2024-05-20_a839a4da88057e791ac664d137094f7d_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-20_a839a4da88057e791ac664d137094f7d_ryuk
Size

544KB
MD5

a839a4da88057e791ac664d137094f7d
SHA1

56d614170a7a08214a9b03307eb42d15b669e99e
SHA256

1cb66ed95bd3ebdadea37367151e3f47e37b3360ba8d90db17335844b246296f
SHA512

4cc9e0f124b1d2f8e9285402288d3c3e0e9afc56c6cccd4ac80dae8437d6a4b3e72e4f3f536c4a16db81f9e299c9e4fb2263e1b24fd43187fdf4045aa97e116a
SSDEEP

12288:qjx0Pz2IV2OJVV1TiG4fYD8tyaxa1Svk4zPgTsqoRkfTo9:qN2w7xESvk4zPgT3DTo9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-20_a839a4da88057e791ac664d137094f7d_ryuk

Files

2024-05-20_a839a4da88057e791ac664d137094f7d_ryuk
.exe windows:6 windows x64 arch:x64

8e790e5e00da2c72012eb4946f97d9fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\ViW\Release\ViW64.pdb

Imports

kernel32

GetProcAddress
GlobalLock
LocalFree
FreeLibrary
GlobalUnlock
LocalUnlock
SetEndOfFile
HeapReAlloc
HeapSize
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
ReadConsoleW
SetFilePointerEx
GetStringTypeW
LCMapStringW
GetFileType
GetConsoleMode
GetConsoleCP
HeapAlloc
HeapFree
GetACP
GetStdHandle
DeleteFileA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetLastError
RtlUnwindEx
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
LoadLibraryA
GetTempPathA
MultiByteToWideChar
LocalLock
GetModuleFileNameA
GetFileTime
MoveFileW
lstrcmpiW
WideCharToMultiByte
CopyFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetPrivateProfileStringW
GetCurrentThreadId
FindClose
GetPrivateProfileIntW
WriteFile
FindNextFileW
WritePrivateProfileStringW
FindFirstFileW
CompareFileTime
SetCurrentDirectoryW
GetTickCount64
ReadFile
Sleep
GetTempPathW
GetModuleFileNameW
RemoveDirectoryW
GetShortPathNameW
GetCommandLineW
CreateDirectoryW
GetFileSize
CloseHandle
CreateFileA
CreateEventW
WaitForSingleObjectEx
ResetEvent
CreateSemaphoreA
SetThreadPriority
CreateEventA
WaitForSingleObject
ReleaseSemaphore
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
ExitProcess
EncodePointer

user32

SetWindowLongW
wsprintfW
DrawTextW
DrawIconEx
PostQuitMessage
UpdateWindow
InvalidateRect
GetCursorPos
BeginPaint
GetClientRect
EndPaint
ReleaseCapture
wsprintfA
PeekMessageW
CharLowerA
GetWindowRect
GetFocus
GetDC
DeleteMenu
GetWindowLongPtrW
GetSysColor
CreateAcceleratorTableW
IsZoomed
SetForegroundWindow
ReleaseDC
GetWindowLongW
GetWindowThreadProcessId
SetScrollInfo
GetMessageW
DefWindowProcW
GetKeyState
LoadMenuW
PostMessageW
GetWindow
DestroyWindow
SetWindowPos
MessageBoxW
CopyImage
SetActiveWindow
FillRect
CreateWindowExW
ScreenToClient
SendMessageW
GetSystemMetrics
SetWindowTextW
GetScrollInfo
RegisterClassExW
DestroyCursor
TrackPopupMenu
GetSubMenu
ShowWindow
OpenClipboard
DispatchMessageW
DestroyIcon
ClientToScreen
CloseClipboard
SetMenuItemInfoW
EmptyClipboard
AttachThreadInput
GetForegroundWindow
SetMenu
DestroyMenu
SetFocus
TranslateAcceleratorW
TranslateMessage
LoadIconW
FindWindowW
LoadCursorW
DrawMenuBar
SetCapture
SetClipboardData
SetCursor

gdi32

CreateDIBSection
CreateDIBitmap
SetDIBits
GetDIBColorTable
GetDIBits
SetBrushOrgEx
BitBlt
CreateCompatibleBitmap
SelectObject
StartPage
CreateCompatibleDC
StretchBlt
EndDoc
RealizePalette
PlgBlt
GetStockObject
GetDeviceCaps
DeleteDC
GetTextExtentPoint32W
SetTextColor
CreateHalftonePalette
SetBkMode
SelectPalette
GetObjectW
SetStretchBltMode
DeleteObject
StartDocW
EndPage
CreateSolidBrush

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW

shell32

SHGetFileInfoW
DragFinish
SHBrowseForFolderW
SHGetPathFromIDListW
DragAcceptFiles
SHFileOperationW
DragQueryFileW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

shlwapi

PathStripPathA
PathFindExtensionA
PathRemoveFileSpecW
ord176
PathFileExistsW
PathFileExistsA
PathStripPathW
PathFindExtensionW
PathRenameExtensionW
StrCmpLogicalW
PathCombineA
PathFindFileNameW
PathCombineW

comctl32

ord17

winmm

timeEndPeriod
timeKillEvent
timeSetEvent
timeBeginPeriod
timeGetDevCaps

msimg32

AlphaBlend

Sections

.text
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e790e5e00da2c72012eb4946f97d9fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

shlwapi

comctl32

winmm

msimg32

Sections

.text Size: 371KB - Virtual size: 370KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 7KB - Virtual size: 14KB

.pdata Size: 16KB - Virtual size: 15KB

.gfids Size: 512B - Virtual size: 240B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 371KB - Virtual size: 370KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 7KB - Virtual size: 14KB

.pdata
Size: 16KB - Virtual size: 15KB

.gfids
Size: 512B - Virtual size: 240B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 2KB - Virtual size: 1KB