2024-06-09_e27cc0966ecf815fdff80188e8dcae0a_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-09_e27cc0966ecf815fdff80188e8dcae0a_ryuk
Size

4.9MB
MD5

e27cc0966ecf815fdff80188e8dcae0a
SHA1

cb3520cb07079a7550d5d1974afe82f19e162120
SHA256

4b59ae12226c4a84a3cbadab86c0d1cfa142b248613486d76eb7abb804e2fe68
SHA512

63fe523aad1ede7251c3436e4ad303ff2d59a17d238cdc4f32b67e02ad538725a09bbf70b12de3014c414480d80dde3583f8532103a817198617cf3da172baea
SSDEEP

49152:xP1VoBhJ+eKZexoQ7vAYtkWL18kDVrZ39xl3WwBKRogRBSzyod8rqMvoo5/isrSa:xHhwDt5bbBiSW48ODo56Ti

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-09_e27cc0966ecf815fdff80188e8dcae0a_ryuk

Files

2024-06-09_e27cc0966ecf815fdff80188e8dcae0a_ryuk
.exe windows:6 windows x64 arch:x64

4a214c1b85500746de2ddd92e0a7b4a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcurl

curl_easy_cleanup
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_setopt
curl_free
curl_getdate
curl_global_cleanup
curl_global_init
curl_multi_add_handle
curl_multi_cleanup
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_strerror
curl_multi_wakeup
curl_slist_append
curl_slist_free_all
curl_version_info

avcodec-60

av_packet_alloc
av_packet_free
av_packet_rescale_ts
avcodec_alloc_context3
avcodec_find_encoder
avcodec_free_context
avcodec_get_name
avcodec_open2
avcodec_parameters_from_context
avcodec_receive_packet
avcodec_send_frame

avformat-60

av_dump_format
av_interleaved_write_frame
av_write_trailer
avformat_alloc_output_context2
avformat_free_context
avformat_new_stream
avformat_write_header
avio_closep
avio_open

avutil-58

av_channel_layout_from_mask
av_dict_copy
av_dict_free
av_frame_alloc
av_frame_free
av_frame_get_buffer
av_frame_make_writable
av_log_set_level
av_opt_set
av_opt_set_int
av_opt_set_sample_fmt
av_rescale_q
av_rescale_rnd
av_samples_fill_arrays
av_strerror

swresample-4

swr_alloc
swr_convert
swr_free
swr_get_delay
swr_init

swscale-7

sws_freeContext
sws_getCachedContext
sws_scale

libfreetype

FT_Done_Face
FT_Done_FreeType
FT_Error_String
FT_Get_Char_Index
FT_Get_Kerning
FT_Init_FreeType
FT_Library_Version
FT_Load_Char
FT_Load_Glyph
FT_New_Memory_Face
FT_Set_Pixel_Sizes

libopusfile

op_channel_count
op_open_memory
op_pcm_total
op_read

libpng16-16

png_create_info_struct
png_create_read_struct
png_create_write_struct
png_destroy_info_struct
png_destroy_read_struct
png_destroy_write_struct
png_get_bit_depth
png_get_channels
png_get_color_type
png_get_compression_type
png_get_error_ptr
png_get_filter_type
png_get_image_height
png_get_image_width
png_get_interlace_type
png_get_io_ptr
png_get_rowbytes
png_get_valid
png_read_image
png_read_info
png_read_update_info
png_set_IHDR
png_set_error_fn
png_set_expand_gray_1_2_4_to_8
png_set_palette_to_rgb
png_set_read_fn
png_set_sig_bytes
png_set_strip_16
png_set_tRNS_to_alpha
png_set_write_fn
png_sig_cmp
png_write_end
png_write_image
png_write_info

sdl2

SDL_CaptureMouse
SDL_CloseAudioDevice
SDL_CreateSystemCursor
SDL_CreateWindow
SDL_DestroyWindow
SDL_EventState
SDL_FlashWindow
SDL_FreeCursor
SDL_GL_CreateContext
SDL_GL_DeleteContext
SDL_GL_GetDrawableSize
SDL_GL_MakeCurrent
SDL_GL_SetAttribute
SDL_GL_SetSwapInterval
SDL_GL_SwapWindow
SDL_GameControllerClose
SDL_GameControllerGetAxis
SDL_GameControllerGetButton
SDL_GameControllerOpen
SDL_GetClipboardText
SDL_GetClosestDisplayMode
SDL_GetCurrentAudioDriver
SDL_GetCurrentDisplayMode
SDL_GetCurrentVideoDriver
SDL_GetDesktopDisplayMode
SDL_GetDisplayBounds
SDL_GetDisplayMode
SDL_GetDisplayName
SDL_GetError
SDL_GetGlobalMouseState
SDL_GetKeyboardFocus
SDL_GetKeyboardState
SDL_GetMouseState
SDL_GetNumDisplayModes
SDL_GetNumVideoDisplays
SDL_GetPerformanceCounter
SDL_GetPerformanceFrequency
SDL_GetRelativeMouseState
SDL_GetRendererOutputSize
SDL_GetScancodeFromKey
SDL_GetVersion
SDL_GetWindowDisplayIndex
SDL_GetWindowFlags
SDL_GetWindowFromID
SDL_GetWindowPosition
SDL_GetWindowSize
SDL_GetWindowWMInfo
SDL_Init
SDL_InitSubSystem
SDL_IsGameController
SDL_JoystickGetAxis
SDL_JoystickGetGUID
SDL_JoystickGetGUIDString
SDL_JoystickGetHat
SDL_JoystickInstanceID
SDL_JoystickName
SDL_JoystickNumAxes
SDL_JoystickNumBalls
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_MinimizeWindow
SDL_NumJoysticks
SDL_OpenAudioDevice
SDL_PauseAudioDevice
SDL_PollEvent
SDL_PumpEvents
SDL_Quit
SDL_QuitSubSystem
SDL_RestoreWindow
SDL_SetClipboardText
SDL_SetCursor
SDL_SetHint
SDL_SetRelativeMouseMode
SDL_SetTextInputRect
SDL_SetWindowBordered
SDL_SetWindowDisplayMode
SDL_SetWindowFullscreen
SDL_SetWindowGrab
SDL_SetWindowPosition
SDL_SetWindowResizable
SDL_SetWindowSize
SDL_ShowCursor
SDL_ShowSimpleMessageBox
SDL_StartTextInput
SDL_StopTextInput
SDL_Vulkan_CreateSurface
SDL_Vulkan_GetInstanceExtensions
SDL_WarpMouseInWindow
SDL_WasInit
SDL_free
SDL_getenv
SDL_setenv

sqlite3

sqlite3_bind_int
sqlite3_bind_text
sqlite3_close
sqlite3_column_int
sqlite3_column_text
sqlite3_errmsg
sqlite3_exec
sqlite3_finalize
sqlite3_open
sqlite3_prepare_v2
sqlite3_reset
sqlite3_step

vulkan-1

vkAcquireNextImageKHR
vkAllocateCommandBuffers
vkAllocateDescriptorSets
vkAllocateMemory
vkBeginCommandBuffer
vkBindBufferMemory
vkBindImageMemory
vkCmdBeginRenderPass
vkCmdBindDescriptorSets
vkCmdBindIndexBuffer
vkCmdBindPipeline
vkCmdBindVertexBuffers
vkCmdBlitImage
vkCmdClearAttachments
vkCmdCopyBuffer
vkCmdCopyBufferToImage
vkCmdCopyImage
vkCmdDraw
vkCmdDrawIndexed
vkCmdEndRenderPass
vkCmdExecuteCommands
vkCmdPipelineBarrier
vkCmdPushConstants
vkCmdSetScissor
vkCmdSetViewport
vkCreateBuffer
vkCreateCommandPool
vkCreateDescriptorPool
vkCreateDescriptorSetLayout
vkCreateDevice
vkCreateFence
vkCreateFramebuffer
vkCreateGraphicsPipelines
vkCreateImage
vkCreateImageView
vkCreateInstance
vkCreatePipelineLayout
vkCreateRenderPass
vkCreateSampler
vkCreateSemaphore
vkCreateShaderModule
vkCreateSwapchainKHR
vkDestroyBuffer
vkDestroyCommandPool
vkDestroyDescriptorPool
vkDestroyDescriptorSetLayout
vkDestroyDevice
vkDestroyFence
vkDestroyFramebuffer
vkDestroyImage
vkDestroyImageView
vkDestroyInstance
vkDestroyPipeline
vkDestroyPipelineLayout
vkDestroyRenderPass
vkDestroySampler
vkDestroySemaphore
vkDestroyShaderModule
vkDestroySurfaceKHR
vkDestroySwapchainKHR
vkDeviceWaitIdle
vkEndCommandBuffer
vkEnumerateDeviceExtensionProperties
vkEnumerateInstanceLayerProperties
vkEnumeratePhysicalDevices
vkFlushMappedMemoryRanges
vkFreeCommandBuffers
vkFreeDescriptorSets
vkFreeMemory
vkGetBufferMemoryRequirements
vkGetDeviceQueue
vkGetImageMemoryRequirements
vkGetImageSubresourceLayout
vkGetInstanceProcAddr
vkGetPhysicalDeviceFormatProperties
vkGetPhysicalDeviceMemoryProperties
vkGetPhysicalDeviceProperties
vkGetPhysicalDeviceQueueFamilyProperties
vkGetPhysicalDeviceSurfaceCapabilitiesKHR
vkGetPhysicalDeviceSurfaceFormatsKHR
vkGetPhysicalDeviceSurfacePresentModesKHR
vkGetPhysicalDeviceSurfaceSupportKHR
vkGetSwapchainImagesKHR
vkInvalidateMappedMemoryRanges
vkMapMemory
vkQueuePresentKHR
vkQueueSubmit
vkQueueWaitIdle
vkResetCommandBuffer
vkResetFences
vkUnmapMemory
vkUpdateDescriptorSets
vkWaitForFences

steam_api

SteamAPI_GetHSteamPipe
SteamAPI_ISteamApps_GetLaunchCommandLine
SteamAPI_ISteamFriends_ClearRichPresence
SteamAPI_ISteamFriends_GetPersonaName
SteamAPI_ISteamFriends_SetRichPresence
SteamAPI_Init
SteamAPI_ManualDispatch_FreeLastCallback
SteamAPI_ManualDispatch_GetNextCallback
SteamAPI_ManualDispatch_Init
SteamAPI_ManualDispatch_RunFrame
SteamAPI_Shutdown
SteamAPI_SteamApps_v008
SteamAPI_SteamFriends_v017

opengl32

glAlphaFunc
glBindTexture
glBlendFunc
glClear
glClearColor
glColorPointer
glDeleteTextures
glDepthMask
glDisable
glDisableClientState
glDrawArrays
glDrawElements
glEnable
glEnableClientState
glFinish
glGenTextures
glGetIntegerv
glGetString
glLoadIdentity
glMatrixMode
glOrtho
glPixelStorei
glReadBuffer
glReadPixels
glScissor
glTexCoordPointer
glTexImage2D
glTexParameterf
glTexParameteri
glTexSubImage2D
glVertexPointer
glViewport
wglGetProcAddress

imm32

ImmGetCandidateListW
ImmGetContext
ImmReleaseContext

shlwapi

PathIsRelativeW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAGetLastError
WSAStartup
WSAStringToAddressA
__WSAFDIsSet
bind
closesocket
freeaddrinfo
getaddrinfo
htons
ioctlsocket
recvfrom
select
sendto
setsockopt
socket

ole32

CoInitializeEx
CoUninitialize

shell32

CommandLineToArgvW
SHChangeNotify
ShellExecuteExW

discord_game_sdk

DiscordCreate

enet6

enet_address_get_host_ip
enet_address_set_host
enet_host_connect
enet_host_create
enet_host_service
enet_initialize
enet_packet_create
enet_packet_destroy
enet_peer_send

libsodium

crypto_aead_xchacha20poly1305_ietf_encrypt
crypto_hash_sha256
sodium_init

advapi32

BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
GetCurrentHwProfileW
RegCloseKey
RegCreateKeyExW
RegDeleteTreeW
RegGetValueA
RegGetValueW
RegOpenKeyExW
RegSetValueExW
SystemFunction036

kernel32

AcquireSRWLockExclusive
AddVectoredExceptionHandler
AttachConsole
CloseHandle
CompareStringEx
CompareStringW
ConnectNamedPipe
CreateDirectoryW
CreateEventW
CreateFileW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSemaphoreW
CreateThread
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFileW
DisconnectNamedPipe
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTime
GetSystemTimeAsFileTime
GetThreadId
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLocaleName
GetVersion
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
LockFileEx
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
OpenProcess
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleOutputCP
SetConsoleTextAttribute
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetNamedPipeHandleState
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SleepEx
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransactNamedPipe
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnlockFileEx
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrlenW

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest

ntdll

NtWriteFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

dbghelp

SymFromAddr
SymGetOptions
SymInitialize
SymSetOptions

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 113B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a214c1b85500746de2ddd92e0a7b4a1

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

avcodec-60

avformat-60

avutil-58

swresample-4

swscale-7

libfreetype

libopusfile

libpng16-16

sdl2

sqlite3

vulkan-1

steam_api

opengl32

imm32

shlwapi

version

ws2_32

ole32

shell32

discord_game_sdk

enet6

libsodium

advapi32

kernel32

winhttp

ntdll

api-ms-win-core-synch-l1-2-0

dbghelp

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 133KB - Virtual size: 456KB

.pdata Size: 107KB - Virtual size: 106KB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 13KB - Virtual size: 12KB

.tls Size: 512B - Virtual size: 113B

CPADinfo Size: 512B - Virtual size: 56B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 133KB - Virtual size: 456KB

.pdata
Size: 107KB - Virtual size: 106KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 13KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 113B

CPADinfo
Size: 512B - Virtual size: 56B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 23KB - Virtual size: 23KB