2024-06-01_b2cf68b962bb4a7fdbf2527bda701d40_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-01_b2cf68b962bb4a7fdbf2527bda701d40_ryuk
Size

1.5MB
MD5

b2cf68b962bb4a7fdbf2527bda701d40
SHA1

03e788689dece49986db0eddc26260baa6c030cc
SHA256

5dee82568d6b9e2141dcb95d1e917d3b556fc4a733169c2278287bbc3eb11f8a
SHA512

807af6a6d974f13c5a1b9f96504f9143276411630ec1b76381fd7452012d5db5b48a072a8a011a4bf93bba3bfe0e0c15716c026d54226d0b24e436a72f331e4b
SSDEEP

24576:rEvsJy1+h8zFdXKbKevWFeGQxtKkEmEga8+VuJLjN:rEkJy1zRdauOGelEdgUV4Lh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-01_b2cf68b962bb4a7fdbf2527bda701d40_ryuk

Files

2024-06-01_b2cf68b962bb4a7fdbf2527bda701d40_ryuk
.exe windows:5 windows x64 arch:x64

f562c66621be4dac18a4fde784c12139

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Source\MC23\MediaEditor\x64\Release\Media Editor.pdb

Imports

kernel32

EncodePointer
FreeResource
GlobalDeleteAtom
GlobalFindAtomW
lstrcmpA
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
ReplaceFileW
SystemTimeToFileTime
GetCurrentDirectoryW
FileTimeToSystemTime
GetThreadLocale
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetShortPathNameW
LockFile
UnlockFile
DuplicateHandle
lstrcmpiW
GetStringTypeExW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
LocalFileTimeToFileTime
SystemTimeToTzSpecificLocalTime
SetErrorMode
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GlobalGetAtomNameW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
LCMapStringW
RtlUnwindEx
ExitProcess
SetEnvironmentVariableA
CreateDirectoryW
ExitThread
FreeLibraryAndExitThread
GetStringTypeW
GetCommandLineA
GetCommandLineW
HeapQueryInformation
GetStdHandle
GetFileType
GetCPInfo
IsValidCodePage
GetOEMCP
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
GlobalAddAtomW
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
SetLastError
OutputDebugStringA
GetACP
LoadLibraryW
lstrcmpW
MulDiv
CreateFileMappingW
ResumeThread
ResetEvent
SetEvent
TerminateThread
CreateEventW
GetCurrentThread
GetThreadPriority
GetCurrentThreadId
GetCurrentProcessId
WideCharToMultiByte
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
LoadLibraryExW
GetVersionExW
LocalFree
FormatMessageW
TerminateProcess
WaitForMultipleObjects
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
SetFileTime
GetFileTime
SetFileAttributesW
MoveFileW
GetVolumeInformationW
GetSystemDirectoryW
GetModuleFileNameW
GetFileAttributesW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetLongPathNameW
GetDriveTypeW
FlushFileBuffers
GetFileSize
SetEndOfFile
OutputDebugStringW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
MultiByteToWideChar
SetThreadPriority
CreateThread
WaitForSingleObject
WriteFile
CreateFileW
RtlPcToFileHeader
ReadFile
SetFilePointer
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
Sleep
DeleteFileW
GetTempPathW
GetLastError
CreateMutexW
CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
FindClose
FindNextFileW
FindFirstFileW
FindResourceW
LoadResource
LockResource
SizeofResource
UnhandledExceptionFilter
GetTickCount

user32

SendDlgItemMessageW
IsDialogMessageW
SetRect
PostQuitMessage
GetMessageW
ShowOwnedPopups
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
UnionRect
RealChildWindowFromPoint
CharUpperW
AdjustWindowRectEx
DrawMenuBar
TranslateAcceleratorW
GetActiveWindow
BringWindowToTop
GetMenuStringW
SendDlgItemMessageA
InflateRect
SetMenuInfo
GetMenuInfo
GetMenuState
SetMenuItemInfoW
TrackPopupMenuEx
MapWindowPoints
SetFocus
keybd_event
GetMenuItemInfoW
DrawFrameControl
SetRectEmpty
InsertMenuW
PtInRect
SubtractRect
GetMessageTime
AnimateWindow
IsRectEmpty
GetSysColorBrush
EnableMenuItem
DeleteMenu
GetSubMenu
AppendMenuW
RemoveMenu
GetClassLongPtrW
GetMenuItemID
GetMenuItemCount
InsertMenuItemW
OffsetRect
CreatePopupMenu
IntersectRect
SetMenu
DrawIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
DrawIconEx
SystemParametersInfoW
FrameRect
FillRect
GetMessagePos
SetWindowLongPtrW
GetWindowLongPtrW
EndPaint
BeginPaint
GetMonitorInfoW
CreateWindowExW
ValidateRect
GetSystemMetrics
SetWindowPlacement
GetWindowPlacement
GetDoubleClickTime
GetFocus
KillTimer
SetTimer
SetForegroundWindow
AttachThreadInput
LockSetForegroundWindow
GetCapture
GetDesktopWindow
GetLastActivePopup
SetParent
SetWindowRgn
SetWindowLongW
SetWindowPos
ShowWindow
IsWindowEnabled
IsIconic
IsZoomed
DestroyWindow
GetKeyState
GetCursorPos
ClientToScreen
ScreenToClient
GetScrollPos
SetWindowTextW
GetDlgItem
GetWindowTextW
GetWindowTextLengthW
WindowFromPoint
GetForegroundWindow
IsWindowVisible
GetWindow
GetClassNameW
FindWindowExW
FindWindowW
GetWindowThreadProcessId
DispatchMessageW
TranslateMessage
ReleaseDC
GetDC
SetCursor
DestroyCursor
DestroyIcon
LoadImageW
ReleaseCapture
SetCapture
GetWindowRect
GetWindowLongW
GetParent
GetSysColor
CopyRect
LoadBitmapW
UnregisterClassW
PeekMessageW
GetClientRect
UpdateWindow
GetMenu
InvalidateRect
PostMessageW
LoadMenuW
DefWindowProcW
LoadAcceleratorsW
LoadIconW
LoadCursorW
IsWindow
MoveWindow
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
MonitorFromWindow
GetScrollInfo
SetScrollInfo
GetTopWindow
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
SetScrollPos
ScrollWindow
TrackPopupMenu
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
GetClassInfoExW
RegisterClassW
CallWindowProcW
ReuseDDElParam
UnpackDDElParam
WinHelpW
EqualRect
SetActiveWindow
DestroyMenu
GetDlgCtrlID
GetClassInfoW
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
EnableWindow
SendMessageW
MessageBoxW
RedrawWindow
MessageBeep
RegisterWindowMessageW
GetSystemMenu

gdi32

SelectClipRgn
MoveToEx
LineTo
RectVisible
CreateEllipticRgn
CreateSolidBrush
Ellipse
PatBlt
CreateFontIndirectW
GetDeviceCaps
SetBkColor
SetTextColor
CreateBitmap
GetTextMetricsW
DeleteDC
GetCharWidthW
StretchDIBits
GetBkColor
CreateDIBSection
LPtoDP
CreatePatternBrush
Escape
ExcludeClipRect
GetClipBox
GetPixel
GetStockObject
IntersectClipRect
SetBkMode
SetMapMode
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
RestoreDC
SaveDC
DeleteObject
GetTextExtentPoint32W
Polyline
CreatePen
InvertRgn
CreateRectRgn
CreateFontW
SetPixel
RoundRect
SelectObject
BitBlt
CreateCompatibleBitmap
PtVisible
GetObjectW
CreateCompatibleDC

advapi32

GetFileSecurityW
RegQueryValueW
RegSetValueW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
SetFileSecurityW

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground

ole32

StringFromCLSID
CoUninitialize
CoInitialize
CoCreateGuid
CoTaskMemFree
OleInitialize
CoCreateInstance
CoInitializeEx
OleUninitialize

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysFreeString
SysAllocString

gdiplus

GdiplusShutdown

Sections

.text
Size: 926KB - Virtual size: 925KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f562c66621be4dac18a4fde784c12139

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

uxtheme

ole32

oleaut32

gdiplus

Sections

.text Size: 926KB - Virtual size: 925KB

.rdata Size: 418KB - Virtual size: 418KB

.data Size: 23KB - Virtual size: 47KB

.pdata Size: 51KB - Virtual size: 51KB

.gfids Size: 14KB - Virtual size: 13KB

.giats Size: 512B - Virtual size: 8B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 926KB - Virtual size: 925KB

.rdata
Size: 418KB - Virtual size: 418KB

.data
Size: 23KB - Virtual size: 47KB

.pdata
Size: 51KB - Virtual size: 51KB

.gfids
Size: 14KB - Virtual size: 13KB

.giats
Size: 512B - Virtual size: 8B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 26KB - Virtual size: 25KB