2024-05-17_b9867be27c294d0a7e56a1989b68daa1_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-17_b9867be27c294d0a7e56a1989b68daa1_ryuk
Size

3.4MB
MD5

b9867be27c294d0a7e56a1989b68daa1
SHA1

50ec421819ad8ff613cbb9ac0f739bb35d08fff4
SHA256

6a955f5e48cadbfc7bab720358bdf05aaef6146b2ff5d44e58eacc32fe1a8c3f
SHA512

cc651a9419c325e455a31b9fecebbc291d5faa2b4da2e9eae94469aa1d867e13c70fd388267241ada2cd78d17ffac0e037e584b837d650cbc022ee3713b4d2f7
SSDEEP

49152:uQ+UuuLhdDM3xt+5YqcYsdJE1fyMt4cltQsx2eoqo5rt1ggWrJSdj5itDmg27RnN:uQv5o7FeW5rt1UEjQD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-17_b9867be27c294d0a7e56a1989b68daa1_ryuk

Files

2024-05-17_b9867be27c294d0a7e56a1989b68daa1_ryuk
.exe windows:6 windows x64 arch:x64

021177e25abcd8b58ecda517a439bbaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\sst\proj\cer\client\windows\develop\x64\Release\senddmp.pdb

Imports

wininet

InternetWriteFile
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpEndRequestW
InternetCanonicalizeUrlW
InternetReadFile
InternetCloseHandle
InternetErrorDlg
InternetCrackUrlW
HttpSendRequestExW
HttpQueryInfoW

opengl32

wglDeleteContext
glGetError
glGetString
wglMakeCurrent
wglCreateContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

SearchPathW
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetProfileIntW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetACP
ExitProcess
GetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetFileType
SetStdHandle
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
FreeLibraryAndExitThread
ExitThread
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
LCMapStringW
GetStringTypeW
OutputDebugStringW
GetTempFileNameW
FindResourceExW
GetWindowsDirectoryW
MultiByteToWideChar
CreateEventW
CloseHandle
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
ResumeThread
GlobalAlloc
FindResourceW
LoadResource
SizeofResource
FreeResource
LockResource
WaitForSingleObject
SetEvent
ResetEvent
GetLastError
CreateFileW
GetFileSize
WideCharToMultiByte
ReadFile
GetUserDefaultLCID
DeleteFileW
VerSetConditionMask
VerifyVersionInfoW
GetSystemDirectoryW
GetUserDefaultLangID
GetVersionExW
GetLocaleInfoW
GetComputerNameW
GetLocalTime
GetDateFormatW
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetTempPathW
FreeLibrary
GetNativeSystemInfo
IsDBCSLeadByte
GetModuleFileNameW
GetEnvironmentVariableW
LoadLibraryExW
OpenProcess
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
lstrlenW
CreateThread
FileTimeToSystemTime
SystemTimeToFileTime
SetFilePointer
GetFileInformationByHandle
lstrcmpiW
WriteFile
UnmapViewOfFile
GetThreadLocale
GlobalSize
LocalFree
FormatMessageW
CopyFileW
SetLastError
OutputDebugStringA
GetModuleHandleExW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
EncodePointer
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
InitializeCriticalSectionAndSpinCount
FindClose
FindFirstFileW
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetCurrentProcess
LocalAlloc
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
GetCurrentThread
lstrcmpA
CompareStringA
SetThreadPriority
SuspendThread
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
GlobalGetAtomNameW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
CompareStringW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
lstrcpyW
SetErrorMode
FindNextFileW
GetCurrentDirectoryW
GetTickCount

user32

CopyAcceleratorTableW
IntersectRect
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
TranslateMessage
GetMessageW
GetCursorPos
GetWindowThreadProcessId
CharUpperW
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
LoadMenuW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
SetRectEmpty
SendDlgItemMessageA
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
EqualRect
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
GetClassInfoExW
CallWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
RemoveMenu
AppendMenuW
InsertMenuW
InvalidateRgn
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
IsDialogMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
SetFocus
CheckDlgButton
SetWindowPos
MoveWindow
GetWindow
GetWindowLongW
CharNextW
GetDlgCtrlID
GetDlgItem
UnregisterClassW
DrawIcon
GetSystemMetrics
IsIconic
EnableMenuItem
EnableWindow
InvalidateRect
GetClientRect
OffsetRect
IsRectEmpty
GetSysColorBrush
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
SendMessageW
GetSysColor
DrawTextW
SetRect
GetDC
TrackMouseEvent
DestroyIcon
DeleteMenu
ReleaseDC
FillRect
CopyRect
GetDesktopWindow
PtInRect
ReleaseCapture
RedrawWindow
SetCapture
SetCursor
SetWindowLongW
IsWindow
GetWindowRect
WaitMessage
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
CreatePopupMenu
GetMenuDefaultItem
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
MapVirtualKeyW
GetParent
InflateRect
GetKeyNameTextW
SetLayeredWindowAttributes
EnumDisplayMonitors
DestroyCursor
GetWindowRgn
SetClassLongPtrW
CreateMenu
LoadCursorW
KillTimer
SetTimer
UpdateWindow
GetClassInfoW
DefWindowProcW
IsWindowVisible
GetFocus
ClientToScreen
WindowFromPoint
ScreenToClient
PostMessageW
MapWindowPoints
BeginPaint
EndPaint
PostQuitMessage
LoadIconW
RegisterClassW
CreateWindowExW
DestroyWindow
ShowWindow
EnumDisplayDevicesW
MessageBoxW
SetForegroundWindow
LoadImageW
GetSystemMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
UnionRect
PostThreadMessageW
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
IsZoomed
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
SetWindowRgn
GetMenuItemCount

gdi32

GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
GetRgnBox
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
SetTextColor
SetBkColor
CreateDCW
CopyMetaFileW
GetTextColor
GetBkColor
CreateFontW
DescribePixelFormat
SetPixelFormat
ChoosePixelFormat
Ellipse
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateSolidBrush
DeleteObject
DeleteDC
GetDeviceCaps
SelectObject

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetOpenFileNameW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

SystemFunction036
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

ShellExecuteW
SHAppBarMessage
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW

comctl32

ord17

shlwapi

PathAppendW
SHRegGetValueW
PathIsUNCW
PathStripToRootW
UrlUnescapeW
PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW
StrFormatKBSizeW

uxtheme

GetThemeSysColor
IsAppThemed
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
DrawThemeText
GetThemePartSize

ole32

CoTaskMemFree
OleDuplicateData
ReleaseStgMedium
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator

oleaut32

VariantChangeType
SysAllocString
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysFreeString
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantClear
SysStringLen
VariantInit
OleLoadPicture

oledlg

OleUIBusyW

gdiplus

GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipAlloc
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusShutdown
GdipGetImagePaletteSize

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 741KB - Virtual size: 741KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 632KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

021177e25abcd8b58ecda517a439bbaa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

opengl32

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 741KB - Virtual size: 741KB

.data Size: 33KB - Virtual size: 80KB

.pdata Size: 95KB - Virtual size: 95KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 632KB - Virtual size: 636KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 741KB - Virtual size: 741KB

.data
Size: 33KB - Virtual size: 80KB

.pdata
Size: 95KB - Virtual size: 95KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 632KB - Virtual size: 636KB