2024-05-17_b433ba41dd62d9f884ba53fcb204259c_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-17_b433ba41dd62d9f884ba53fcb204259c_ryuk
Size

926KB
MD5

b433ba41dd62d9f884ba53fcb204259c
SHA1

ee03d14af946f23d40905645f1c097fbece76dc1
SHA256

61ba7f946b10751d6ec6b7ebe37ec15ed418a7d98bffbe288cf10b9921a21b5e
SHA512

deddad5db966707827120571d020eb4f4deb60180ece1e23fbb41f858f07f02590466a02b9ace232fa72cc957f577754626e4d1edd13fd46cf1f9cd1e4e16a53
SSDEEP

12288:2M4IoU3VDojMmQRTxG3pxi5dFsrFWxIPcymM0b7CQcYlvhs/adBUelcE1aZWb4:2MOUMDQrB5d0woy5cYlpM4cE1aD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-17_b433ba41dd62d9f884ba53fcb204259c_ryuk

Files

2024-05-17_b433ba41dd62d9f884ba53fcb204259c_ryuk
.exe windows:5 windows x64 arch:x64

c7dbcc803a2d3e34f92d5587d3a6d919

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\WinCln .NET\x64\Release\WinCln.pdb

Imports

kernel32

GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
QueryPerformanceCounter
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetFileType
GetStringTypeW
ExitProcess
GetStdHandle
GetCommandLineW
GetCommandLineA
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
SetErrorMode
LocalFileTimeToFileTime
GetFileSizeEx
GetCurrentDirectoryW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadLocale
GetStringTypeExW
MoveFileW
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetShortPathNameW
GetFileSize
FlushFileBuffers
CreateFileW
SystemTimeToFileTime
ReplaceFileW
SetFileTime
GetTempFileNameW
GetFullPathNameW
GetFileTime
GetFileAttributesW
GetDiskFreeSpaceW
CompareStringA
GetCurrentThread
lstrcmpA
GlobalFlags
GetPrivateProfileIntW
GlobalGetAtomNameW
GetCurrentProcessId
lstrcmpW
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
WaitForSingleObject
SetEvent
GlobalUnlock
GlobalLock
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
OutputDebugStringA
GetACP
GlobalFree
GlobalAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetDriveTypeW
GetLogicalDrives
SetFileAttributesW
GetWindowsDirectoryW
GetCurrentProcess
MoveFileExW
SetCurrentDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesExW
lstrcpyW
RemoveDirectoryW
GetVolumeInformationW
DeleteFileW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetCurrentThreadId
GetModuleHandleW
SetLastError
GetTickCount
MulDiv
GetVersionExW
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryW
FreeResource
FormatMessageW
CloseHandle
LocalFree
GetModuleFileNameW
lstrcpynW
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource

user32

GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetFocus
GetDlgCtrlID
SetDlgItemTextW
MoveWindow
ShowWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
GetMenuStringW
SetRectEmpty
SendDlgItemMessageA
FrameRect
LoadImageW
CreateIconIndirect
GetDC
LoadIconW
IsIconic
BringWindowToTop
FindWindowW
UnregisterClassW
SetCursor
CopyIcon
TrackPopupMenu
DispatchMessageW
GetMessageW
PeekMessageW
UpdateWindow
PtInRect
ScreenToClient
WindowFromPoint
GrayStringW
DrawTextExW
TabbedTextOutW
CreateWindowExW
LoadCursorW
EndPaint
BeginPaint
ValidateRect
InvalidateRect
DefWindowProcW
GetParent
DrawMenuBar
RedrawWindow
SetTimer
PostMessageW
EnableWindow
SetMenu
CallNextHookEx
SetPropW
GetClassNameW
CallWindowProcW
SetWindowLongW
GetPropW
UnhookWindowsHookEx
SetWindowsHookExW
SetLayeredWindowAttributes
SetWindowLongPtrW
IntersectRect
CreatePopupMenu
DeleteMenu
SetWindowPos
ClientToScreen
IsRectEmpty
GetMenuState
LoadMenuW
GetDesktopWindow
InsertMenuW
GetWindow
IsDialogMessageW
TranslateMessage
IsWindowVisible
GetKeyState
RegisterWindowMessageW
GetMessageTime
RegisterClassW
GetClassInfoW
GetClassInfoExW
BeginDeferWindowPos
GetMenuDefaultItem
DrawFocusRect
DrawEdge
DrawTextW
GetMessagePos
InflateRect
DrawStateW
GetClientRect
GetMenuItemID
GetSubMenu
GetMenu
DeferWindowPos
EndDeferWindowPos
GetCapture
GetForegroundWindow
SetForegroundWindow
GetScrollPos
ModifyMenuW
GetWindowRect
DestroyMenu
GetSystemMenu
IsChild
GetFocus
MenuItemFromPoint
KillTimer
GetCursorPos
SendMessageW
GetWindowLongW
CopyRect
IsWindow
LoadBitmapW
SetRect
MonitorFromWindow
GetMonitorInfoW
GetSystemMetrics
GetMenuItemCount
GetWindowDC
ReleaseDC
GetSysColor
IsMenu
SetMenuInfo
GetMenuItemRect
GetMenuItemInfoW
SystemParametersInfoW
OffsetRect
GetWindowLongPtrW
FillRect
CopyImage
GetIconInfo
DestroyIcon
CopyAcceleratorTableW
MapVirtualKeyW
GetKeyNameTextW
GetMenuInfo
WindowFromDC
AdjustWindowRectEx
MessageBoxW
MapWindowPoints
EqualRect
GetClassLongPtrW
GetTopWindow
GetLastActivePopup
WinHelpW
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
ReleaseCapture
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
GetWindowThreadProcessId
UnpackDDElParam
ReuseDDElParam
PostThreadMessageW
IsZoomed
GetSysColorBrush
CharUpperW
ShowOwnedPopups
RegisterClipboardFormatW
PostQuitMessage
RealChildWindowFromPoint
RemovePropW

gdi32

CreateRectRgn
CombineRgn
CreateRectRgnIndirect
SelectClipRgn
PtVisible
RectVisible
Escape
GetWindowOrgEx
GetStockObject
GetDIBits
SetDIBits
SetTextColor
ExcludeClipRect
GetClipBox
IntersectClipRect
LineTo
RestoreDC
SaveDC
SetBkMode
SetMapMode
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontW
GetCharWidthW
StretchDIBits
GetBkColor
SetBrushOrgEx
UnrealizeObject
Rectangle
CreatePen
TextOutW
RoundRect
GetTextExtentPoint32W
DeleteObject
GetNearestColor
SetWindowOrgEx
CreateSolidBrush
CreatePatternBrush
GetTextColor
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
MoveToEx
SetTextAlign
CreateFontIndirectW
GetTextMetricsW
GetTextAlign
GetCurrentObject
SetPixel
GetPixel
DeleteDC
SetBkColor
SelectObject
CreateBitmap
GetObjectW
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetLayout

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

SystemFunction036
FreeSid
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegEnumValueW
RegEnumKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegSetValueW
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
OpenProcessToken
GetUserNameW

shell32

SHAddToRecentDocs
SHGetMalloc
SHGetDesktopFolder
ShellExecuteW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteExW
DragQueryFileW
DragFinish
ord190
ExtractIconW

comctl32

ImageList_AddMasked
ImageList_Add
ImageList_Replace
ImageList_GetImageCount
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Draw
InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize

shlwapi

SHDeleteKeyW
PathFileExistsW
PathCombineW
PathCanonicalizeW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

uxtheme

IsAppThemed
GetThemePartSize
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData

ole32

OleUninitialize
CoCreateInstance
StringFromCLSID
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoInitialize
CoRegisterMessageFilter
OleIsCurrentClipboard
CoCreateGuid
CoFreeUnusedLibraries
OleFlushClipboard
CoRevokeClassObject
OleInitialize

oleaut32

SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
VarDateFromStr

oledlg

OleUIBusyW

sqlite3

sqlite3_errmsg
sqlite3_busy_timeout
sqlite3_exec
sqlite3_close
sqlite3_open
sqlite3_free
sqlite3_mprintf
sqlite3_changes

wininet

FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 536KB - Virtual size: 535KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.control
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7dbcc803a2d3e34f92d5587d3a6d919

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

sqlite3

wininet

oleacc

Sections

.text Size: 536KB - Virtual size: 535KB

.rdata Size: 231KB - Virtual size: 230KB

.data Size: 13KB - Virtual size: 36KB

.pdata Size: 31KB - Virtual size: 30KB

.tls Size: 512B - Virtual size: 9B

.control Size: 512B - Virtual size: 272B

.rsrc Size: 101KB - Virtual size: 101KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 536KB - Virtual size: 535KB

.rdata
Size: 231KB - Virtual size: 230KB

.data
Size: 13KB - Virtual size: 36KB

.pdata
Size: 31KB - Virtual size: 30KB

.tls
Size: 512B - Virtual size: 9B

.control
Size: 512B - Virtual size: 272B

.rsrc
Size: 101KB - Virtual size: 101KB

.reloc
Size: 12KB - Virtual size: 11KB