2024-06-25_3ad7a2c95c5bf1ce2968c2f58c1a87d0_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-25_3ad7a2c95c5bf1ce2968c2f58c1a87d0_ryuk
Size

10.8MB
MD5

3ad7a2c95c5bf1ce2968c2f58c1a87d0
SHA1

7fc225b237c5996093a53e808b75b0a9ca6df5a0
SHA256

5869d19909334a83e733d622fbe45197f5df06bfef613274e3d856b1df62e5dd
SHA512

b3a940a969ccfb211596b893958507688224d38b1279479e27d801c50483eb7a4ee813ba478ccaecc4c82f5cf7624a154fc82d20fe792dbae73414c4d029a832
SSDEEP

98304:1FlMolQodBANjAR73BASnzmvWsJ93E/+RuSb9igLETRMLfhLRev7AMMMMq5a9FRS:DdlQM2jAhB2v7Jm/sXeDP5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-25_3ad7a2c95c5bf1ce2968c2f58c1a87d0_ryuk

Files

2024-06-25_3ad7a2c95c5bf1ce2968c2f58c1a87d0_ryuk
.exe windows:6 windows x64 arch:x64

dad03cfde39575a2a8981fd6c575fc85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\airdc-git\compiled\x64\AirDC.pdb

Imports

shfolder

SHGetFolderPathW

ws2_32

inet_pton
getnameinfo
sendto
send
recvfrom
recv
inet_ntoa
connect
getsockname
WSAAsyncSelect
accept
socket
__WSAFDIsSet
select
inet_addr
freeaddrinfo
getaddrinfo
WSAStringToAddressA
WSASocketW
WSASend
WSARecv
WSAGetLastError
WSASetLastError
shutdown
setsockopt
ntohs
ntohl
listen
htons
htonl
getsockopt
getpeername
ioctlsocket
closesocket
bind
WSAAddressToStringW
WSAStartup
WSACleanup

winmm

PlaySoundW

kernel32

FindResourceExW
GetVersionExW
LockResource
GetVersion
CreateThread
GetCommandLineW
ReadFile
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
SetConsoleMode
ReadConsoleInputA
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetACP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
WriteConsoleW
ExitThread
GetCommandLineA
SetConsoleCtrlHandler
GetModuleHandleExW
RtlUnwindEx
FlushConsoleInputBuffer
GlobalMemoryStatus
GetFileType
GetStdHandle
UnregisterWaitEx
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
FreeLibraryAndExitThread
GetThreadTimes
QueryDepthSList
InterlockedFlushSList
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VirtualFree
VirtualAlloc
GetFileSize
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateDirectoryA
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetNativeSystemInfo
GetExitCodeThread
DuplicateHandle
QueryPerformanceFrequency
EncodePointer
RtlPcToFileHeader
IsProcessorFeaturePresent
QueueUserWorkItem
TryEnterCriticalSection
GetStringTypeW
GetModuleFileNameA
GetGeoInfoW
CancelIo
ReadDirectoryChangesW
GetOverlappedResult
GetUserDefaultLocaleName
GetExitCodeProcess
CreateProcessW
FindFirstFileExW
GetDiskFreeSpaceW
GetVolumePathNameW
CreateDirectoryW
RemoveDirectoryW
SetFileTime
DeleteFileW
CopyFileW
MoveFileExW
FlushFileBuffers
SetEndOfFile
WriteFile
SetFilePointer
GetFileSizeEx
GetFileTime
CreateFileW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
FormatMessageW
GetNumberFormatW
GetLocaleInfoW
SystemTimeToFileTime
ResetEvent
OpenEventA
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
GetStringTypeExW
LoadLibraryA
FormatMessageA
LocalFree
GetComputerNameW
QueryPerformanceCounter
CreateWaitableTimerW
CreateSemaphoreA
WaitForMultipleObjects
GetModuleHandleA
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
TerminateThread
QueueUserAPC
SetWaitableTimer
CreateEventW
WaitForMultipleObjectsEx
SleepEx
ReleaseMutex
GetQueuedCompletionStatus
CreateIoCompletionPort
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
GetFileAttributesA
GetLocalTime
InitializeSListHead
OpenFile
GetCurrentProcessId
TlsFree
DecodePointer
SetUnhandledExceptionFilter
SetPriorityClass
ExitProcess
LoadLibraryExW
PostQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
TlsAlloc
CreateMutexW
LoadResource
SizeofResource
FindResourceW
lstrcpyW
GetVolumeInformationW
GetFileAttributesW
GetLogicalDrives
GetTempPathW
ResumeThread
SuspendThread
GetCurrentThread
GetEnvironmentVariableA
SetThreadPriority
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
ReadProcessMemory
OpenProcess
GetModuleFileNameW
WideCharToMultiByte
GlobalAlloc
MulDiv
lstrcpynW
FreeLibrary
lstrcmpW
FindClose
FindNextFileW
FindFirstFileW
GlobalLock
GlobalFree
GlobalUnlock
GetProcessTimes
LoadLibraryW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetDiskFreeSpaceExW
GetDriveTypeW
GlobalMemoryStatusEx
GetCurrentProcess
GetTickCount
MultiByteToWideChar
GetVersionExA
GetSystemTime
Sleep
RaiseException
SetLastError
GetCurrentThreadId
GetModuleHandleW
lstrlenW
VerSetConditionMask
InitializeCriticalSection
VerifyVersionInfoW
WaitForSingleObjectEx
SetEvent
CloseHandle
CreateEventA
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx
lstrcmpiW
CompareStringW
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetTickCount64
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
MoveFileW
FlushInstructionCache

user32

ReleaseDC
SetDlgItemTextW
SendMessageW
GetParent
IsWindow
OffsetRect
GetDC
PostMessageW
GetDlgItem
IsChild
DrawTextW
CreateMenu
ExitWindowsEx
FlashWindowEx
GetForegroundWindow
GetScrollBarInfo
SetClipboardData
EmptyClipboard
ScrollWindow
HideCaret
ChildWindowFromPoint
GetPropW
SetPropW
SetDlgItemInt
GetSystemMenu
GetUserObjectInformationW
GetProcessWindowStation
CharUpperW
GetWindowLongW
GetClientRect
SetWindowPos
MapWindowPoints
GetWindowRect
GetWindow
EndDialog
SetWindowLongPtrW
CharNextW
GetWindowTextW
GetWindowTextLengthW
CreateWindowExW
SystemParametersInfoW
LoadCursorW
SetWindowLongW
GetClassNameW
SetWindowTextW
UnregisterClassW
CopyRect
MoveWindow
MessageBoxW
EnableWindow
RedrawWindow
DialogBoxParamW
InvalidateRect
LoadStringW
RegisterClassExW
GetClassInfoExW
EnableMenuItem
AppendMenuW
GetMenuDefaultItem
SetRect
GetClassLongPtrW
GetMenuItemID
TrackPopupMenu
CreatePopupMenu
GetDlgItemTextW
GetSysColor
CheckDlgButton
IsDlgButtonChecked
GetWindowLongPtrW
DefWindowProcW
CallWindowProcW
GetKeyState
RegisterWindowMessageW
SetMenuDefaultItem
SetFocus
VkKeyScanW
SetTimer
PtInRect
GetActiveWindow
GetMenuItemCount
SendMessageTimeoutW
CreateDialogIndirectParamW
SetRectEmpty
UpdateWindow
ScreenToClient
GetCursorPos
GetDlgCtrlID
ReleaseCapture
GetCapture
SetCapture
SetCursor
DrawFocusRect
GetFocus
IsWindowEnabled
FillRect
EndPaint
BeginPaint
DestroyWindow
ShowWindow
ModifyMenuW
DrawFrameControl
InflateRect
FrameRect
WindowFromPoint
InsertMenuItemW
DefFrameProcW
GetUpdateRect
TranslateMDISysAccel
BringWindowToTop
GetLastInputInfo
IsZoomed
CloseWindow
SetMenu
IsMenu
SetMenuItemInfoW
CheckMenuRadioItem
CharLowerW
EnumWindows
SetProcessDefaultLayout
IsDialogMessageW
CreateDialogParamW
TranslateMessage
GetMessageW
LockWindowUpdate
IsWindowVisible
DefMDIChildProcW
LoadMenuW
LoadAcceleratorsW
GetMenuState
DestroyCursor
GetScrollInfo
GetWindowThreadProcessId
DispatchMessageW
CreateAcceleratorTableW
InvalidateRgn
GetDesktopWindow
DestroyAcceleratorTable
CreateIconIndirect
DestroyIcon
DrawIconEx
GetIconInfo
LoadImageW
SetMenuInfo
DrawEdge
ShowScrollBar
GetWindowDC
SetCursorPos
ClientToScreen
GetMessagePos
SetClassLongPtrW
SetForegroundWindow
KillTimer
FindWindowExW
GetSysColorBrush
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
RemoveMenu
TrackPopupMenuEx
PeekMessageW
AdjustWindowRectEx
GetSubMenu
DrawMenuBar
TranslateAcceleratorW
PostQuitMessage
LoadStringA
DestroyMenu
CheckMenuItem
GetMenuStringW
FindWindowW
MessageBeep
GetCaretPos
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetMenuItemInfoW
SystemParametersInfoA
GetWindowPlacement
IsIconic
GetSystemMetrics

gdi32

SetDIBits
GetDIBits
CreateCompatibleBitmap
PatBlt
CreateBitmap
GetWindowExtEx
CreateSolidBrush
LineTo
MoveToEx
CreatePen
ExtTextOutW
SetBitmapBits
GetBitmapBits
SetDIBColorTable
GetPixel
CreateDIBSection
BitBlt
CreateCompatibleDC
GetClipBox
GetTextExtentPoint32W
SetBkMode
SetTextColor
GetDeviceCaps
GetStockObject
CreateFontIndirectW
GetObjectW
DeleteObject
DeleteDC
SelectObject
SetWindowOrgEx
GetViewportExtEx
SetMapMode
GetMapMode
GetCurrentObject
TextOutW
SetWindowExtEx
SetViewportExtEx
SetBrushOrgEx
SetViewportOrgEx
GetViewportOrgEx
SetStretchBltMode
CreateDIBitmap
SetPixelV
Rectangle
StretchBlt
GetBkColor
GetTextMetricsW
ExcludeClipRect
LPtoDP
SetBkColor
DPtoLP
CreatePatternBrush

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
FindTextW
ChooseFontW

advapi32

SystemFunction036
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

shell32

SHGetSpecialFolderLocation
SHCreateItemFromParsingName
Shell_NotifyIconW
SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoW
DragFinish
DragQueryFileW
SHBindToParent
ShellExecuteW

ole32

CreateBindCtx
CoGetMalloc
OleUninitialize
CoTaskMemAlloc
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CoInitializeEx
CoTaskMemRealloc
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleSetContainedObject
OleCreateStaticFromData
OleDuplicateData
ReleaseStgMedium
OleInitialize
GetRunningObjectTable
CoUninitialize
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString

shlwapi

ord176
PathIsDirectoryW
SHDeleteKeyW
PathFileExistsW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_DrawIndirect
PropertySheetW
InitCommonControlsEx
ord345
ImageList_LoadImageW
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Merge
ImageList_GetIcon
ImageList_Create
ImageList_Draw
_TrackMouseEvent
ImageList_Destroy
CreateStatusWindowW

msimg32

AlphaBlend
TransparentBlt
GradientFill

gdiplus

GdipAlloc
GdipFree
GdipDisposeImage
GdipCreateBitmapFromStream
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdiplusShutdown

mpr

WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW

mswsock

AcceptEx
GetAcceptExSockaddrs

iphlpapi

GetAdaptersAddresses
GetIpAddrTable
GetBestRoute

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 420KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 61B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dad03cfde39575a2a8981fd6c575fc85

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shfolder

ws2_32

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

msimg32

gdiplus

mpr

mswsock

iphlpapi

Sections

.text Size: 6.5MB - Virtual size: 6.5MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 420KB - Virtual size: 686KB

.pdata Size: 328KB - Virtual size: 327KB

.tls Size: 512B - Virtual size: 61B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 55KB - Virtual size: 54KB

.text
Size: 6.5MB - Virtual size: 6.5MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 420KB - Virtual size: 686KB

.pdata
Size: 328KB - Virtual size: 327KB

.tls
Size: 512B - Virtual size: 61B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 55KB - Virtual size: 54KB