2024-05-20_d46b51a17ba5f6156d8be6b4333b5bbc_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-20_d46b51a17ba5f6156d8be6b4333b5bbc_ryuk
Size

5.9MB
MD5

d46b51a17ba5f6156d8be6b4333b5bbc
SHA1

7930ef98c114a04f66813fc4e54e75950ebc080f
SHA256

81c65a2dae639865de22c7f8baffd939bcebc1c19fe17d6409c9165dd6bf7de9
SHA512

8a0932a3f7c57e42f425b736afe5d9957fa2c347de5d897a7eca89ec7cb219c6aea44f018b6200b5184929b7f28c9a4023ac8d3f82609aed89aba0cf87746508
SSDEEP

98304:f1KZyRtZ67KwYara2J5eJDK87H8yZTC3zbegJ1HS:f12DkGa2J5v8HFZCDbegJ1y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-20_d46b51a17ba5f6156d8be6b4333b5bbc_ryuk

Files

2024-05-20_d46b51a17ba5f6156d8be6b4333b5bbc_ryuk
.exe windows:5 windows x64 arch:x64

9e5976e395f2dd92fd2150c878442433

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

IsValidCodePage
FindNextFileA
FindFirstFileExA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
GetStringTypeW
GetStdHandle
GetEnvironmentStringsW
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
Sleep
SearchPathA
GetTempPathA
GetProfileIntA
VerifyVersionInfoA
VerSetConditionMask
GetTickCount
GetWindowsDirectoryA
FindResourceExW
lstrcpyA
GetCurrentDirectoryA
SetErrorMode
SystemTimeToTzSpecificLocalTime
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetACP
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
FileTimeToSystemTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
SystemTimeToFileTime
ReplaceFileA
GetTempFileNameA
SetFileTime
GetFileTime
GetFileAttributesA
GetDiskFreeSpaceA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GetCurrentThread
ResumeThread
SetThreadPriority
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
GetStringTypeExA
GetThreadLocale
GetVolumeInformationA
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcess
DuplicateHandle
CloseHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
CreateFileA
GetVersionExA
GetCurrentProcessId
CompareStringA
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
LoadLibraryW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
FormatMessageA
MulDiv
LocalFree
GlobalSize
LockResource
SetLastError
CopyFileA
CreateDirectoryA
LoadLibraryA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
FindResourceA
SizeofResource
LoadResource
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ExitProcess
FreeResource
CreateFileW

user32

DestroyCursor
LoadCursorA
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageA
GetCursorPos
SetWindowRgn
DrawIcon
KillTimer
SetTimer
SetCapture
InflateRect
CharUpperA
FillRect
ClientToScreen
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
GetSystemMetrics
IsZoomed
SystemParametersInfoA
SetParent
IsRectEmpty
DeleteMenu
GetSystemMenu
ReuseDDElParam
UnpackDDElParam
LoadImageA
DestroyIcon
GetWindowThreadProcessId
IntersectRect
SetRectEmpty
InsertMenuItemA
DestroyMenu
CreatePopupMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
ReleaseCapture
BringWindowToTop
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextA
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetKeyNameTextA
GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
EqualRect
GetSysColor
MapWindowPoints
ScreenToClient
UnionRect
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetDlgCtrlID
GetDlgItem
IsIconic
IsWindowVisible
WindowFromPoint
GetDCEx
LockWindowUpdate
EnableWindow
InvalidateRect
GetWindowRect
SetRect
UnregisterClassA
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
LoadAcceleratorsW
LoadMenuW
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
GetTabbedTextExtentW
PostThreadMessageA
CreateMenu
TrackMouseEvent
LoadImageW
GetIconInfo
GetMenuDefaultItem
MapVirtualKeyA
GetSysColorBrush
RealChildWindowFromPoint
GetMenuItemInfoA
CopyImage
GetAsyncKeyState
GetLastActivePopup
GetDC
ReleaseDC
InvalidateRgn
CopyRect
OffsetRect
UpdateWindow
PtInRect
SendMessageA
GetClientRect
SetCursor
LoadCursorW
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
SetFocus
SetScrollPos
GetScrollPos
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
GetWindow
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
GetParent
LoadBitmapW
RegisterWindowMessageA
DispatchMessageA
PeekMessageA
GetMessagePos
GetMessageTime
PostMessageA
RegisterClipboardFormatA
WaitMessage
IsClipboardFormatAvailable
DrawFocusRect
DrawIconEx
GetWindowRgn
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
CharUpperBuffA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
DestroyAcceleratorTable
CreateAcceleratorTableA
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
FrameRect
CopyIcon
SetCursorPos
DrawFrameControl
DrawEdge
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetClassLongPtrA
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBoxA

gdi32

CreateCompatibleDC
SelectObject
GetTextMetricsA
CreateFontA
DeleteDC
DeleteObject
GetCharWidthA
StretchDIBits
BitBlt
CreateHatchBrush
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetCurrentPositionEx
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
StartDocA
MoveToEx
TextOutA
ExtTextOutA
CreateCompatibleBitmap
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
GetMapMode
PatBlt
SetRectRgn
DPtoLP
CreateEllipticRgn
CreateDIBSection
LPtoDP
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetViewportOrgEx
Rectangle
GetBkColor
GetTextColor
GetRgnBox
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextExtentPointA
GetTextExtentPoint32W
GetWindowOrgEx
GetTextFaceA
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
SetDIBColorTable
Polygon
Polyline
CreateRoundRectRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetObjectA
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CreateDCA
CopyMetaFileA
CreatePolygonRgn
PtInRegion
GetTextExtentPoint32A
CreateRectRgnIndirect
CombineRgn
Ellipse
CreateSolidBrush
SetViewportExtEx
OffsetRgn
CreatePen

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter
GetJobA

advapi32

RegEnumValueA
GetFileSecurityA
SetFileSecurityA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegSetValueA
RegCloseKey
RegEnumKeyExA

shell32

ShellExecuteA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ExtractIconA
SHAddToRecentDocs
SHGetFileInfoA
DragFinish
DragQueryFileA
DragAcceptFiles
SHAppBarMessage
SHBrowseForFolderA

shlwapi

PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathRemoveExtensionA
PathFindFileNameA
PathFindExtensionA
StrFormatKBSizeA

uxtheme

GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData
GetThemePartSize
IsAppThemed

ole32

CLSIDFromProgID
RevokeDragDrop
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleGetClipboard
CoLockObjectExternal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
RegisterDragDrop
CLSIDFromString
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
OleLockRunning
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop

oleaut32

VariantChangeType
LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantClear
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
SysAllocString
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
OleLoadPicture

oledlg

ord8

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 679KB - Virtual size: 678KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e5976e395f2dd92fd2150c878442433

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 679KB - Virtual size: 678KB

.data Size: 2.9MB - Virtual size: 2.9MB

.pdata Size: 98KB - Virtual size: 97KB

.gfids Size: 108KB - Virtual size: 107KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 63KB - Virtual size: 63KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 679KB - Virtual size: 678KB

.data
Size: 2.9MB - Virtual size: 2.9MB

.pdata
Size: 98KB - Virtual size: 97KB

.gfids
Size: 108KB - Virtual size: 107KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 63KB - Virtual size: 63KB