2024-07-01_723d82e6f20c77fb81fba288b3f333fe_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-01_723d82e6f20c77fb81fba288b3f333fe_ryuk
Size

17.8MB
MD5

723d82e6f20c77fb81fba288b3f333fe
SHA1

5c717cc1030ff83aa600fe2fee5eb85e471d6e4d
SHA256

d905c1edec388303aeb88a7b1c641a297460fd41619c2f66d87f3663e4aaa8b2
SHA512

e0282a0ad56d3210f324c528cf676930ba87a491437688ef7aa62db4a4793540e117c1f41519a866538bfa6bfcd3b7a64183a4572cdbcc1b460f4fa039341b4f
SSDEEP

393216:7bgmSKJn6f1pFqYhw1qOB90z4rxx3q+RFW8stzwSmmzDRx:7balhw1B9a4f35cd

Score

1^/10

Malware Config

Signatures

Files

2024-07-01_723d82e6f20c77fb81fba288b3f333fe_ryuk
.exe windows:6 windows x64 arch:x64

26909452ed0a29496d35f64314fcda6d

Code Sign

51:d2:b1:d5:cf:fa:80:36:1d:d1:75:07:58:eb:14:85
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/02/2018, 00:00

Not After

08/02/2019, 23:59

Subject

CN=Dell Inc.,OU=Product Group Release Engineering,O=Dell Inc.,L=Round Rock,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:84:b3:2b:03:c9:1b:75:10:03:48:ac:ac:32:28:5f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/01/2016, 00:00

Not After

18/02/2019, 23:59

Subject

CN=Dell Inc.,O=Dell Inc.,L=Round Rock,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:fd:b4:dc:36:21:dc:4b:70:3d:17:ac:97:1e:5e:8b:88:01:74:c5:bc:f7:65:29:80:19:f0:5f:88:4e:60:d2
Signer

Actual PE Digest

5e:fd:b4:dc:36:21:dc:4b:70:3d:17:ac:97:1e:5e:8b:88:01:74:c5:bc:f7:65:29:80:19:f0:5f:88:4e:60:d2

Digest Algorithm

sha256

PE Digest Matches

false

7f:e0:ef:7b:ff:16:41:43:97:48:17:9f:0e:28:04:5f:23:5b:15:5c
Signer

Actual PE Digest

7f:e0:ef:7b:ff:16:41:43:97:48:17:9f:0e:28:04:5f:23:5b:15:5c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindResourceW
CopyFileW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcmpiW
LoadLibraryW
MultiByteToWideChar
GetEnvironmentVariableW
ExpandEnvironmentStringsA
FormatMessageW
WideCharToMultiByte
GetStdHandle
CreateFileW
GetDiskFreeSpaceExW
GetFileSize
GetFullPathNameW
GetTempPathW
GetCurrentProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
GetModuleFileNameA
AttachConsole
CreateMutexW
SizeofResource
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
DecodePointer
SetFileAttributesW
GetVolumeInformationW
GetLogicalDriveStringsW
FindNextFileW
FindFirstVolumeW
FindFirstFileW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
SetLastError
EncodePointer
GetStringTypeW
FileTimeToSystemTime
SetEndOfFile
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LoadResource
LockResource
GetTimeZoneInformation
HeapSize
SetFilePointerEx
GetFullPathNameA
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
WriteFile
HeapReAlloc
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCPInfo
FileTimeToLocalFileTime
GetSystemInfo
GetTimeFormatW
GetDateFormatW
FindClose
RemoveDirectoryW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
FindNextVolumeA
FindFirstVolumeA
GetVolumeInformationA
LocalFree
LocalAlloc
GetModuleHandleW
SetEvent
GetLastError
FindVolumeClose
CreateFileA
TerminateThread
CreateThread
CreateEventW
DosDateTimeToFileTime
SetFileTime
WaitForSingleObject
CloseHandle
FreeLibraryAndExitThread
ResumeThread
ExitThread
GetModuleHandleExW
ExitProcess
SetStdHandle
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
GetFileAttributesExW
SetCurrentDirectoryW
LocalFileTimeToFileTime
SetEnvironmentVariableW
SetEnvironmentVariableA
ReadFile
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
GetCurrentThreadId
CreateDirectoryA
DeleteFileA
FindFirstFileA
FindNextFileA
GetFileAttributesA
RemoveDirectoryA
SetFileAttributesA
GetTempPathA
CopyFileA
GetCurrentDirectoryA
CompareStringA
InitializeCriticalSectionAndSpinCount
GetDiskFreeSpaceExA
FlushFileBuffers
SetCurrentDirectoryA
CreateProcessA
LoadLibraryA
GetStartupInfoA
SetDllDirectoryA
GetFileInformationByHandleEx
DuplicateHandle
InitializeCriticalSection
ReleaseMutex
CreateMutexA
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
GetVersionExA
GetModuleHandleA
GetSystemDirectoryA
GetFileTime

user32

GetSystemMetrics
SetFocus
EnableWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
RedrawWindow
SetWindowTextW
MessageBoxW
GetWindowLongPtrW
RegisterClassExA
DestroyIcon
CharNextW
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
SendMessageW
UpdateWindow
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
RegisterDeviceNotificationW
UnregisterDeviceNotification
PostMessageW
DefWindowProcW
PostQuitMessage
UnregisterClassA
LoadImageW
DestroyWindow
SetClassLongPtrW
ExitWindowsEx
wsprintfW
CreateWindowExA

gdi32

GetDeviceCaps

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeSecurity

oleaut32

SysAllocString
SysAllocStringLen
OleLoadPicture
VarUI4FromStr
VariantClear
VariantInit
SysFreeString
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPutElement

advapi32

RegCreateKeyExA
RegQueryValueExA
LookupPrivilegeValueW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
AdjustTokenPrivileges
OpenProcessToken
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
RegEnumValueA
RegDeleteKeyExA
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA

rpcrt4

UuidToStringW
UuidCreate

crypt32

CryptQueryObject

setupapi

SetupDiGetClassDevsExA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyW

ws2_32

__WSAFDIsSet
closesocket
connect
ioctlsocket
htonl
htons
inet_addr
inet_ntoa
ntohs
recv
select
send
socket
gethostbyaddr
gethostbyname
getservbyport
getservbyname
WSAStartup
WSASetLastError
WSAGetLastError
bind
getsockname
listen
getsockopt

Exports

Exports

??0DSMIPMIInterfaceImpl@@QEAA@XZ
??1DSMIPMIInterfaceImpl@@UEAA@XZ
??4DSMIPMIInterfaceImpl@@QEAAAEAV0@AEBV0@@Z
??_7DSMIPMIInterfaceImpl@@6B@
?IPMIRequest@DSMIPMIInterfaceImpl@@QEAAIPEAU_DSMIPMICommandData@@@Z
?Initialize@DSMIPMIInterfaceImpl@@QEAAIPEBU_DSMIPMIConfiguration@@@Z
?Initialize@DSMIPMIInterfaceImpl@@QEAAIVDSMString@@@Z
?InitializeDSMLogger@DSMIPMIInterfaceImpl@@AEAAXXZ
?Release@DSMIPMIInterfaceImpl@@QEAAIXZ
?mDrvHandler@DSMIPMIInterfaceImpl@@0VDriverManager@@A

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26909452ed0a29496d35f64314fcda6d

Code Sign

51:d2:b1:d5:cf:fa:80:36:1d:d1:75:07:58:eb:14:85Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

0d:84:b3:2b:03:c9:1b:75:10:03:48:ac:ac:32:28:5fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

5e:fd:b4:dc:36:21:dc:4b:70:3d:17:ac:97:1e:5e:8b:88:01:74:c5:bc:f7:65:29:80:19:f0:5f:88:4e:60:d2Signer

7f:e0:ef:7b:ff:16:41:43:97:48:17:9f:0e:28:04:5f:23:5b:15:5cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

rpcrt4

crypt32

setupapi

ws2_32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 408KB - Virtual size: 407KB

.data Size: 15KB - Virtual size: 129KB

.pdata Size: 55KB - Virtual size: 55KB

.gfids Size: 512B - Virtual size: 376B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 404KB - Virtual size: 404KB

.reloc Size: 11KB - Virtual size: 10KB

51:d2:b1:d5:cf:fa:80:36:1d:d1:75:07:58:eb:14:85
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

0d:84:b3:2b:03:c9:1b:75:10:03:48:ac:ac:32:28:5f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

5e:fd:b4:dc:36:21:dc:4b:70:3d:17:ac:97:1e:5e:8b:88:01:74:c5:bc:f7:65:29:80:19:f0:5f:88:4e:60:d2
Signer

7f:e0:ef:7b:ff:16:41:43:97:48:17:9f:0e:28:04:5f:23:5b:15:5c
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 408KB - Virtual size: 407KB

.data
Size: 15KB - Virtual size: 129KB

.pdata
Size: 55KB - Virtual size: 55KB

.gfids
Size: 512B - Virtual size: 376B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 404KB - Virtual size: 404KB

.reloc
Size: 11KB - Virtual size: 10KB