
SHA256

f74647f545b800c4a2dee466c319f13f09ef623ab5361e34c8a3f62edac112e3
SHA512

bf6ca8ca7246980a0b837f60851498e223d6cf7c19a15e7f977741bd279c8532285a0f0e10d23b2dfe18165767b4f2e91494565f37830b12a3d74be2669a429a
SSDEEP

196608:g/sBoyHuYnB8wLee9Bx3vegIRbMefgqwc+mIKWm:g/sBoyOsB8wLee9Bx3vegIRbMefgc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-01_5cf2b8866634890e7792d610896a517a_ryuk

Files

2024-05-01_5cf2b8866634890e7792d610896a517a_ryuk
.exe windows:6 windows x64 arch:x64

1d038e4f7a406bed8a6050c3c320ff18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
GetOverlappedResult
CancelIo
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
ReleaseMutex
CreateMutexW
ExitProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThreadId
TerminateThread
CreateProcessW
GlobalMemoryStatusEx
SetLocalTime
GetSystemDirectoryW
GetNativeSystemInfo
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
GetModuleHandleA
SetThreadAffinityMask
WaitForMultipleObjects
FormatMessageW
LoadLibraryW
CopyFileW
MoveFileW
GetComputerNameW
VerifyVersionInfoW
GetLocaleInfoW
GetCommandLineW
LocalFree
GetCurrentProcessId
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
SetThreadPriority
GetCurrentThread
GetCurrentProcess
HeapSize
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
Sleep
CreateNamedPipeW
HeapReAlloc
HeapFree
HeapAlloc
WriteConsoleW
GetModuleFileNameA
GetFileType
GetStdHandle
ExitThread
GetTimeZoneInformation
GetModuleHandleExW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
MultiByteToWideChar
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
PeekNamedPipe
DisconnectNamedPipe
ConnectNamedPipe
CreatePipe
GetLastError
SetUnhandledExceptionFilter
SetHandleInformation
OutputDebugStringW
IsDebuggerPresent
GetTempPathW
WriteFile
SetFileTime
SetFilePointer
SetFileAttributesW
SetEndOfFile
RemoveDirectoryW
ReadFile
GetVolumeInformationW
GetLogicalDriveStringsW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceExW
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
WideCharToMultiByte
GetExitCodeThread
WaitForSingleObjectEx
DuplicateHandle
OpenFileMappingA
CreateFileMappingA
CreateSemaphoreA
ReleaseSemaphore
SetCurrentDirectoryW
GetEnvironmentVariableW
VerSetConditionMask
RtlCaptureStackBackTrace
GetPriorityClass
SetPriorityClass
GetACP
GetThreadPriority
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
CloseHandle
LoadLibraryA
GetProcAddress
GetDateFormatW
FreeLibrary

user32

PeekMessageW
SendMessageTimeoutW
PostMessageW
SetFocus
GetFocus
DispatchMessageW
EnumWindows
GetDC
ReleaseDC
TrackMouseEvent
GetMessagePos
GetWindowTextW
TranslateMessage
GetMessageTime
SendMessageW
IsChild
ShowWindow
SetLayeredWindowAttributes
SetWindowPos
GetWindowPlacement
IsWindowVisible
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetActiveWindow
GetAsyncKeyState
GetKeyboardState
ToUnicode
SendInput
MapVirtualKeyW
GetCapture
SetCapture
ReleaseCapture
GetSystemMetrics
GetMessageW
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRgn
InvalidateRect
RedrawWindow
SetWindowTextW
GetClientRect
GetWindowRect
MessageBoxW
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
ShowCaret
SetCaretPos
ScreenToClient
WindowFromPoint
GetWindowLongW
SetWindowLongW
GetParent
EnumChildWindows
LoadCursorW
DestroyCursor
DestroyIcon
CreateIconIndirect
GetIconInfo
SystemParametersInfoW
GetMonitorInfoW
EnumDisplayMonitors
GetWindowInfo
GetAncestor
RegisterWindowMessageW
GetWindowThreadProcessId
AttachThreadInput
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
DestroyWindow
DefWindowProcW
CreateWindowExW
RegisterClassExW
UnregisterClassW
GetSystemMenu
MoveWindow
CallWindowProcW

gdi32

CreateRectRgnIndirect
CreateFontIndirectW
DeleteDC
DeleteObject
EnumFontFamiliesExW
GetDeviceCaps
GetGlyphOutlineW
SwapBuffers
SetPixelFormat
ChoosePixelFormat
GetObjectW
CreateDIBSection
StretchDIBits
SaveDC
RestoreDC
GetRegionData
GetPixel
ExcludeClipRect
CreateCompatibleDC
CreateRectRgn
CreateBitmap
CombineRgn
GetKerningPairsW
GetTextMetricsW
SetMapMode
SetMapperFlags
SelectObject
RemoveFontMemResourceEx
AddFontMemResourceEx
GetGlyphIndicesW
GetOutlineTextMetricsW

shell32

CommandLineToArgvW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW
ExtractAssociatedIconW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
SHGetKnownFolderPath

ole32

OleUninitialize
OleInitialize
CoInitialize
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoTaskMemAlloc
RegisterDragDrop
RevokeDragDrop
OleCreate
OleSetContainedObject
DoDragDrop

oleaut32

SafeArrayUnaccessData
SafeArrayCreateVector
VariantInit
VariantClear
SafeArrayDestroy
SysFreeString
SysAllocString
SafeArrayAccessData

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
GetUserNameW
RegDeleteKeyW

iphlpapi

if_indextoname

wininet

HttpQueryInfoW
InternetCrackUrlW
HttpEndRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetSetFilePointer
InternetWriteFile
InternetQueryOptionW
InternetSetOptionW
FtpOpenFileW
HttpOpenRequestW
HttpSendRequestExW

ws2_32

ioctlsocket
WSAStartup
socket
setsockopt
sendto
select
recvfrom
recv
listen
inet_ntoa
connect
closesocket
bind
accept
__WSAFDIsSet
ntohs
inet_addr
htons
htonl
getsockopt
getsockname
send
freeaddrinfo
getaddrinfo
WSAGetLastError

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

PathStripToRootW

winmm

midiOutGetNumDevs
midiOutGetDevCapsW
midiOutOpen
midiOutClose
midiOutPrepareHeader
midiOutUnprepareHeader
midiOutShortMsg
midiOutLongMsg
midiInGetNumDevs
midiInGetDevCapsW
midiInOpen
midiInClose
midiInPrepareHeader
timeSetEvent
midiInUnprepareHeader
midiInAddBuffer
midiInStart
midiInStop
timeBeginPeriod
timeGetDevCaps
timeGetTime
timeKillEvent
midiInReset

dbghelp

SymInitialize
SymFromAddr
SymGetModuleInfo64

imm32

ImmSetCandidateWindow
ImmNotifyIME
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext

opengl32

glReadPixels
glViewport
glTexSubImage2D
glTexParameteri
glTexImage2D
glScissor
glPixelStorei
glGetString
glGetIntegerv
glGetError
glGenTextures
glEnable
glDrawElements
glDisable
glDeleteTextures
glClearColor
glClear
glBlendFunc
glBindTexture
wglShareLists
wglMakeCurrent
wglGetProcAddress
wglGetCurrentContext
wglDeleteContext
wglCreateContext
glDrawArrays

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 37B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d038e4f7a406bed8a6050c3c320ff18

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

comdlg32

advapi32

iphlpapi

wininet

ws2_32

version

shlwapi

winmm

dbghelp

imm32

opengl32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 94KB - Virtual size: 107KB

.pdata Size: 188KB - Virtual size: 187KB

.tls Size: 512B - Virtual size: 37B

.gfids Size: 3KB - Virtual size: 2KB

_RDATA Size: 10KB - Virtual size: 9KB

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 46KB - Virtual size: 45KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 94KB - Virtual size: 107KB

.pdata
Size: 188KB - Virtual size: 187KB

.tls
Size: 512B - Virtual size: 37B

.gfids
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 46KB - Virtual size: 45KB