2024-05-11_b518045d9bf93fbe34c8f5706a6b891f_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-11_b518045d9bf93fbe34c8f5706a6b891f_ryuk
Size

2.3MB
MD5

b518045d9bf93fbe34c8f5706a6b891f
SHA1

a7b711b6aef629deb8630c4833808af690cea3d3
SHA256

ce443513b6ff7ef7aa6473934e618602a3519bec7c11d40bce7262f64e0ea9ba
SHA512

82da8b8bff2cc5a7dd4f887a8244134ab1ac4dfcf14c8b705d1535f260f4bf89d061f38bae6633d46145cc0b1502b86c27d7bec1ac4b3bbcec2a57fc896857bf
SSDEEP

49152:4T6WXpX/DdVVN87OjGGmlUZDVLjGxJ4xUUkBmRXvp6:4T6WXpX/DdVVHPZBi+BRXvp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-11_b518045d9bf93fbe34c8f5706a6b891f_ryuk

Files

2024-05-11_b518045d9bf93fbe34c8f5706a6b891f_ryuk
.exe windows:6 windows x64 arch:x64

50b07e21804ad5059615c28e7c00fe65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

H:\Projects\ThumbnailCityV1\x64Release\ThumbCityPV.pdb

Imports

kernel32

LoadResource
LoadLibraryW
GlobalFree
GlobalAlloc
LockResource
GetUserDefaultUILanguage
SetThreadUILanguage
SizeofResource
LocalFree
GetProcessId
GetCommandLineW
CreateFileW
WriteFile
GetModuleHandleW
Sleep
CloseHandle
SetEvent
CreateEventW
WaitForMultipleObjects
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
DecodePointer
FindResourceW
GlobalLock
FreeLibrary
GlobalUnlock
LoadLibraryExW
SetWaitableTimer
SetEndOfFile
ReadConsoleW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
CreateWaitableTimerW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
HeapSize
SetFilePointerEx
GetConsoleMode
GetConsoleCP
RaiseException
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetFileType
GetACP
GetStdHandle
HeapReAlloc
WaitForSingleObject
FatalAppExitA
SetDllDirectoryA
ExitProcess
GetFileSizeEx
SetFileTime
GetFileInformationByHandle
GetFileTime
CreateMutexW
ReleaseMutex
GetFileSize
ExitThread
RtlUnwindEx
RtlPcToFileHeader
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
GetTickCount
GetEnvironmentStringsW
CreateThread
SwitchToThread
SignalObjectAndWait
ExpandEnvironmentStringsA
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ResetEvent
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
IsDebuggerPresent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
EncodePointer
GetStringTypeW
GetExitCodeThread
WaitForSingleObjectEx
TryEnterCriticalSection
VerifyVersionInfoW
VerSetConditionMask
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
LoadLibraryA
GetSystemTime
SystemTimeToFileTime
MulDiv
lstrcmpW
lstrcmpiW
SetLastError
GetDateFormatW
FileTimeToSystemTime
GetThreadUILanguage
GetFileAttributesW
LocalAlloc
GetVolumePathNameW
GetVolumeInformationW
GetVolumeInformationByHandleW
FindNextVolumeW
GetLastError
EnumSystemLocalesW
FindVolumeClose
OpenFileById
GetFinalPathNameByHandleW
FindFirstVolumeW
CreateTimerQueue
OpenThread
DeleteTimerQueueTimer
GetThreadTimes
GetThreadIOPendingFlag
GetProcessIoCounters
GetCurrentThread
GetTickCount64
CreateToolhelp32Snapshot
DuplicateHandle
Thread32First
Thread32Next
DeleteTimerQueueEx
CreateTimerQueueTimer
GetCurrentProcessId
FlushFileBuffers
SetFilePointer
ReadFile
GetVersionExW
OutputDebugStringW
OutputDebugStringA
GetLocalTime
GetModuleHandleExA
RtlCaptureStackBackTrace
GetModuleFileNameA
CreateFileA
AddVectoredExceptionHandler
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RemoveVectoredExceptionHandler
DeleteFileW
FindClose
GetTempPathW
GetCurrentThreadId
ExpandEnvironmentStringsW
MultiByteToWideChar
FormatMessageW
WideCharToMultiByte
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
IsWow64Process
CreateDirectoryW
FindNextFileW
InitializeCriticalSectionEx

user32

BeginPaint
GetCursorPos
InvalidateRect
GetParent
SetCursor
LoadCursorW
TrackMouseEvent
OffsetRect
ChildWindowFromPointEx
ScreenToClient
UnionRect
CreateWindowExW
SetWindowPos
IsWindowVisible
GetWindowRect
GetKeyState
DefWindowProcW
MessageBoxW
PostQuitMessage
TranslateMessage
RegisterClassW
DispatchMessageW
GetMessageW
UnregisterClassW
HideCaret
AllowSetForegroundWindow
IsDialogMessageW
EndPaint
CreateDialogParamW
PtInRect
KillTimer
RegisterTouchWindow
SetTimer
GetMessageExtraInfo
GetWindowTextLengthW
GetWindow
GetFocus
IsWindow
InvalidateRgn
RedrawWindow
DestroyAcceleratorTable
IsChild
GetSysColor
CreateAcceleratorTableW
CharNextW
GetClassNameW
SetCapture
GetDesktopWindow
GetClassInfoExW
RegisterWindowMessageW
ReleaseCapture
DrawTextA
CreateWindowExA
DrawTextW
ReleaseDC
DialogBoxParamW
SendMessageW
EndDialog
GetSystemMetrics
ShowWindow
SetWindowTextW
GetWindowLongPtrW
GetDlgItem
DestroyWindow
PostMessageW
AdjustWindowRectEx
GetMenu
MonitorFromWindow
EnumDisplayMonitors
GetMonitorInfoW
SetWindowLongPtrW
CallWindowProcW
SetForegroundWindow
PeekMessageW
GetClientRect
DestroyIcon
LoadImageW
GetWindowTextA
GetMenuItemInfoW
LoadMenuW
TrackPopupMenu
GetSubMenu
ClientToScreen
MessageBoxA
AdjustWindowRect
DestroyMenu
UpdateWindow
GetWindowLongW
FillRect
FrameRect
MoveWindow
SetFocus
SetWindowLongW
GetWindowTextW
GetDC
RegisterClassExW
LoadIconW
SystemParametersInfoW
EnableWindow
LoadStringW
GetIconInfo
DrawIcon
SetWindowsHookExW
UnhookWindowsHookEx
SetMenuItemInfoW

gdi32

CreateDIBSection
GetStockObject
CreatePen
Polygon
Ellipse
CreateSolidBrush
GetObjectW
BitBlt
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
GetDeviceCaps
GetDIBits
GetTextExtentPoint32W
GetTextMetricsW
CreateCompatibleBitmap

comdlg32

GetSaveFileNameW

shell32

ShellExecuteW
ShellExecuteExW
DragQueryFileW
CommandLineToArgvW
SHCreateShellItem
ord155
SHGetKnownFolderPath
SHCreateItemFromParsingName
SHGetDesktopFolder
ord190
ord162

ole32

OleLockRunning
PropVariantClear
CoTaskMemRealloc
OleInitialize
OleDraw
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoGetClassObject
CLSIDFromString
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal

shlwapi

PathFileExistsW
PathCreateFromUrlW
PathIsDirectoryW
SHCreateStreamOnFileEx
SHCreateStreamOnFileW

imm32

ImmAssociateContext

gdiplus

GdipFillPolygonI
GdipBeginContainer2
GdipEndContainer
GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipResetWorldTransform
GdipDisposeImageAttributes
GdipSetPageScale
GdipSetSmoothingMode
GdipGetFamilyName
GdipSetStringFormatAlign
GdipDeleteFont
GdipDeleteStringFormat
GdipDrawPolygonI
GdipCreateFontFromLogfontW
GdipGetFamily
GdipDeleteFontFamily
GdipCreateStringFormat
GdipDrawImageRectI
GdiplusShutdown
GdiplusStartup
GdipGraphicsClear
GdipLoadImageFromStream
GdipLoadImageFromFileICM
GdipCreateImageAttributes
GdipDrawRectangleI
GdipDeleteBrush
GdipAlloc
GdipCreateSolidFill
GdipFree
GdipCloneBrush
GdipFillRectangleI
GdipDeletePen
GdipCreatePen1
GdipTranslateWorldTransform
GdipReleaseDC
GdipGetDC
GdipGetPageScale
GdipGetImageHeight
GdipGetImageWidth
GdipSetImageAttributesColorMatrix
GdipDrawString
GdipDrawImageRectRect
GdipScaleWorldTransform

comctl32

InitCommonControlsEx

winhttp

WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpOpen
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable

xmllite

CreateXmlReader

dbghelp

SymFromAddr
SymGetLineFromAddr64

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

pdh

PdhCloseQuery
PdhAddCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCollectQueryData
PdhOpenQueryW

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

propsys

PropVariantToUInt32

mfplat

MFCreateAttributes
MFCreateMediaType
MFStartup
MFShutdown

mfreadwrite

MFCreateSourceReaderFromURL

advapi32

RegDeleteTreeW
RegQueryValueExA
GetTokenInformation
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
IsWellKnownSid
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegFlushKey
RegCloseKey
GetSidSubAuthority
GetSidSubAuthorityCount
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
OpenEventLogW
ReadEventLogW
CloseEventLog
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
RegOpenKeyExA
RegDeleteKeyExW

oleaut32

SysAllocString
VarUI4FromStr
VariantClear
SysAllocStringLen
SysStringLen
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString
LoadTypeLi
VariantInit

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50b07e21804ad5059615c28e7c00fe65

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

shlwapi

imm32

gdiplus

comctl32

winhttp

xmllite

dbghelp

version

pdh

bcrypt

propsys

mfplat

mfreadwrite

advapi32

oleaut32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 640KB - Virtual size: 639KB

.data Size: 51KB - Virtual size: 63KB

.pdata Size: 73KB - Virtual size: 72KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 70KB - Virtual size: 70KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 640KB - Virtual size: 639KB

.data
Size: 51KB - Virtual size: 63KB

.pdata
Size: 73KB - Virtual size: 72KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 70KB - Virtual size: 70KB

.reloc
Size: 11KB - Virtual size: 11KB