2024-06-20_dadcdfa1237b16797d0f16dcf993b4ae_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-20_dadcdfa1237b16797d0f16dcf993b4ae_ryuk
Size

973KB
MD5

dadcdfa1237b16797d0f16dcf993b4ae
SHA1

17ea08ba98807139767789106047c57322c1573a
SHA256

fb6269167998d98f7c3abdec0315cb96cb60dbde611b5ab56980e30afe4718c3
SHA512

53334bd12af3624bab2627dd889728dde8b4c4c902b0850e37634a2601f1f40a80a6d5ade80577221ee35c2f53fd91098bbf63087f0e93bc599360158d3c1218
SSDEEP

12288:r4C+TZLMwjOQynKpM9H89ueILgn/ATtCYqk+ro2xuDZxq7mQQdHy:DwjH4c9uBgnoTtCYqkS3Cq6bS

Score

1^/10

Malware Config

Signatures

Files

2024-06-20_dadcdfa1237b16797d0f16dcf993b4ae_ryuk
.exe windows:5 windows x64 arch:x64

898d8e980b2ec2b89047d1d4b419a0bb

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:e0:33:46:81:d8:07:f0:fe:33:b3:ca:71:8c:e5:f9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12/03/2024, 00:00

Not After

11/03/2025, 23:59

Subject

CN=HP Inc.,O=HP Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:03:b8:9c:53:7e:5d:e5:9c:d0:27:66:42:54:ed:27:7c:d2:6d:69:bd:8e:b7:d3:66:3d:3c:6b:fb:ee:e3:9c
Signer

Actual PE Digest

2f:03:b8:9c:53:7e:5d:e5:9c:d0:27:66:42:54:ed:27:7c:d2:6d:69:bd:8e:b7:d3:66:3d:3c:6b:fb:ee:e3:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\jnks\workspace\K36_Production_Build\build5475\SxS\src\x64\Release\HPPAHelper.pdb

Imports

kernel32

CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
GetThreadTimes
UnregisterWait
SetLastError
QueryPerformanceCounter
GetModuleFileNameW
ExpandEnvironmentStringsW
InitializeCriticalSection
GetCurrentProcessId
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetTickCount
CreateFileW
Sleep
SetFilePointer
WriteFile
CloseHandle
OutputDebugStringW
GetCurrentThreadId
OpenProcess
GetFileAttributesExW
GetCommandLineW
GetTempFileNameW
GetLongPathNameW
SearchPathW
FormatMessageW
LocalFree
CreateMutexW
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalMemoryStatusEx
LocalAlloc
GetShortPathNameW
GetCurrentProcess
GetExitCodeProcess
CreateThread
TerminateThread
GetExitCodeThread
TryEnterCriticalSection
SetEvent
ResetEvent
WaitForMultipleObjects
LoadResource
SizeofResource
GetFileSizeEx
DeviceIoControl
FindClose
GetFileTime
GetSystemTime
GetLocalTime
CreatePipe
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
FlushViewOfFile
OpenMutexW
CreateEventW
OpenEventW
OpenFileMappingW
CreateProcessW
GetStartupInfoW
GetEnvironmentVariableW
FindResourceW
FindResourceExW
GetSystemDirectoryW
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDiskFreeSpaceExW
GetProcessHeap
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
CreateNamedPipeW
WaitNamedPipeW
GetComputerNameExW
GetVersionExW
VerifyVersionInfoW
ProcessIdToSessionId
WideCharToMultiByte
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultLCID
GetUserDefaultLCID
ReadFile
SetEndOfFile
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStringA
GetStringTypeW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetCPInfo
IsDebuggerPresent
DebugBreak
SetDllDirectoryW
OutputDebugStringA
VerSetConditionMask
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetCurrentThread
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
ReadConsoleW
WriteConsoleW
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemWow64DirectoryW
CreateDirectoryW
GetLastError
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait

user32

AllowSetForegroundWindow
GetSystemMetrics
LoadIconW
SystemParametersInfoW
WaitForInputIdle
GetAsyncKeyState
MsgWaitForMultipleObjectsEx
GetProcessWindowStation
OpenDesktopW
SetThreadDesktop
CloseDesktop
GetThreadDesktop
OpenWindowStationW
CloseWindowStation
SetProcessWindowStation
SetTimer
RegisterWindowMessageW
GetMessageW
PeekMessageW
ExitWindowsEx
SendMessageCallbackW
GetKeyState
MsgWaitForMultipleObjects
DestroyIcon

ole32

CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CLSIDFromString

shlwapi

PathFindExtensionW
PathRemoveExtensionW
PathFileExistsW
PathIsFileSpecW
PathFindFileNameW
PathRemoveFileSpecW
PathIsDirectoryW
PathCombineW

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

advapi32

SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
SetNamedSecurityInfoW
RegDeleteKeyW
GetUserNameW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW

shell32

CommandLineToArgvW
ShellExecuteW
ExtractIconW
ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderPathW

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
VariantInit
VariantClear

secur32

GetUserNameExW

Sections

.text
Size: 630KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

898d8e980b2ec2b89047d1d4b419a0bb

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:e0:33:46:81:d8:07:f0:fe:33:b3:ca:71:8c:e5:f9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2f:03:b8:9c:53:7e:5d:e5:9c:d0:27:66:42:54:ed:27:7c:d2:6d:69:bd:8e:b7:d3:66:3d:3c:6b:fb:ee:e3:9cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

shlwapi

psapi

version

advapi32

shell32

oleaut32

secur32

Sections

.text Size: 630KB - Virtual size: 629KB

.rdata Size: 264KB - Virtual size: 263KB

.data Size: 17KB - Virtual size: 31KB

.pdata Size: 34KB - Virtual size: 33KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 7KB

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:e0:33:46:81:d8:07:f0:fe:33:b3:ca:71:8c:e5:f9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2f:03:b8:9c:53:7e:5d:e5:9c:d0:27:66:42:54:ed:27:7c:d2:6d:69:bd:8e:b7:d3:66:3d:3c:6b:fb:ee:e3:9c
Signer

.text
Size: 630KB - Virtual size: 629KB

.rdata
Size: 264KB - Virtual size: 263KB

.data
Size: 17KB - Virtual size: 31KB

.pdata
Size: 34KB - Virtual size: 33KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 7KB