2024-06-27_bf8e90fc42c0d414ed52356778709e6a_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-27_bf8e90fc42c0d414ed52356778709e6a_ryuk
Size

14.0MB
MD5

bf8e90fc42c0d414ed52356778709e6a
SHA1

a78dc6dd9364ad45badf757029e6216808ca32ad
SHA256

7cb1c8398b83da3120bea009b4040124f674d2f8ea29f1c09a2a0f59d5eb5509
SHA512

0219e65dce693817dfe579aa4255c488c51f46073fc0d013e33f4225ccfeadbf979aec28e1e8f46f1e06cb77b45e65502b63ac4f04b62199b48e0fb6cba9025c
SSDEEP

49152:eaZ11+5jRxhy1UaMaicw/nObgfxJRtThHrGfnS160SRG8U6XG4MaUkop2/iAAkKS:/dU4bsKhMOykKM+fvJvMHRk+z00ibS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-27_bf8e90fc42c0d414ed52356778709e6a_ryuk

Files

2024-06-27_bf8e90fc42c0d414ed52356778709e6a_ryuk
.exe windows:6 windows x64 arch:x64

fe8b2f4acd38611495c8d68e98d874de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r515\r515_00\drivers\ui\Sedona\Sedona\x64\Release\bin\nvCplUI.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

UuidFromStringW

gdiplus

GdipDrawImageRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFontFromLogfontW
GdipCreateFont
GdipDeleteFont
GdipGetLogFontW
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipSetStringFormatAlign
GdipGetDpiY
GdipGetFontHeightGivenDPI
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipGetFontHeight
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageDimension
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipDeleteStringFormat
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipAlloc

wtsapi32

WTSRegisterSessionNotification
WTSQueryUserToken
WTSUnRegisterSessionNotification

shlwapi

StrFormatKBSizeW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFileExistsW
SHSetValueW
SHGetValueW
PathRemoveFileSpecW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Draw
ImageList_ReplaceIcon
InitCommonControlsEx
ord17

msimg32

TransparentBlt
AlphaBlend

setupapi

SetupDiEnumDeviceInfo
CM_Get_Parent
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList

kernel32

SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
MoveFileW
GetStringTypeExW
GlobalGetAtomNameW
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
SearchPathW
GetTempPathW
GetProfileIntW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSize
SystemTimeToTzSpecificLocalTime
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
GetSystemDefaultUILanguage
GlobalFlags
VirtualProtect
lstrcpyW
GetCurrentDirectoryW
SetErrorMode
GetWindowsDirectoryW
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
ReadFile
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FlushFileBuffers
DeleteFileW
GetUserDefaultLCID
SystemTimeToFileTime
ReplaceFileW
SetFileTime
GetTempFileNameW
GetFileTime
GetDiskFreeSpaceW
ResumeThread
SetThreadPriority
CreateEventW
InitializeCriticalSectionAndSpinCount
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
GetModuleHandleExW
EncodePointer
OutputDebugStringA
CopyFileW
GlobalSize
LoadLibraryExA
ExpandEnvironmentStringsA
lstrcmpA
GetModuleFileNameA
CreateProcessW
GetFullPathNameW
GetModuleHandleExA
LockFile
GetVolumeInformationW
UnhandledExceptionFilter
GetShortPathNameW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
OpenMutexW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
WideCharToMultiByte
GetSystemTimeAsFileTime
GetProcessTimes
CreateEventA
WaitForSingleObjectEx
SetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
WriteFile
GetFileSizeEx
ExpandEnvironmentStringsW
SetThreadUILanguage
SetThreadLocale
GetSystemDirectoryW
GetCurrentThread
GetCurrentProcess
DecodePointer
GetComputerNameW
GetLocalTime
CreateFileW
GetTickCount
CreateMutexW
ReleaseMutex
OutputDebugStringW
lstrcmpW
OpenEventW
WaitForSingleObject
GetFileAttributesW
FindFirstFileW
FindClose
GetEnvironmentVariableW
GlobalFree
GlobalLock
GlobalUnlock
GetStringTypeW
LCMapStringW
GetCPInfo
FormatMessageA
GlobalAlloc
lstrcatW
lstrlenW
MultiByteToWideChar
lstrcmpiW
MulDiv
LoadLibraryExW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentThreadId
IsBadReadPtr
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
LoadLibraryW
ProcessIdToSessionId
GetCurrentProcessId
CloseHandle
FileTimeToSystemTime
GetProcAddress
FreeLibrary
LocalAlloc
CreateThread
Sleep
GetThreadLocale
VerifyVersionInfoW
lstrcpynW
FreeResource
FindResourceExW
GetVersionExW
VerSetConditionMask
GetSystemDefaultLCID
GetUserDefaultLangID
GetLocaleInfoW
FormatMessageW
LocalFree
FindResourceW
SizeofResource
LockResource
LoadResource
SetLastError
GetLastError
CreateDirectoryW
FindNextFileW
RemoveDirectoryW
SetFilePointerEx
DeviceIoControl
GetModuleHandleA
MoveFileExW
AreFileApisANSI
RtlUnwindEx
RtlPcToFileHeader
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
HeapQueryInformation
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
ExitProcess
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
LocalFileTimeToFileTime
WriteConsoleW

user32

EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetAsyncKeyState
RealChildWindowFromPoint
UnionRect
LockWindowUpdate
MonitorFromPoint
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
ShowOwnedPopups
PostQuitMessage
IsZoomed
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
CharUpperW
GetMessageW
GetIconInfo
CopyImage
GetNextDlgGroupItem
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
MapVirtualKeyW
GetKeyNameTextW
SendDlgItemMessageA
GetActiveWindow
CreateDialogIndirectParamW
CheckDlgButton
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetScrollInfo
GetLastActivePopup
GetTopWindow
EqualRect
MessageBoxW
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
DeferWindowPos
GetWindowPlacement
IsMenu
GetClassInfoExW
GetClassInfoW
GetMessageTime
GetMessagePos
GetMenuState
GetMenuStringW
SetRectEmpty
GetWindowThreadProcessId
GetShellWindow
PeekMessageW
DispatchMessageW
TranslateMessage
DrawFocusRect
GetUpdateRect
DestroyCursor
CallWindowProcW
SystemParametersInfoW
GetClassLongPtrW
GetDCEx
GetSystemMenu
ReleaseCapture
SetCapture
EndDeferWindowPos
BeginDeferWindowPos
LoadImageW
FillRect
DrawIcon
SetParent
EnumDisplayDevicesW
EnumWindows
DrawStateW
SetWindowTextW
SetForegroundWindow
IsIconic
OffsetRect
GetDoubleClickTime
IsClipboardFormatAvailable
IsChild
GetClassNameW
GetKeyState
SetFocus
GetMenuItemInfoW
DeleteMenu
DestroyMenu
LoadMenuIndirectW
WindowFromPoint
ScreenToClient
EnumDisplayMonitors
EnumDisplaySettingsW
GetWindow
FindWindowW
GetDesktopWindow
SetRect
LockSetForegroundWindow
UpdateWindow
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
CreatePopupMenu
LoadMenuW
IsWindowEnabled
GetFocus
CharLowerW
GetNextDlgTabItem
CreateWindowExW
SendNotifyMessageW
wsprintfW
SetWindowLongW
GetWindowLongW
CopyRect
GetWindowTextLengthW
GetWindowTextW
DrawTextW
IsRectEmpty
EndPaint
BeginPaint
RegisterClassW
DefWindowProcW
GetParent
IntersectRect
SetCursor
TrackMouseEvent
WinHelpW
IsDialogMessageW
DestroyIcon
ReleaseDC
GetDC
GetSystemMetrics
CharNextW
GetDialogBaseUnits
CreateDialogParamW
DestroyWindow
UnregisterClassW
DrawIconEx
LoadCursorW
GetTabbedTextExtentW
MessageBeep
PostThreadMessageW
CopyAcceleratorTableW
InvalidateRgn
CreateMenu
GetMenuDefaultItem
HideCaret
InvertRect
NotifyWinEvent
SetClassLongPtrW
SetCursorPos
CopyIcon
FrameRect
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
PtInRect
ClientToScreen
RedrawWindow
SetWindowRgn
KillTimer
SetTimer
IsWindowVisible
ToUnicodeEx
GetKeyboardLayout
GetWindowRgn
RegisterClassExW
DrawFrameControl
GetSysColorBrush
GetSysColor
DrawEdge
UpdateLayeredWindow
FindWindowExW
EnableScrollBar
LoadBitmapW
InvalidateRect
SetLayeredWindowAttributes
PostMessageW
RegisterWindowMessageW
GetMonitorInfoW
MonitorFromWindow
SetScrollInfo
SetWindowLongPtrW
GetWindowLongPtrW
SetScrollPos
ScrollWindow
EnableWindow
MoveWindow
GetClientRect
IsWindow
LoadIconW
MapWindowPoints
MessageBoxExW
GetWindowRect
GetDlgCtrlID
SendDlgItemMessageW
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
SetWindowPos
ShowWindow
SendMessageW
DestroyAcceleratorTable
CreateAcceleratorTableW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
CharUpperBuffW
MapVirtualKeyExW
IsCharLowerW
GetComboBoxInfo
WaitMessage
ModifyMenuW
InflateRect
SetMenuDefaultItem
GetCursorPos
GetKeyboardState
SetWindowPlacement

gdi32

GetObjectW
SetTextColor
SetBkMode
SelectObject
ScaleViewportExtEx
CreateBitmap
BitBlt
OffsetViewportOrgEx
CreateCompatibleDC
GetBitmapDimensionEx
GetDeviceCaps
StretchBlt
SetBitmapDimensionEx
GetTextExtentPoint32W
CombineRgn
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
FrameRgn
GetRgnBox
ScaleWindowExtEx
SetRectRgn
GetBkColor
CreateEllipticRgn
Ellipse
LPtoDP
CreateFontW
GetCharWidthW
StretchDIBits
SetWindowOrgEx
StartPage
EndPage
AbortDoc
SetAbortProc
GetViewportOrgEx
CreateDIBitmap
GetTextCharsetInfo
RealizePalette
SetPixel
SetDIBColorTable
Polygon
Polyline
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetWindowOrgEx
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
OffsetRgn
RoundRect
FillRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
SetWindowExtEx
SetViewportExtEx
GetWindowExtEx
TextOutW
MoveToEx
StartDocW
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
DeleteObject
LineTo
EndDoc
CreateFontIndirectW
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
ExcludeClipRect
Escape
CreatePatternBrush
CreateHatchBrush
CopyMetaFileW
DPtoLP
SetMapMode
SetBkColor
GetMapMode
CreateDIBSection
SetDIBitsToDevice
SetViewportOrgEx
Rectangle
PatBlt
CreatePen
CreateDCW
GetTextColor
ExtTextOutW
EnumFontFamiliesW
CreateRectRgnIndirect
OffsetWindowOrgEx
GetClipBox
GetTextFaceW
DeleteDC
CreateCompatibleBitmap
GetTextMetricsW
GetTextExtentPointW
GetCurrentObject
CreatePolygonRgn
IntersectClipRect

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW
GetJobW

advapi32

RegEnumKeyW
SetFileSecurityW
GetFileSecurityW
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
EqualSid
TraceMessage
RegEnumValueW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
ImpersonateSelf
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
OpenThreadToken
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RevertToSelf
ImpersonateLoggedOnUser
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueW

shell32

SHGetFileInfoW
ShellExecuteExW
ExtractAssociatedIconW
ShellExecuteW
DragQueryFileW
DragFinish
SHAddToRecentDocs
ExtractIconW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation

ole32

OleLockRunning
OleDuplicateData
ReleaseStgMedium
StringFromCLSID
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
CoCreateInstance
CoDisconnectObject
RevokeDragDrop
RegisterDragDrop
CoUninitialize
CoInitializeEx
CoCreateGuid
CoInitialize
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CLSIDFromProgID
CoGetClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
DoDragDrop

oleaut32

VarBstrFromDate
VariantCopy
OleCreateFontIndirect
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantClear
VariantInit
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocStringLen
SafeArrayCreateVector
SafeArrayPutElement
SysAllocString

oledlg

OleUIBusyW

uiautomationcore

UiaHostProviderFromHwnd
UiaDisconnectProvider
UiaReturnRawElementProvider

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

uxtheme

CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeText
DrawThemeParentBackground
IsAppThemed
OpenThemeData

winmm

PlaySoundW

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1010KB - Virtual size: 1009KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 640KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fe8b2f4acd38611495c8d68e98d874de

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

rpcrt4

gdiplus

wtsapi32

shlwapi

comctl32

msimg32

setupapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

oledlg

uiautomationcore

oleacc

uxtheme

winmm

imm32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 1010KB - Virtual size: 1009KB

.data Size: 53KB - Virtual size: 104KB

.pdata Size: 130KB - Virtual size: 129KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9.5MB - Virtual size: 9.5MB

.reloc Size: 640KB - Virtual size: 644KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 1010KB - Virtual size: 1009KB

.data
Size: 53KB - Virtual size: 104KB

.pdata
Size: 130KB - Virtual size: 129KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9.5MB - Virtual size: 9.5MB

.reloc
Size: 640KB - Virtual size: 644KB