2024-05-26_ce0748299348333868ec1f40c289be1a_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-26_ce0748299348333868ec1f40c289be1a_ryuk
Size

6.5MB
MD5

ce0748299348333868ec1f40c289be1a
SHA1

47c4bc9324b4c7134f36e4270ea82a1c44f09deb
SHA256

3498dd867de8204ddbf7a851c146944f8e3a299d969cbf82d7c09baa185f95df
SHA512

bdcb4e8f6a68595c1e6d9d9d5436ad88f3424c283d7bfbca8e273850804c3021bef85f2659a61589b0ab7ab90581d578a2eba50296bb281f585f0b44b5dbbadf
SSDEEP

98304:N+z7OrASDgrRnYC6T/ubtUNSBs44OiZrq1DfPHNADtV6v+y:NDi+C6T/kCNSD4O7NADtV6v+y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-26_ce0748299348333868ec1f40c289be1a_ryuk

Files

2024-05-26_ce0748299348333868ec1f40c289be1a_ryuk
.exe windows:6 windows x64 arch:x64

9b7917d57199b5ff49a04fd68cf1af69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
GetACP
ExitProcess
GetEnvironmentStringsW
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
FindFirstFileExW
ExitThread
RtlUnwindEx
RtlPcToFileHeader
FindNextFileW
LoadLibraryA
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertFiberToThread
DeleteFiber
GetFileType
GetEnvironmentVariableW
GetStdHandle
GetCPInfo
LCMapStringW
GetStringTypeW
IsValidCodePage
FreeLibraryAndExitThread
GetOEMCP
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProfileIntW
SearchPathW
GetWindowsDirectoryW
FindResourceExW
GetTempFileNameW
SetErrorMode
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalGetAtomNameW
VerifyVersionInfoW
VerSetConditionMask
GetPrivateProfileIntW
lstrcpyW
GetVersionExW
GetCurrentThread
lstrcmpA
GetThreadLocale
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
SuspendThread
SetThreadPriority
SetEvent
InitializeCriticalSectionAndSpinCount
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleExW
FreeResource
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
SetLastError
EncodePointer
OutputDebugStringA
ResumeThread
CreateRemoteThread
GetProcAddress
LoadLibraryW
GetCurrentProcessId
WaitForSingleObject
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetFileAttributesW
GetModuleHandleW
GetModuleFileNameW
CreateEventW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
CloseHandle
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetTickCount
GetCurrentProcess
DeviceIoControl
CreateFileW
VirtualFreeEx
WritePrivateProfileStringW
GetTempPathW
GetCurrentDirectoryW
CopyFileW
CreateDirectoryW
OpenProcess
WriteProcessMemory
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualQueryEx
Module32NextW
Module32FirstW
K32GetProcessImageFileNameW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetLastError
CreateMutexW
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
CreateThread
GetPrivateProfileStringW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
SetStdHandle

user32

GetMenuItemInfoW
DestroyMenu
IntersectRect
ShowOwnedPopups
EnumDisplayMonitors
SystemParametersInfoW
SetLayeredWindowAttributes
DrawIconEx
IsRectEmpty
InflateRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
WaitMessage
CharUpperW
GetMessageW
SetRectEmpty
SendDlgItemMessageA
GetCursorPos
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
ReleaseDC
MapVirtualKeyW
GetKeyNameTextW
FillRect
DrawStateW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
CopyImage
IsWindowEnabled
MessageBeep
WindowFromPoint
NotifyWinEvent
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
CheckDlgButton
SetDlgItemTextW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
DestroyIcon
LoadImageW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
GetNextDlgGroupItem
SetParent
PtInRect
EqualRect
RealChildWindowFromPoint
GetAsyncKeyState
TrackMouseEvent
IsZoomed
SetCapture
ReleaseCapture
GetSystemMenu
SetWindowTextW
DeleteMenu
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetWindowRgn
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
OpenClipboard
CloseClipboard
SetClipboardData
EnableWindow
SendMessageW
GetWindowRect
PostMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
GetFocus
GetParent
GetWindow
IsWindowVisible
GetClassNameW
GetWindowThreadProcessId
GetWindowTextW
EnumWindows
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
LoadIconW
GetClientRect
GetDC
SetTimer
RegisterHotKey
OffsetRect
IsIconic
GetSystemMetrics
DrawIcon
UnregisterHotKey
KillTimer
InvalidateRect
EmptyClipboard
SetCursor
LoadCursorW
UnregisterClassW
LoadMenuW
GetSubMenu
RegisterWindowMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
SetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetDoubleClickTime
GetIconInfo
CopyIcon
ModifyMenuW
DestroyAcceleratorTable
SetClassLongPtrW
GetUpdateRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
RegisterClipboardFormatW
CharUpperBuffW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
FrameRect
PostThreadMessageW
HideCaret
InvertRect
SubtractRect
IsClipboardFormatAvailable
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
CreateMenu
DestroyCursor

gdi32

MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetMapMode
SetRectRgn
DPtoLP
CreateRoundRectRgn
CreateDIBSection
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
EnumFontFamiliesExW
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
SetTextAlign
GetNearestPaletteIndex
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
PatBlt
CreateRectRgnIndirect
DeleteObject
CreateSolidBrush
CreateDCW
CopyMetaFileW
CreateBitmap
GetStockObject
GetDeviceCaps
GetObjectW
CreateFontIndirectW
DeleteDC
SetBkColor
GetRgnBox
SelectPalette
SetTextColor

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptGenRandom
RegDeleteValueW
OpenSCManagerW
QueryServiceStatus
ChangeServiceConfigW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
DeleteService
ControlService
CreateServiceW
CloseServiceHandle
StartServiceW
OpenServiceW

shell32

DragQueryFileW
SHAppBarMessage
SHGetDesktopFolder
SHBrowseForFolderW
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
DragFinish

comctl32

InitCommonControlsEx

shlwapi

StrFormatKBSizeW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathIsDirectoryW
PathFileExistsW
PathRemoveFileSpecW

uxtheme

IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
IsAppThemed
GetThemeSysColor

ole32

CoInitialize
CoUninitialize
CoRegisterMessageFilter
CoRevokeClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

LoadTypeLi
VarBstrFromDate
VariantCopy
SafeArrayDestroy
SysStringLen
VariantChangeType
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

ws2_32

accept
bind
closesocket
connect
htons
inet_addr
recv
recvfrom
select
send
sendto
socket
gethostbyname
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
WSAAsyncSelect
htonl

winmm

PlaySoundW

wininet

InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetReadFile

dnsapi

DnsQuery_W
DnsFree

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertOpenStore
CertGetCertificateContextProperty

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b7917d57199b5ff49a04fd68cf1af69

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

ws2_32

winmm

wininet

dnsapi

crypt32

oleacc

imm32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 40KB - Virtual size: 224KB

.pdata Size: 146KB - Virtual size: 145KB

.gfids Size: 108KB - Virtual size: 107KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 82KB - Virtual size: 82KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 40KB - Virtual size: 224KB

.pdata
Size: 146KB - Virtual size: 145KB

.gfids
Size: 108KB - Virtual size: 107KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 82KB - Virtual size: 82KB