2024-05-21_ddd9779267ed48dd6b445f1086af9d7a_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-21_ddd9779267ed48dd6b445f1086af9d7a_ryuk
Size

5.4MB
MD5

ddd9779267ed48dd6b445f1086af9d7a
SHA1

845c094ac67046b38208d0967ed23645076eac9b
SHA256

55323f2141ad4f2eedb799636fadc51b5e91d8cb08cfeb3bf3878a2c4fdbc0b2
SHA512

4f71f74396c8d414fdf0ef69a898cad5a97774efa018b71a584cecf03ae59e2772f4908e8e7b9493d6251bafea377ef41e196f0b81ba61e826d0eb52a54a01f3
SSDEEP

98304:Cnwp0gg5bleIOrHSGCYfr80ZBrXEOPmY:CwKMTSGCY3BDEqm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-21_ddd9779267ed48dd6b445f1086af9d7a_ryuk

Files

2024-05-21_ddd9779267ed48dd6b445f1086af9d7a_ryuk
.exe windows:5 windows x64 arch:x64

b3a6f74cf777e26ef9c06c2d6053cbad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
GetStdHandle
ExitProcess
GetFileType
FindFirstFileExA
IsValidCodePage
HeapQueryInformation
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
FindNextFileA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
Sleep
VerifyVersionInfoA
VerSetConditionMask
GetTickCount
GetWindowsDirectoryA
FindResourceExW
lstrcpyA
GetCurrentDirectoryA
GetACP
SetErrorMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetStringTypeExA
GetThreadLocale
GetVolumeInformationA
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
CreateFileA
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GlobalFlags
CopyFileA
FormatMessageA
LocalFree
GlobalSize
MulDiv
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpA
GlobalAlloc
GetModuleFileNameA
GetVersionExA
GetCurrentThread
ResumeThread
SetThreadPriority
WaitForSingleObject
SetEvent
CloseHandle
GlobalFree
GetTempPathA
GetProfileIntA
SearchPathA
SystemTimeToFileTime
ReplaceFileA
GetTempFileNameA
SetFileTime
GetFullPathNameA
GetFileTime
GetFileAttributesA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GetCurrentProcessId
CompareStringA
MultiByteToWideChar
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
LoadLibraryW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
FreeResource
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
SetLastError
EncodePointer
OutputDebugStringA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
WideCharToMultiByte
FindResourceW
SizeofResource
LoadResource
LockResource
LoadLibraryA
GetProcAddress
QueryPerformanceFrequency
CreateFileW

user32

SystemParametersInfoA
InflateRect
GetMenuItemInfoA
GetSystemMetrics
MapVirtualKeyA
GetKeyNameTextA
ClientToScreen
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
AppendMenuA
GetMenuStringA
DestroyCursor
LoadCursorW
LoadCursorA
SetRect
MapDialogRect
SetWindowContextHelpId
LoadAcceleratorsW
ShowOwnedPopups
PostQuitMessage
GetCursorPos
TranslateMessage
GetMessageA
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
SetCapture
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
ReuseDDElParam
UnpackDDElParam
LoadImageA
DestroyIcon
GetWindowThreadProcessId
GetDesktopWindow
IntersectRect
SetRectEmpty
SetCursor
InvalidateRect
InsertMenuItemA
DestroyMenu
TranslateAcceleratorA
LoadAcceleratorsA
ReleaseCapture
GetActiveWindow
BringWindowToTop
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
SetDlgItemTextA
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
GetSystemMenu
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
GetWindowLongA
PtInRect
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
GetClientRect
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
PostThreadMessageA
GetDCEx
EnableWindow
UpdateWindow
SendMessageA
GetWindowRect
OffsetRect
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
DeleteMenu
IsRectEmpty
SetParent
IsZoomed
RealChildWindowFromPoint
GetSysColorBrush
CopyImage
GetAsyncKeyState
UnionRect
CharUpperA
SetTimer
KillTimer
CharNextA
CopyAcceleratorTableA
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
DrawIcon
SetWindowRgn
WindowFromPoint
WinHelpA
GetTabbedTextExtentW
LoadBitmapW
LoadMenuA
LoadMenuW
GetMenuState
CreateMenu
CreatePopupMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
ModifyMenuA
RemoveMenu
DrawStateA
GetDC
ReleaseDC
GetSysColor
FillRect
CopyRect
UnregisterClassA
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
GetParent
RegisterWindowMessageA
DispatchMessageA
PeekMessageA
GetMessagePos
GetMessageTime
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
IsWindow
IsMenu
LockWindowUpdate
TrackMouseEvent
LoadImageW
GetMenuDefaultItem
RegisterClipboardFormatA
WaitMessage
GetWindowRgn
SubtractRect
GetUpdateRect
CharUpperBuffA
GetDoubleClickTime
SetMenuDefaultItem
DestroyAcceleratorTable
CreateAcceleratorTableA
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
FrameRect
CopyIcon
SetCursorPos
DrawFrameControl
DrawEdge
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetClassLongPtrA
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
DrawIconEx
DrawFocusRect
EqualRect
IsClipboardFormatAvailable

gdi32

GetViewportOrgEx
PatBlt
CopyMetaFileA
BitBlt
CreateHatchBrush
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetCurrentPositionEx
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
GetStockObject
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
GetTextMetricsA
CreateFontA
GetCharWidthA
StretchDIBits
CombineRgn
GetMapMode
SetRectRgn
GetBkColor
GetTextColor
GetRgnBox
CreateEllipticRgn
Ellipse
CreateDIBSection
LPtoDP
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextExtentPointA
GetTextExtentPoint32W
GetWindowOrgEx
GetTextFaceA
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
CreatePen
DPtoLP
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
StartDocA
GetDeviceCaps
DeleteDC
CreateDCA
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
SetTextColor
SetBkColor
CreateBitmap
SetWindowExtEx
Rectangle
GetTextExtentPoint32A

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter
GetJobA

advapi32

RegDeleteValueA
GetFileSecurityA
RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExW
RegSetValueA
RegSetValueExA
SetFileSecurityA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA

shell32

DragQueryFileA
DragFinish
SHGetFileInfoA
SHAddToRecentDocs
ExtractIconA
SHGetPathFromIDListA
SHAppBarMessage
SHBrowseForFolderA
DragAcceptFiles
ShellExecuteA
SHGetDesktopFolder
SHGetSpecialFolderLocation

comctl32

ImageList_Draw
ImageList_Add
ImageList_GetImageInfo

shlwapi

PathFindFileNameA
PathRemoveExtensionA
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW
PathFindExtensionA
StrFormatKBSizeA

uxtheme

GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData
GetThemePartSize
IsAppThemed

ole32

CoDisconnectObject
RegisterDragDrop
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleGetClipboard
CoLockObjectExternal
CoInitializeEx
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
StringFromCLSID
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
OleLockRunning
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
RevokeDragDrop

oleaut32

SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
LoadTypeLi
OleCreateFontIndirect
VariantCopy
VarBstrFromDate
SysAllocStringByteLen
VariantChangeType
SysFreeString
VariantClear
VariantInit
SysAllocStringLen

oledlg

ord8

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 665KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 625KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3a6f74cf777e26ef9c06c2d6053cbad

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 665KB - Virtual size: 665KB

.data Size: 1.9MB - Virtual size: 1.9MB

.pdata Size: 94KB - Virtual size: 94KB

.gfids Size: 108KB - Virtual size: 108KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 625KB - Virtual size: 624KB

.reloc Size: 62KB - Virtual size: 61KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 665KB - Virtual size: 665KB

.data
Size: 1.9MB - Virtual size: 1.9MB

.pdata
Size: 94KB - Virtual size: 94KB

.gfids
Size: 108KB - Virtual size: 108KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 625KB - Virtual size: 624KB

.reloc
Size: 62KB - Virtual size: 61KB