2024-06-11_67f8f41f6d59d8436902c8233e2e30cb_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-11_67f8f41f6d59d8436902c8233e2e30cb_ryuk
Size

2.1MB
MD5

67f8f41f6d59d8436902c8233e2e30cb
SHA1

b78a93527cae8ffcc1f1fabf5318ffdde13337ec
SHA256

48043dfe4148736248b2c38409e3c29b120aa7bfdf196f7ec99ca7ffe551aafd
SHA512

213bd5f15d0202e1330c2b68da7aece259af4d40313ebad283223c3b6880aba5573139a4810dbffbbbe0f5b367e4bce98508bddb8fcace04f6acd3b72f825bd3
SSDEEP

49152:LBYCncf4zZxp0pzbPVbPYKmTeua/Trr2F6:VY/zZbzusrb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-11_67f8f41f6d59d8436902c8233e2e30cb_ryuk

Files

2024-06-11_67f8f41f6d59d8436902c8233e2e30cb_ryuk
.exe windows:5 windows x64 arch:x64

1a266c51c27c0d335ff8d0d23fb32a75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Work\projects\BDAntiCryptoWall\bin\x64\Release\BDAntiCryptoWall.pdb

Imports

htmlayout

HTMLayoutVisitElements
HTMLayoutControlSetValue
ValueInit
HTMLayoutLoadHtml
HTMLayout_UnuseElement
HTMLayout_UseElement
ValueStringDataSet
HTMLayoutGetRootElement
HTMLayoutSetCallback
HTMLayoutGetElementLocation
HTMLayoutGetAttributeByName
HTMLayoutSelectElementsW
HTMLayoutGetElementState
HTMLayoutGetElementIndex
HTMLayoutSetElementState
HTMLayoutSetStyleAttribute
HTMLayoutPostEvent
HTMLayoutSelectParent
HTMLayoutSetAttributeByName
HTMLayoutGetChildrenCount
HTMLayoutGetNthChild
HTMLayoutGetParentElement
ValueStringData
HTMLayoutSetupDebugOutput
HTMLayoutGetElementHwnd
HTMLayoutSelectElements
HTMLayoutWindowAttachEventHandler
HTMLayoutDataReady
ValueClear
HTMLayoutProcND

bdmetrics

BDMetricsSendData
BDMetricsTrackEvent_W
BDMetricsStart_W
BDMetricsStop

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW

urlmon

URLDownloadToFileW

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

user32

TranslateMessage
GetSystemMetrics
CreatePopupMenu
TrackPopupMenu
RegisterWindowMessageA
SetTimer
SwitchToThisWindow
ExitWindowsEx
AppendMenuW
KillTimer
TranslateAcceleratorW
UpdateWindow
SetForegroundWindow
GetWindowRect
GetCursorPos
GetWindowLongW
DefWindowProcW
PostMessageW
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
SetWindowTextW
GetWindowLongPtrW
DispatchMessageW
LoadAcceleratorsW
MessageBoxW
GetMessageW
SystemParametersInfoW
MapWindowPoints
GetKeyboardLayoutList
SendMessageW
PtInRect
RegisterClassExW
ShowWindow
GetParent
LoadIconW
LoadCursorW
PostQuitMessage

ole32

CoInitializeEx
CoSetProxyBlanket
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance

oleaut32

VariantChangeType
VariantInit
VariantClear
SysFreeString
SysAllocString

kernel32

GetACP
TlsAlloc
SetLastError
RtlUnwindEx
TlsSetValue
RtlPcToFileHeader
HeapFree
HeapAlloc
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
EncodePointer
GetStdHandle
LCMapStringW
GetFileType
GetStringTypeW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleW
SetEndOfFile
TlsGetValue
CreateToolhelp32Snapshot
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
InitializeSListHead
OpenEventA
GetEnvironmentVariableA
GetVolumeInformationA
GetVersion
Sleep
GetLastError
LoadLibraryW
GetProcAddress
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
CreateEventA
CreateMutexA
GetVolumeNameForVolumeMountPointA
GetWindowsDirectoryA
LocalFree
ReadFile
GetCurrentProcess
WriteFile
DeviceIoControl
WaitForMultipleObjects
WaitForSingleObject
ReleaseMutex
UnmapViewOfFile
CreateFileA
SetEvent
GetSystemDirectoryA
CloseHandle
CreateThread
ResetEvent
SetFilePointerEx
CreateFileMappingA
MapViewOfFile
GetVersionExW
SizeofResource
MultiByteToWideChar
LockResource
LoadResource
FindResourceW
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
CreateDirectoryW
GetModuleFileNameW
GetTempPathW
DeleteFileW
OpenProcess
ReadConsoleW
Module32FirstW
ReadProcessMemory
Module32NextW
AllocConsole
CreateFileW
GetFileSize
WriteProcessMemory
VirtualAllocEx
CreateRemoteThread
VirtualFreeEx
IsWow64Process
GetUserDefaultLCID
CreateEventW
TerminateThread
GetModuleHandleW
GetCommandLineW
CreateProcessW
FindClose
WideCharToMultiByte
CreateMutexW
ExitProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

advapi32

RegEnumKeyExA
InitializeSecurityDescriptor
RegQueryInfoKeyA
LookupAccountSidA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorDacl
SetSecurityInfo
FreeSid
RegCreateKeyExA
SetEntriesInAclW
AllocateAndInitializeSid
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegOpenKeyExA

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteA
ShellExecuteW

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a266c51c27c0d335ff8d0d23fb32a75

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

htmlayout

bdmetrics

wininet

urlmon

secur32

user32

ole32

oleaut32

kernel32

advapi32

shell32

rpcrt4

Sections

.text Size: 241KB - Virtual size: 240KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 13KB - Virtual size: 13KB

.gfids Size: 512B - Virtual size: 244B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 241KB - Virtual size: 240KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 13KB - Virtual size: 13KB

.gfids
Size: 512B - Virtual size: 244B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 568KB - Virtual size: 572KB