2024-06-24_04994c8ef5e395b648eb5eebd4a92eae_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-24_04994c8ef5e395b648eb5eebd4a92eae_ryuk
Size

17.0MB
MD5

04994c8ef5e395b648eb5eebd4a92eae
SHA1

5eeacb49918f01fb81523f5373601f5a34a46a80
SHA256

5a1505f4844d9e3664aa1059c4766cb224e08b71449e73d32cf7479d7a4e2418
SHA512

3abba32226f481104592abd378bd18bb344fb0f1864be56c3ae42b041ce666e62d38503058b4d9a2f235f09a0f60a25db0d1905502401d1115b85b17200060ee
SSDEEP

393216:BEWGlFtLhZnVnadkEvYLEwARa/FkAnq+LbPvmu:BNGlF1n1aGEQIwARa/+AnRyu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-24_04994c8ef5e395b648eb5eebd4a92eae_ryuk

Files

2024-06-24_04994c8ef5e395b648eb5eebd4a92eae_ryuk
.exe windows:5 windows x64 arch:x64

8e13de83f39f32bb563e8e6964ac4b06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiGetClassDevsA

kernel32

GetLogicalDriveStringsW
CreateEventW
FormatMessageW
GetFileAttributesExW
OutputDebugStringW
SetEvent
GetLogicalProcessorInformation
GetCurrentThread
TerminateThread
QueryPerformanceFrequency
DeleteFileW
CloseHandle
GetNativeSystemInfo
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
SetCurrentDirectoryW
GetProcAddress
ReplaceFileW
ExitProcess
CreateProcessW
GetModuleHandleW
FreeLibrary
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
IsDebuggerPresent
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
GlobalSize
LoadLibraryA
GlobalAlloc
GlobalLock
GetCurrentProcessId
GlobalUnlock
ReleaseSemaphore
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetProcessHeap
GetOEMCP
IsValidCodePage
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
DisconnectNamedPipe
GetCurrentThreadId
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetModuleFileNameA
HeapReAlloc
HeapFree
HeapAlloc
GetACP
ExitThread
GetTimeZoneInformation
SetConsoleCtrlHandler
RtlUnwindEx
RaiseException
RtlPcToFileHeader
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
DuplicateHandle
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetModuleHandleA
UnmapViewOfFile
GetSystemDirectoryW
GetUserDefaultLCID
ReleaseMutex
GetFileAttributesW
CreateFileW
WaitForSingleObject
GetLocaleInfoW
FindClose
CreateMutexW
GetTempPathW
SetEndOfFile
SetFilePointer
CreatePipe
SetThreadPriority
WaitForMultipleObjects
CreateNamedPipeW
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetModuleHandleExW
WriteFile
GetCurrentProcess
FindNextFileW
SetHandleInformation
FindFirstFileW
CancelIo
GetVolumeInformationW
ReadFile
SetThreadAffinityMask
CreateDirectoryW
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
TryEnterCriticalSection
SizeofResource
Sleep
GetLastError
OutputDebugStringA
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
HeapSize
IsValidLocale

user32

SetParent
MoveWindow
IsWindow
ShowWindow
RegisterClassExW
GetWindowLongPtrW
UnregisterClassW
SendMessageW
CreateWindowExW
SetWindowLongPtrW
SetWindowPos
GetWindowRect
GetWindow
CallWindowProcW
DefWindowProcW
AttachThreadInput
GetWindowThreadProcessId
GetWindowTextW
TranslateMessage
SetFocus
EnumWindows
DispatchMessageW
GetFocus
SendMessageTimeoutW
PostMessageW
GetMessageW
RegisterDeviceNotificationA
BeginPaint
GetCursorPos
ReleaseDC
SetCursorPos
DefWindowProcA
InvalidateRect
SetForegroundWindow
ReleaseCapture
GetParent
EnableMenuItem
GetDesktopWindow
ShowCaret
DrawIconEx
UpdateLayeredWindow
GetClientRect
SetWindowLongW
PeekMessageW
DestroyWindow
SetCursor
ToUnicode
SetClipboardData
SetWindowsHookExW
SetCapture
DestroyCaret
LoadCursorW
FindWindowW
GetClipboardData
SetLayeredWindowAttributes
GetMessageTime
UnhookWindowsHookEx
GetForegroundWindow
TrackMouseEvent
MapWindowPoints
CreateCaret
IsChild
EmptyClipboard
CloseClipboard
CreateIconIndirect
GetMonitorInfoW
GetWindowInfo
DestroyIcon
RedrawWindow
GetCapture
CreateWindowExA
GetWindowLongPtrA
UnregisterClassA
SetWindowLongPtrA
DestroyCursor
GetKeyboardState
SetCaretPos
GetActiveWindow
GetAsyncKeyState
OpenClipboard
RegisterClassExA
GetAncestor
GetWindowPlacement
WindowFromPoint
MessageBeep
SetWindowTextW
GetSystemMetrics
EndDialog
CallNextHookEx
GetIconInfo
EnumDisplayMonitors
EnumChildWindows
MessageBoxW
IsWindowVisible
GetDC
FindWindowExW
MapVirtualKeyW
GetMessagePos
GetUpdateRgn
GetMessageExtraInfo
GetSystemMenu
GetWindowLongW
RegisterWindowMessageW
EndPaint

gdi32

EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
DeleteDC
SetMapperFlags
GetGlyphIndicesW
GetGlyphOutlineW
CreateCompatibleDC
RemoveFontMemResourceEx
SetMapMode
CreateFontIndirectW
GetOutlineTextMetricsW
SwapBuffers
SelectObject
GetKerningPairsW
AddFontMemResourceEx
CombineRgn
CreateBitmap
RestoreDC
ExcludeClipRect
GetObjectW
GetRegionData
CreateRectRgn
CreateRectRgnIndirect
StretchDIBits
CreateDIBSection
SaveDC
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetPathFromIDListW
Shell_NotifyIconW
SHParseDisplayName
SHGetKnownFolderPath
SHBrowseForFolderW
ExtractAssociatedIconW
SHGetSpecialFolderPathW
DragQueryFileW
SHCreateShellItem
ShellExecuteW
SHGetMalloc

ole32

RevokeDragDrop
CoInitializeEx
RegisterDragDrop
DoDragDrop
CoUninitialize
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoCreateGuid
CLSIDFromString
CoCreateInstance
CoInitialize
CoTaskMemFree

wininet

InternetReadFile
InternetSetOptionW
InternetConnectW
InternetCloseHandle
FtpOpenFileW
HttpEndRequestW
InternetCrackUrlW
InternetSetFilePointer
HttpQueryInfoW
InternetWriteFile
HttpOpenRequestW
HttpSendRequestExW
InternetOpenW

ws2_32

send
inet_ntoa
recv
getsockopt
htonl
htons
freeaddrinfo
sendto
ioctlsocket
setsockopt
inet_addr
WSAStartup
getaddrinfo
select
closesocket
bind
__WSAFDIsSet
accept

shlwapi

PathStripToRootW
ord172

winmm

midiInStart
midiInGetDevCapsW
midiOutUnprepareHeader
midiInPrepareHeader
midiInClose
midiOutOpen
midiOutPrepareHeader
midiOutGetDevCapsW
midiInOpen
midiInUnprepareHeader
midiInMessage
midiInAddBuffer
midiOutMessage
midiInGetNumDevs
midiOutShortMsg
midiOutGetNumDevs
midiOutLongMsg
midiOutClose
midiInStop
timeGetTime
timeKillEvent
timeBeginPeriod
midiInReset

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

opengl32

glTexSubImage2D
glPixelStorei
wglMakeCurrent
glDisable
glDrawElements
glTexImage2D
glDrawArrays
glGetBooleanv
glClearColor
glDeleteTextures
glTexParameteri
wglGetProcAddress
glReadPixels
glBlendFunc
glScissor
glEnable
glGenTextures
glBindTexture
wglGetCurrentContext
glClear
glViewport
glGetString
glGetError
glGetIntegerv

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11.7MB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 153KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e13de83f39f32bb563e8e6964ac4b06

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

wininet

ws2_32

shlwapi

winmm

imm32

opengl32

Sections

.text Size: 4.8MB - Virtual size: 4.8MB

.rdata Size: 11.7MB - Virtual size: 11.7MB

.data Size: 153KB - Virtual size: 260KB

.pdata Size: 342KB - Virtual size: 341KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 3KB - Virtual size: 2KB

.rsrc Size: 62KB - Virtual size: 61KB

.reloc Size: 77KB - Virtual size: 76KB

.text
Size: 4.8MB - Virtual size: 4.8MB

.rdata
Size: 11.7MB - Virtual size: 11.7MB

.data
Size: 153KB - Virtual size: 260KB

.pdata
Size: 342KB - Virtual size: 341KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 62KB - Virtual size: 61KB

.reloc
Size: 77KB - Virtual size: 76KB