2024-05-25_787d792c522191d7f5becc931bc234a0_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-25_787d792c522191d7f5becc931bc234a0_ryuk
Size

2.3MB
MD5

787d792c522191d7f5becc931bc234a0
SHA1

1553696c10e01043afff242f179ef12838640e8a
SHA256

0f592a6a163208f58bccd5dde9b16239ba6013040cd12824f6aa4f474c87cf1c
SHA512

4bafd869cff59fad7176253d78bb161b9eb0e64579c17d7822266cec06fd52361699292dd991355b2681635ee1345a79df5851495d5d67415e11690707ee9eab
SSDEEP

49152:2KvTjXY4zPPFQKE0hsrN1ye618B6Mta+38t:h1PPF1h2NYT1S0U8t

Score

1^/10

Malware Config

Signatures

Files

2024-05-25_787d792c522191d7f5becc931bc234a0_ryuk
.exe windows:5 windows x64 arch:x64

582b5e1410271906deeb9a66c2215736

Code Sign

45:31:a9:3c:24:b8:74:a3:4e:c7:13:23:10:0d:46:dc
Certificate

Issuer

CN=GentlewoodMama,1.2.840.113549.1.9.1=#0c1768656c704067656e746c65776f6f646d616d612e6e6574

Not Before

17/10/2020, 00:00

Not After

17/10/2021, 23:59

Subject

CN=GentlewoodMama,1.2.840.113549.1.9.1=#0c1768656c704067656e746c65776f6f646d616d612e6e6574

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetQueuedCompletionStatusEx
SetFileIoOverlappedRange
SetEvent
WaitForSingleObject
LoadResource
SizeofResource
SetStdHandle
WriteFile
ReadFile
GetFileTime
CloseHandle
GetTapeParameters
SetMailslotInfo
OpenMutexA
CreateEventA
CreateEventExW
CreateFileMappingW
LoadLibraryA
LoadLibraryW
LoadLibraryExW
GetModuleHandleA
FindResourceW
FindResourceExW
GetFullPathNameW
DefineDosDeviceA
GetCompressedFileSizeA
FindFirstFileNameW
FindNextChangeNotification
IsBadHugeReadPtr
SetTimerQueueTimer
ClosePrivateNamespace
GetLastError
OpenJobObjectA
WideCharToMultiByte
SetThreadPreferredUILanguages
GetCurrencyFormatEx
GetConsoleCP
SetConsoleOutputCP
GetConsoleProcessList
MultiByteToWideChar
DecodePointer
FreeLibrary
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FormatMessageW
DeleteFileW
WriteConsoleW
GetThreadIOPendingFlag
IsSystemResumeAutomatic
GetCurrentProcessId
SetProcessWorkingSetSizeEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetFullPathNameA
HeapAlloc
HeapDestroy
VirtualQueryEx
GetProcAddress
LockResource
AllocateUserPhysicalPagesNuma
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
SetLastError
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
CreateFileW
GetFileType
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
ExitProcess
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
GetConsoleMode
ReadConsoleW
GetCurrentThread
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetEndOfFile
GetFileAttributesExW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTimeZoneInformation

user32

UnregisterClassA

gdi32

EnumMetaFile

advapi32

EqualDomainSid
ConvertSidToStringSidA
GetManagedApplications
PerfCreateInstance
RegDeleteKeyValueW

ole32

CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoGetMarshalSizeMax
MonikerCommonPrefixWith
OleDraw
CreateOleAdviseHolder

shlwapi

SHSetThreadRef
ord433
SHEnumValueA
ord151
StrToIntA
StrStrW

imm32

ImmConfigureIMEW
ImmSetStatusWindowPos
ImmUnregisterWordW
ImmInstallIMEA
ImmReleaseContext

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

582b5e1410271906deeb9a66c2215736

Code Sign

45:31:a9:3c:24:b8:74:a3:4e:c7:13:23:10:0d:46:dcCertificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

shlwapi

imm32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 291KB - Virtual size: 291KB

.data Size: 61KB - Virtual size: 74KB

.pdata Size: 78KB - Virtual size: 77KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 2KB - Virtual size: 1KB

.rsrc Size: 237KB - Virtual size: 236KB

.reloc Size: 7KB - Virtual size: 7KB

45:31:a9:3c:24:b8:74:a3:4e:c7:13:23:10:0d:46:dc
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 291KB - Virtual size: 291KB

.data
Size: 61KB - Virtual size: 74KB

.pdata
Size: 78KB - Virtual size: 77KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 237KB - Virtual size: 236KB

.reloc
Size: 7KB - Virtual size: 7KB