2024-05-30_3a126fb52dd3f1230e1c84fef90e9dab_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-30_3a126fb52dd3f1230e1c84fef90e9dab_ryuk
Size

5.8MB
MD5

3a126fb52dd3f1230e1c84fef90e9dab
SHA1

b3c2c0d7f97452598be31bf1c677aa835af237d3
SHA256

fd92a52f82634ce71542adc25500c3816d7c9627c710a54fdb56a3de76a16f81
SHA512

78a3c5ea95b45f955b379fbe8a2fcdb578780e1f10c51653c26724d23a466b752718d82bdb0116c795ca7c4044ce532711c57081e405eb9dec079b01e5f7110d
SSDEEP

49152:cnWVLsdkmzzF11I/sPbHA9aO4eCsUrMEq+zBOGuFFM3VAIk0S9X3d+lTQJDhEg1+:cWOF11I/sLA9aP9sAD/8DtNvJW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-30_3a126fb52dd3f1230e1c84fef90e9dab_ryuk

Files

2024-05-30_3a126fb52dd3f1230e1c84fef90e9dab_ryuk
.exe windows:6 windows x64 arch:x64

1587a7a4b8202e8c1248de3daa1a01f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildbot\slave\builds\engine-win32-64-master\build\engine\engine\build\default\src\dmengine.pdb

Imports

glu32

gluErrorString

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

psapi

GetModuleInformation
GetModuleFileNameExA
EnumProcessModules
GetProcessMemoryInfo

kernel32

CreateDirectoryW
GetProcessHeap
SetEnvironmentVariableW
QueryPerformanceCounter
GetProcessTimes
GetCurrentProcess
GetSystemTimes
SearchPathW
GetFullPathNameW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
QueryPerformanceFrequency
GetTickCount
MoveFileExA
Sleep
GetSystemTimeAsFileTime
FormatMessageA
RtlUnwindEx
RaiseException
GetLastError
SetLastError
VirtualFree
VirtualQuery
GetModuleHandleA
FreeLibrary
GetModuleFileNameA
GetModuleHandleExA
LoadLibraryA
VirtualAlloc
VirtualProtect
GetVersionExA
GetTimeZoneInformation
WideCharToMultiByte
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
CloseHandle
ReleaseMutex
CreateMutexA
GetCurrentThread
GetCurrentThreadId
TerminateThread
RtlCaptureStackBackTrace
CreateFileA
SetUnhandledExceptionFilter
GetCurrentProcessId
WriteFile
ReleaseSemaphore
CreateSemaphoreW
GetSystemInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
RemoveDirectoryW
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
HeapQueryInformation
HeapSize
MoveFileExW
DeleteFileW
CreatePipe
GetFileAttributesExW
GetExitCodeProcess
HeapReAlloc
ReadConsoleW
SetFilePointerEx
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetStringTypeW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
OutputDebugStringW
OutputDebugStringA
HeapAlloc
HeapFree
GetACP
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ResumeThread
ExitThread
MultiByteToWideChar
GetTempPathW
CreateProcessW
CreateProcessA
DuplicateHandle
ExitProcess
ReadFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
CreateFileW
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlPcToFileHeader
LoadLibraryExA
SetEndOfFile
ResetEvent

opengl32

glDrawElements
wglDeleteContext
wglMakeCurrent
wglShareLists
glGetFloatv
glViewport
glTexSubImage2D
glTexParameteri
glTexImage2D
glStencilOp
glStencilMask
glStencilFunc
glScissor
glReadPixels
glReadBuffer
glPolygonOffset
glPixelStorei
glGetString
glGetIntegerv
glGetError
glGenTextures
glFlush
glEnable
wglCreateContext
glDrawBuffer
glDrawArrays
glDisable
glDepthMask
glDepthFunc
glDeleteTextures
glCullFace
glColorMask
glClearStencil
glClearDepth
glClearColor
glClear
glBlendFunc
glBindTexture
wglGetProcAddress

user32

CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetKeyState
PostMessageA
SystemParametersInfoA
EnumDisplaySettingsA
ChangeDisplaySettingsA
SetCursorPos
ShowCursor
GetWindowRect
GetClientRect
SetWindowTextA
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
MapVirtualKeyA
ToUnicode
ToAscii
GetKeyboardState
GetAsyncKeyState
SetFocus
CharUpperW
CharUpperA
BringWindowToTop
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
UnregisterClassA
RegisterClassA
PostQuitMessage
DefWindowProcA
WaitMessage
GetMessageTime
PeekMessageA
DispatchMessageA
LoadIconA
LoadCursorA
ScreenToClient
ClientToScreen
ClipCursor
GetCursorPos
AdjustWindowRectEx

shell32

SHGetFolderPathA
ShellExecuteA

xinput9_1_0

XInputGetState

openal32

ord63
ord28
ord16
ord79
ord91
ord81
ord90
ord80
ord3
ord8
ord15
ord68
ord9
ord66
ord61
ord44
ord46

dbghelp

MiniDumpWriteDump

ws2_32

inet_ntop
ntohs
htons
inet_pton
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
gethostbyaddr
socket
shutdown
sendto
send
select
recvfrom
recv
listen
getsockopt
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
setsockopt
getnameinfo
freeaddrinfo
getaddrinfo
gethostname
inet_ntoa
getsockname
getpeername
ntohl
htonl

iphlpapi

GetAdaptersAddresses

Exports

Exports

DecryptXTeaCTR
EncryptXTeaCTR
LZ4CompressBuffer
LZ4DecompressBuffer
LZ4MaxCompressedSize
MD5_Final
MD5_Init
MD5_Update
Particle_CreateContext
Particle_CreateInstance
Particle_DeletePrototype
Particle_DestroyContext
Particle_DestroyInstance
Particle_GenerateVertexData
Particle_GetContextMaxParticleCount
Particle_GetEmitterCount
Particle_GetInstanceStats
Particle_GetMaterial
Particle_GetMaterialPath
Particle_GetStats
Particle_GetTileSource
Particle_GetTileSourcePath
Particle_GetVertexBufferSize
Particle_Hash
Particle_IsSleeping
Particle_NewPrototype
Particle_NewPrototypeFromDDF
Particle_ReloadInstance
Particle_ReloadPrototype
Particle_RenderEmitter
Particle_ResetInstance
Particle_ResetRenderConstant
Particle_SetContextMaxParticleCount
Particle_SetMaterial
Particle_SetPosition
Particle_SetRenderConstant
Particle_SetRotation
Particle_SetScale
Particle_SetScaleAlongZ
Particle_SetTileSource
Particle_StartInstance
Particle_StopInstance
Particle_Update
RNG_custom_init
RNG_initialize
RNG_terminate
__swprintf_l
__vswprintf_l
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fscanf_l
_fscanf_s_l
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwscanf_l
_fwscanf_s_l
_printf_l
_printf_p
_printf_p_l
_printf_s_l
_scanf_l
_scanf_s_l
_scprintf
_scprintf_l
_scprintf_p
_scprintf_p_l
_scwprintf
_scwprintf_l
_scwprintf_p
_scwprintf_p_l
_snprintf
_snprintf_c
_snprintf_c_l
_snprintf_l
_snprintf_s
_snprintf_s_l
_snscanf
_snscanf_l
_snscanf_s
_snscanf_s_l
_snwprintf
_snwprintf_l
_snwprintf_s
_snwprintf_s_l
_snwscanf
_snwscanf_l
_snwscanf_s
_snwscanf_s_l
_sprintf_l
_sprintf_p
_sprintf_p_l
_sprintf_s_l
_sscanf_l
_sscanf_s_l
_swprintf
_swprintf_c
_swprintf_c_l
_swprintf_l
_swprintf_p
_swprintf_p_l
_swprintf_s_l
_swscanf_l
_swscanf_s_l
_vfprintf_l
_vfprintf_p
_vfprintf_p_l
_vfprintf_s_l
_vfscanf_l
_vfscanf_s_l
_vfwprintf_l
_vfwprintf_p
_vfwprintf_p_l
_vfwprintf_s_l
_vfwscanf_l
_vfwscanf_s_l
_vprintf_l
_vprintf_p
_vprintf_p_l
_vprintf_s_l
_vscanf_l
_vscanf_s_l
_vscprintf
_vscprintf_l
_vscprintf_p
_vscprintf_p_l
_vscwprintf
_vscwprintf_l
_vscwprintf_p
_vscwprintf_p_l
_vsnprintf
_vsnprintf_c
_vsnprintf_c_l
_vsnprintf_l
_vsnprintf_s
_vsnprintf_s_l
_vsnwprintf
_vsnwprintf_l
_vsnwprintf_s
_vsnwprintf_s_l
_vsnwscanf_l
_vsnwscanf_s_l
_vsprintf_l
_vsprintf_p
_vsprintf_p_l
_vsprintf_s_l
_vsscanf_l
_vsscanf_s_l
_vswprintf
_vswprintf_c
_vswprintf_c_l
_vswprintf_l
_vswprintf_p
_vswprintf_p_l
_vswprintf_s_l
_vswscanf_l
_vswscanf_s_l
_vwprintf_l
_vwprintf_p
_vwprintf_p_l
_vwprintf_s_l
_vwscanf_l
_vwscanf_s_l
_wprintf_l
_wprintf_p
_wprintf_p_l
_wprintf_s_l
_wscanf_l
_wscanf_s_l
base64_decode
dmHashBuffer32
dmHashBuffer64
dmHashBufferNoReverse32
dmHashBufferNoReverse64
dmHashClone32
dmHashClone64
dmHashEnableReverseHash
dmHashFinal32
dmHashFinal64
dmHashInit32
dmHashInit64
dmHashRelease32
dmHashRelease64
dmHashReverse32
dmHashReverse64
dmHashReverseErase32
dmHashReverseErase64
dmHashReverseSafe64
dmHashString32
dmHashString64
dmHashUpdateBuffer32
dmHashUpdateBuffer64
fprintf
fprintf_s
fscanf
fscanf_s
fwprintf
fwprintf_s
fwscanf
fwscanf_s
get_random
getdomainname
gettimeofday
print_blob
printf
printf_s
scanf
scanf_s
snprintf
sprintf
sprintf_s
sscanf
sscanf_s
ssl_client_new
ssl_ctx_free
ssl_ctx_new
ssl_display_error
ssl_ext_free
ssl_ext_new
ssl_find
ssl_free
ssl_get_cert_dn
ssl_get_cert_subject_alt_dnsname
ssl_get_cipher_id
ssl_get_config
ssl_get_session_id
ssl_get_session_id_size
ssl_handshake_status
ssl_obj_load
ssl_obj_memory_load
ssl_read
ssl_renegotiate
ssl_server_new
ssl_verify_cert
ssl_version
ssl_write
strcasecmp
swprintf
swprintf_s
swscanf
swscanf_s
vfprintf
vfprintf_s
vfscanf
vfscanf_s
vfwprintf
vfwprintf_s
vfwscanf
vfwscanf_s
vprintf
vprintf_s
vscanf
vscanf_s
vsnprintf
vsnprintf_s
vsprintf
vsprintf_s
vsscanf
vsscanf_s
vswprintf
vswprintf_s
vswscanf
vswscanf_s
vwprintf
vwprintf_s
vwscanf
vwscanf_s
wprintf
wprintf_s
wscanf
wscanf_s

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 799KB - Virtual size: 798KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 393KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1587a7a4b8202e8c1248de3daa1a01f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

glu32

advapi32

psapi

kernel32

opengl32

user32

shell32

xinput9_1_0

openal32

dbghelp

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 799KB - Virtual size: 798KB

.data Size: 393KB - Virtual size: 1.2MB

.pdata Size: 190KB - Virtual size: 190KB

.idata Size: 13KB - Virtual size: 13KB

.didat Size: 3KB - Virtual size: 3KB

.rodata Size: 4KB - Virtual size: 4KB

.gfids Size: 1KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 777B

_RDATA Size: 7KB - Virtual size: 7KB

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 98KB - Virtual size: 98KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 799KB - Virtual size: 798KB

.data
Size: 393KB - Virtual size: 1.2MB

.pdata
Size: 190KB - Virtual size: 190KB

.idata
Size: 13KB - Virtual size: 13KB

.didat
Size: 3KB - Virtual size: 3KB

.rodata
Size: 4KB - Virtual size: 4KB

.gfids
Size: 1KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 777B

_RDATA
Size: 7KB - Virtual size: 7KB

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 98KB - Virtual size: 98KB

.reloc
Size: 33KB - Virtual size: 33KB