2024-05-09_c25f9ef4078770651e75be64e6ba1204_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-09_c25f9ef4078770651e75be64e6ba1204_ryuk
Size

2.9MB
MD5

c25f9ef4078770651e75be64e6ba1204
SHA1

7cb3299df038ce880e4618165ec904440d9d073b
SHA256

6c7a9e9140b5bb339dae3c785fb80602f986f1461b6dc60aa3151208853c6f8d
SHA512

6829e684035701a02f6440dd8a05f2504b066a90b6acd1ad3fc928e2ea60e1ac18ce32d861b809244a948105fa3250893de7ceddc4dac90225dcdc88c3a6581c
SSDEEP

49152:/pu3BlpqetTtkkjdmvJBeX3u/ujIGYz8rQV+V13bDcbcUcIhjN703RV+R1zXG7Bv:hGLbapi3RQGNGU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-09_c25f9ef4078770651e75be64e6ba1204_ryuk

Files

2024-05-09_c25f9ef4078770651e75be64e6ba1204_ryuk
.exe windows:6 windows x64 arch:x64

d1f2d0471b1f97f22ca375f140a6fdf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\Elprotronic\Project\Cpp\Cpp-ARM\bin\x64\GP-M-Demo-C++.pdb

Imports

gangprom-fpasel

F_Get_Active_Targets_Mask
F_Gang_Read_Bytes_Block
F_Write_Bytes_Block_to_RAM
F_Copy_Gang_Buffer_to_Flash
F_Copy_Flash_to_Gang_Buffer
F_Sectors_Blank_Check
F_Segment_Erase
F_Close_Target_Device
F_Open_Target_Device
F_Memory_Verify
F_Memory_Write
F_Memory_Blank_Check
F_Memory_Erase
F_Verify_Access_to_MCU
F_AutoProgram
F_Get_Byte_from_Gang_Buffer
F_Put_Byte_to_Gang_Buffer
F_ReadCodeFile
F_Get_Targets_Vcc
F_Reset_Target
F_Power_Target
F_ConfigFileLoad
F_DLLTypeVer
F_ReportMessage
F_Set_MCU_Family_Group
F_Get_MCU_Name_list
F_Set_MCU_Name
F_Get_Device_Info
F_Set_Config_Value_By_Name
F_Get_Config_Value_By_Name
F_Get_Config_Name_List
F_Use_Config_INI
F_Initialization
F_Trace_OFF
F_Trace_ON
F_Get_FPA_SN
F_Multi_DLLTypeVer
F_Set_FPA_index
F_OpenInstancesAndFPAs
F_CloseInstances

kernel32

FindFirstFileExA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
QueryPerformanceFrequency
FindNextFileA
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlPcToFileHeader
RtlUnwindEx
GetStringTypeW
LCMapStringW
OutputDebugStringW
IsValidCodePage
HeapQueryInformation
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
GetUserDefaultLCID
Sleep
SearchPathA
GetProfileIntA
GetTempFileNameA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
FindResourceExW
GetTickCount
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
lstrcpyA
GetWindowsDirectoryA
GetCPInfo
GetOEMCP
VirtualProtect
FileTimeToSystemTime
GetThreadLocale
GetVolumeInformationA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
CreateFileA
DeleteFileA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetACP
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GlobalFlags
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetSystemDirectoryW
EncodePointer
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalSize
GetCurrentProcessId
GlobalAddAtomA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
CompareStringA
MultiByteToWideChar
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
LoadLibraryExW
FreeLibrary
GetVersionExA
GetCurrentThread
ResumeThread
SetThreadPriority
GetCurrentThreadId
WaitForSingleObject
SetEvent
CloseHandle
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
FindResourceA
LoadLibraryW
GlobalFree
GlobalUnlock
GlobalLock
GetModuleHandleExW
GetModuleFileNameW
FreeResource
SetLastError
OutputDebugStringA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
RaiseException
DecodePointer
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameA
CreateProcessA
GetEnvironmentStringsW
CreateFileW

user32

LoadImageW
TrackMouseEvent
GetMenuDefaultItem
CreatePopupMenu
GetAsyncKeyState
MessageBeep
GetNextDlgGroupItem
IsRectEmpty
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableA
CharNextA
LoadCursorW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
CharUpperA
DestroyIcon
InvalidateRect
KillTimer
SetTimer
DeleteMenu
CopyImage
OffsetRect
SetRectEmpty
LoadCursorA
GetSysColorBrush
RealChildWindowFromPoint
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
SetDlgItemTextA
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
BringWindowToTop
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
SetWindowRgn
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
SystemParametersInfoA
InflateRect
CopyRect
GetMenuItemInfoA
DestroyMenu
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
SetParent
OpenClipboard
CloseClipboard
SendMessageA
IsIconic
EnableWindow
GetSystemMetrics
GetSystemMenu
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
UnhookWindowsHookEx
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
MapDialogRect
GetWindow
SetWindowContextHelpId
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
LoadImageA
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatA
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
SetWindowPos
GetLastActivePopup
InvertRect
NotifyWinEvent
MapVirtualKeyA
GetKeyNameTextA
SetLayeredWindowAttributes
EnumDisplayMonitors
GetScrollRange
SetClassLongPtrA
AppendMenuA
DrawIcon
UpdateWindow
GetClientRect
LoadIconW
UnregisterClassA
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
GetParent
LoadBitmapW
IsWindow
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongA
GetDesktopWindow
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
IsWindowVisible
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
PostMessageA
PostQuitMessage
ShowOwnedPopups
SetCursor
MessageBoxA
GetWindowThreadProcessId
SetClipboardData
EmptyClipboard
DrawStateA
DrawEdge
DrawFrameControl
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
IsZoomed
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
PostThreadMessageA
UnionRect
FrameRect
CopyIcon
SetCursorPos
GetWindowPlacement
LoadMenuW
CharUpperBuffA

gdi32

GetTextFaceA
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
CopyMetaFileA
CreateDCA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectA
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
GetTextExtentPoint32A
GetTextMetricsA
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
CombineRgn
GetMapMode
PatBlt
SetRectRgn
DPtoLP
CreateCompatibleBitmap
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
CreateBitmap

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
RegCloseKey
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA

shell32

SHBrowseForFolderA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
SHAppBarMessage
ShellExecuteA
DragFinish

comctl32

ord17

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
PathFindExtensionA
StrFormatKBSizeA

uxtheme

GetThemeSysColor
GetWindowTheme
IsAppThemed
GetThemePartSize
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent

ole32

CoDisconnectObject
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize

oleaut32

SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
LoadTypeLi
OleCreateFontIndirect
VariantCopy
VarBstrFromDate
VariantChangeType
VariantClear
SysAllocStringByteLen
VariantInit
SysAllocStringLen
SysFreeString

oledlg

ord8

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 677KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1f2d0471b1f97f22ca375f140a6fdf5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gangprom-fpasel

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 677KB - Virtual size: 677KB

.data Size: 32KB - Virtual size: 79KB

.pdata Size: 91KB - Virtual size: 91KB

.gfids Size: 106KB - Virtual size: 105KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 61KB - Virtual size: 61KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 677KB - Virtual size: 677KB

.data
Size: 32KB - Virtual size: 79KB

.pdata
Size: 91KB - Virtual size: 91KB

.gfids
Size: 106KB - Virtual size: 105KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 61KB - Virtual size: 61KB