2024-06-19_d1d437eed2f51f2b2b8d35d161e5231a_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-19_d1d437eed2f51f2b2b8d35d161e5231a_ryuk
Size

21.1MB
MD5

d1d437eed2f51f2b2b8d35d161e5231a
SHA1

bb6950dea7bedb86f1ae2378b438f96481102c9d
SHA256

67263aef2c97939475de0f1bbc2cc1166c6258f6c11d1b8191c1fbe9704057e8
SHA512

df1871c8b04eb2c438c9c15cf2b10d166151cc67acc16f4fcc2717c153e3e428b1bbaa9331d12e0ef17bfe86961a00a5b39c476a3c0b9acf93a672b5ce1771f5
SSDEEP

393216:0wToaMJkQlkk2/D4tAaI+joHT784c4KOTztUe:0Nkk2/DJT784VT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-19_d1d437eed2f51f2b2b8d35d161e5231a_ryuk

Files

2024-06-19_d1d437eed2f51f2b2b8d35d161e5231a_ryuk
.exe windows:5 windows x64 arch:x64

13a714be6e11c0b1afb9bd40af5318a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Echenin\SVN\cppNiPROTrunk\NetInvestor\Components\out\x64\Release NI\nipro.pdb

Imports

winmm

sndPlaySoundA
PlaySoundA

kernel32

PeekNamedPipe
SetConsoleCtrlHandler
GetACP
ExitProcess
GetFullPathNameW
GetDriveTypeW
GetTimeZoneInformation
VirtualProtect
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwindEx
FlushConsoleInputBuffer
LoadLibraryW
GlobalMemoryStatus
GetFileType
GetStdHandle
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjectsEx
OpenEventA
GetSystemDirectoryA
RemoveDirectoryW
UnlockFile
LockFileEx
LockFile
GetSystemInfo
CreateDirectoryW
CreateMutexW
SignalObjectAndWait
MoveFileExW
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumeInformationW
GetFileInformationByHandle
MoveFileW
GetFileAttributesW
GetTempPathW
GetEnvironmentVariableW
GetVersionExW
GetVersion
GetDiskFreeSpaceW
CreateFileW
WriteFileEx
ReadFileEx
SetEndOfFile
GetOverlappedResult
SystemTimeToTzSpecificLocalTime
GlobalMemoryStatusEx
FileTimeToLocalFileTime
GetDiskFreeSpaceExA
FlushFileBuffers
PulseEvent
InitializeCriticalSection
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
CreateEventW
EncodePointer
RtlPcToFileHeader
FormatMessageW
ReadConsoleInputA
SetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
SetFilePointerEx
GetFileAttributesExW
SetStdHandle
ReadConsoleW
GetCurrentDirectoryW
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
LockResource
GetProcAddress
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetCurrentThreadId
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
FreeLibrary
DeleteCriticalSection
LoadResource
SizeofResource
GetFileSize
ReadFile
CloseHandle
GetModuleHandleA
FindResourceW
FindResourceExW
CreateFileA
GetVersionExA
WideCharToMultiByte
Beep
lstrlenA
GetSystemTime
lstrcmpA
MulDiv
MultiByteToWideChar
VirtualQuery
GetCurrentProcess
GetCurrentProcessId
SetEvent
ResetEvent
WaitForSingleObject
Sleep
WriteFile
GetComputerNameW
GetLocalTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateEventA
LoadLibraryA
GetModuleFileNameA
LocalAlloc
FindClose
FormatMessageA
GetFullPathNameA
FindFirstFileA
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
LocalFree
GetTickCount
GetSystemDefaultLCID
lstrcpyA
lstrlenW
GetConsoleMode
CreateMutexA
CreateProcessA
TerminateThread
GlobalHandle
GlobalFree
FindResourceA
GetTempPathA
DeleteFileA
CreateSemaphoreA
WaitForSingleObjectEx
DuplicateHandle
ReleaseSemaphore
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
SetFilePointer
GetFileAttributesA
GlobalSize
GetNumberFormatA
GetFileTime
FileTimeToSystemTime
FindNextFileW
FindFirstFileW
DeleteFileW
WaitForMultipleObjects
MoveFileExA
CreateDirectoryA
IsDBCSLeadByte
GetCommandLineA
LoadLibraryExA
OpenMutexA
ReleaseMutex
DecodePointer
GetProfileStringA
lstrcmpiA
CreateThread
FindNextFileA
CompareFileTime
SystemTimeToFileTime
OutputDebugStringA
GetCurrentDirectoryA
SetCurrentDirectoryA

user32

DdePostAdvise
RegisterClipboardFormatA
GetClipboardData
AdjustWindowRect
GetDlgItemTextA
IsDlgButtonChecked
CheckDlgButton
GetNextDlgTabItem
CharToOemBuffA
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowLongA
IntersectRect
DdeNameService
MapWindowPoints
GetWindowRect
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DdeQueryStringA
DdeCmpStringHandles
ClipCursor
GetParent
GetDesktopWindow
UpdateWindow
DragDetect
ReleaseCapture
SetCapture
GetAsyncKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
CreateDialogParamA
GetWindowLongPtrA
GetSysColor
SetWindowLongA
OpenClipboard
ShowScrollBar
GetScrollRange
SetWindowPos
DrawStateA
SetCursorPos
UnionRect
GetScrollPos
IsIconic
EnumChildWindows
GetWindowContextHelpId
SetForegroundWindow
GetForegroundWindow
DeleteMenu
GetMenuItemID
AttachThreadInput
TranslateMessage
IsClipboardFormatAvailable
ShowWindow
DestroyWindow
OemToCharA
TranslateMDISysAccel
DefFrameProcA
DestroyCursor
CheckMenuRadioItem
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
SetParent
CallWindowProcA
DefWindowProcA
SendMessageA
MessageBeep
SetWindowLongPtrA
GetActiveWindow
UnregisterClassA
GetClassLongPtrA
EqualRect
IsRectEmpty
SetRectEmpty
WindowFromPoint
SetActiveWindow
SetMenuDefaultItem
GetMenuDefaultItem
SetMenuItemInfoA
ModifyMenuA
InsertMenuA
SetMenu
GetMenu
GetCapture
GetWindow
IsDialogMessageA
MonitorFromWindow
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
OemToCharBuffA
BringWindowToTop
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
AnimateWindow
GetDoubleClickTime
WaitMessage
PostThreadMessageA
DispatchMessageA
GetMessageA
MapVirtualKeyA
GetKeyNameTextA
DrawFocusRect
SystemParametersInfoA
DefMDIChildProcA
GetScrollInfo
SetScrollInfo
OffsetRect
SetScrollPos
EnableMenuItem
CheckMenuItem
LoadAcceleratorsA
DialogBoxIndirectParamA
CreateDialogIndirectParamA
IsMenu
DrawIconEx
DrawFrameControl
GetMonitorInfoA
EndDialog
SetDlgItemTextA
GetWindowTextA
SetScrollRange
CharLowerA
wsprintfA
MapDialogRect
GetClassNameA
SetWindowContextHelpId
InvalidateRgn
CreateAcceleratorTableA
CharNextA
SendDlgItemMessageA
IsChild
ShowCaret
MoveWindow
DdeGetData
DdeCreateDataHandle
DdeClientTransaction
DestroyIcon
LoadIconA
SetCursor
MessageBoxA
GetDlgItemInt
SetDlgItemInt
DdeFreeStringHandle
DdeCreateStringHandleA
DdeDisconnect
DdeConnect
DdeUninitialize
DdeInitializeA
KillTimer
SetTimer
GetKeyState
DialogBoxParamA
RegisterWindowMessageA
EndPaint
BeginPaint
DrawTextA
LoadImageA
CopyRect
SetRect
FillRect
LoadMenuA
GetFocus
GetMessagePos
MonitorFromPoint
LoadStringW
LoadStringA
LoadCursorA
PtInRect
ScreenToClient
ClientToScreen
AdjustWindowRectEx
RedrawWindow
TrackPopupMenu
RemoveMenu
GetSubMenu
GetSystemMenu
DrawMenuBar
GetMenuStringA
TranslateAcceleratorA
DestroyAcceleratorTable
SetWindowPlacement
GetWindowPlacement
GetClassInfoExA
RegisterClassExA
PostQuitMessage
PeekMessageA
GetSysColorBrush
SetWindowTextA
IsWindowEnabled
EnableWindow
IsWindowVisible
InflateRect
FrameRect
GetCursorPos
GetWindowDC
GetMenuItemInfoA
InsertMenuItemA
TrackPopupMenuEx
AppendMenuA
GetMenuItemCount
DestroyMenu
CreatePopupMenu
CreateMenu
GetSystemMetrics
IsWindow
CreateWindowExA
DrawEdge
FlashWindow
PostMessageA
GetWindowTextLengthA

gdi32

CreateRoundRectRgn
CreateEllipticRgn
GetSystemPaletteEntries
GetPixel
FrameRgn
CreatePolygonRgn
LineDDA
SetRectRgn
Ellipse
CreateBrushIndirect
GetDIBits
GetBitmapDimensionEx
FillRgn
GetTextExtentExPointA
SetTextAlign
GetTextAlign
SetPixel
Arc
GetTextColor
SetBrushOrgEx
OffsetWindowOrgEx
Polyline
Polygon
AbortDoc
EndPage
StartPage
EndDoc
StartDocA
PlayEnhMetaFile
GetEnhMetaFileHeader
DeleteEnhMetaFile
CreateEnhMetaFileA
CloseEnhMetaFile
SelectClipRgn
SaveDC
ResetDCA
RestoreDC
Rectangle
IntersectClipRect
GetViewportOrgEx
GetClipRgn
CreateRectRgnIndirect
CreateRectRgn
CreateDCA
CombineRgn
SetWindowOrgEx
SetViewportOrgEx
LPtoDP
DPtoLP
SetDIBColorTable
CreateDIBSection
StretchBlt
GetClipBox
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
MoveToEx
LineTo
CreatePen
SetBkMode
ExtTextOutA
CreateSolidBrush
GetTextMetricsA
GetTextExtentPoint32A
CreateFontIndirectA
GetObjectA
GetStockObject
SetTextColor
SetBkColor
SelectObject
PatBlt
DeleteObject
DeleteDC
CreatePatternBrush
CreateBitmap

winspool.drv

GetPrinterA
OpenPrinterA
ClosePrinter

comdlg32

GetOpenFileNameA
PageSetupDlgA
PrintDlgA
ChooseFontA
ChooseColorA
GetSaveFileNameA

advapi32

CryptEnumProvidersW
CryptDestroyHash
CryptCreateHash
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegQueryInfoKeyA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CryptSignHashW

shell32

SHBrowseForFolderA
ShellExecuteA
Shell_NotifyIconA
SHGetMalloc
SHGetPathFromIDListA

ole32

DoDragDrop
StringFromCLSID
CoGetMalloc
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleDuplicateData
OleSetContainedObject
OleCreateStaticFromData
StgCreateDocfileOnILockBytes
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoGetClassObject
OleRun
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleSetClipboard
CoInitializeEx
CoTaskMemRealloc

oleaut32

VarBstrFromDate
VarUdateFromDate
VarDateFromStr
SystemTimeToVariantTime
VarUI4FromStr
SysStringByteLen
SafeArrayGetElement
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
DispCallFunc
SysFreeString
VarBstrCmp
VariantChangeType
VariantCopy
GetErrorInfo
SafeArrayDestroy
VariantTimeToSystemTime
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantInit
SysStringLen
SysAllocStringLen
SysAllocString
VariantClear
SysAllocStringByteLen

shlwapi

StrToIntA
StrStrA

comctl32

ImageList_Create
InitCommonControlsEx
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_GetImageCount
_TrackMouseEvent
ImageList_LoadImageA
ImageList_Draw
ImageList_Destroy
ImageList_ReplaceIcon
ord6
ImageList_Remove
ImageList_DrawEx
ImageList_GetIcon

msimg32

GradientFill
AlphaBlend

ws2_32

getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
__WSAFDIsSet
WSASend
WSARecv
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
select
gethostname
WSAWaitForMultipleEvents
htonl
htons
ntohl
ntohs
WSAStartup
WSACleanup
WSAGetLastError
setsockopt
freeaddrinfo
recv
getprotobyname
sendto
recvfrom
socket
send
getsockname
getaddrinfo
getpeername
getsockopt
getnameinfo
WSAPoll
ioctlsocket
WSASetLastError
connect
WSASocketA
accept
bind
closesocket
shutdown
listen

gdiplus

GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDrawLineI
GdipDrawRectangleI
GdipDrawEllipseI
GdipDrawPolygonI
GdipFillRectangleI
GdipFillPolygonI
GdipFillEllipseI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipDeleteGraphics
GdipDeletePen

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

rpcrt4

UuidCreate

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertCloseStore

Sections

.text
Size: 13.7MB - Virtual size: 13.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 502KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 624KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13a714be6e11c0b1afb9bd40af5318a7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

ws2_32

gdiplus

version

rpcrt4

crypt32

Sections

.text Size: 13.7MB - Virtual size: 13.7MB

.rdata Size: 4.5MB - Virtual size: 4.5MB

.data Size: 502KB - Virtual size: 592KB

.pdata Size: 624KB - Virtual size: 624KB

.gfids Size: 1024B - Virtual size: 624B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 62KB - Virtual size: 62KB

.text
Size: 13.7MB - Virtual size: 13.7MB

.rdata
Size: 4.5MB - Virtual size: 4.5MB

.data
Size: 502KB - Virtual size: 592KB

.pdata
Size: 624KB - Virtual size: 624KB

.gfids
Size: 1024B - Virtual size: 624B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 62KB - Virtual size: 62KB