Extracted

Extracted

• 2024-07-27_ab9df5b2de3c8c0a522cf8fc00f65d21_ryuk

  .exe windows:6 windows x64 arch:x64

  efe162fd3d51ded9dd66fa4ac219bf53

  
  

  Code Sign

  01

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  ed:72:df:71:20:8f:78:36:d0:ab:00:9f:ca:97:e0:1f

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  22-12-2014 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO SHA-256 Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  6c:d2:82:a2:d9:a2:c1:58:50:5b:17:8d:59:51:8b:7b

  Certificate

  Issuer

  CN=COMODO SHA-256 Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  10-12-2015 00:00

  Not After

  01-12-2018 23:59

  Subject

  CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  01

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  ed:72:df:71:20:8f:78:36:d0:ab:00:9f:ca:97:e0:1f

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  22-12-2014 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO SHA-256 Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  6c:d2:82:a2:d9:a2:c1:58:50:5b:17:8d:59:51:8b:7b

  Certificate

  Issuer

  CN=COMODO SHA-256 Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  10-12-2015 00:00

  Not After

  01-12-2018 23:59

  Subject

  CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  31-12-2015 00:00

  Not After

  09-07-2019 18:40

  Subject

  CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  b7:5a:46:63:6e:59:64:9b:40:72:5b:12:08:06:37:a9:ae:fd:fd:68:65:dc:bc:76:d8:d0:81:08:4f:d7:0c:30

  Signer

  Actual PE Digest

  b7:5a:46:63:6e:59:64:9b:40:72:5b:12:08:06:37:a9:ae:fd:fd:68:65:dc:bc:76:d8:d0:81:08:4f:d7:0c:30

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  c6:dc:31:35:cc:9e:c9:5a:ba:31:3a:85:ee:81:64:69:46:96:c7:23

  Signer

  Actual PE Digest

  c6:dc:31:35:cc:9e:c9:5a:ba:31:3a:85:ee:81:64:69:46:96:c7:23

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_BIND

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  gdi32

  CreateBitmap

  CreateCompatibleBitmap

  CreateCompatibleDC

  CreateFontA

  CreateFontIndirectA

  CreatePalette

  CreatePen

  CreateSolidBrush

  DeleteDC

  DeleteObject

  ExcludeClipRect

  ExtTextOutA

  ExtTextOutW

  GetBkMode

  GetCharABCWidthsFloatA

  GetCharWidth32A

  GetCharWidth32W

  GetCharWidthA

  GetCharWidthW

  GetCharacterPlacementW

  GetDeviceCaps

  GetObjectA

  GetPixel

  GetStockObject

  GetTextExtentExPointA

  GetTextExtentPoint32A

  GetTextMetricsA

  IntersectClipRect

  LineTo

  MoveToEx

  Polyline

  RealizePalette

  Rectangle

  SelectObject

  SelectPalette

  SetBkColor

  SetBkMode

  SetMapMode

  SetPaletteEntries

  SetPixel

  SetTextAlign

  SetTextColor

  TextOutA

  TranslateCharsetInfo

  UnrealizeObject

  UpdateColors

  user32

  AppendMenuA

  BeginPaint

  CheckDlgButton

  CheckMenuItem

  CheckRadioButton

  CloseClipboard

  CreateCaret

  CreateDialogParamA

  CreateMenu

  CreatePopupMenu

  CreateWindowExA

  CreateWindowExW

  DefDlgProcA

  DefWindowProcA

  DefWindowProcW

  DeleteMenu

  DestroyCaret

  DestroyWindow

  DialogBoxParamA

  DispatchMessageA

  DispatchMessageW

  DrawEdge

  EmptyClipboard

  EnableMenuItem

  EnableWindow

  EndDialog

  EndPaint

  FindWindowA

  FlashWindow

  GetCapture

  GetCaretBlinkTime

  GetClientRect

  GetClipboardData

  GetClipboardOwner

  GetCursorPos

  GetDC

  GetDesktopWindow

  GetDlgItem

  GetDlgItemTextA

  GetDoubleClickTime

  GetForegroundWindow

  GetKeyboardLayout

  GetKeyboardState

  GetMessageA

  GetMessageTime

  GetParent

  GetQueueStatus

  GetScrollInfo

  GetSysColor

  GetSystemMenu

  GetSystemMetrics

  GetWindowLongPtrA

  GetWindowPlacement

  GetWindowRect

  GetWindowTextA

  GetWindowTextLengthA

  HideCaret

  InsertMenuA

  InvalidateRect

  IsDialogMessageA

  IsDlgButtonChecked

  IsIconic

  IsWindow

  IsZoomed

  KillTimer

  LoadCursorA

  LoadIconA

  MapDialogRect

  MessageBeep

  MessageBoxA

  MessageBoxIndirectA

  MoveWindow

  MsgWaitForMultipleObjects

  OpenClipboard

  PeekMessageA

  PeekMessageW

  PostMessageA

  PostQuitMessage

  RegisterClassA

  RegisterClassW

  RegisterClipboardFormatA

  RegisterWindowMessageA

  ReleaseCapture

  ReleaseDC

  ScreenToClient

  SendDlgItemMessageA

  SendMessageA

  SetActiveWindow

  SetCapture

  SetCaretPos

  SetClassLongPtrA

  SetClipboardData

  SetCursor

  SetDlgItemTextA

  SetFocus

  SetForegroundWindow

  SetKeyboardState

  SetScrollInfo

  SetTimer

  SetWindowLongPtrA

  SetWindowPlacement

  SetWindowPos

  SetWindowTextA

  ShowCaret

  ShowCursor

  ShowWindow

  SystemParametersInfoA

  ToAsciiEx

  TrackPopupMenu

  TranslateMessage

  UpdateWindow

  WinHelpA

  comdlg32

  ChooseColorA

  ChooseFontA

  GetOpenFileNameA

  GetSaveFileNameA

  shell32

  ShellExecuteA

  ole32

  CoCreateInstance

  CoInitialize

  CoUninitialize

  imm32

  ImmGetCompositionStringW

  ImmGetContext

  ImmReleaseContext

  ImmSetCompositionFontA

  ImmSetCompositionWindow

  advapi32

  AllocateAndInitializeSid

  CopySid

  EqualSid

  GetLengthSid

  GetUserNameA

  InitializeSecurityDescriptor

  RegCloseKey

  RegCreateKeyA

  RegCreateKeyExA

  RegDeleteKeyA

  RegDeleteValueA

  RegEnumKeyA

  RegOpenKeyA

  RegQueryValueExA

  RegSetValueExA

  SetSecurityDescriptorDacl

  SetSecurityDescriptorOwner

  kernel32

  Beep

  ClearCommBreak

  CloseHandle

  CompareStringW

  ConnectNamedPipe

  CreateEventA

  CreateFileA

  CreateFileMappingA

  CreateFileW

  CreateMutexA

  CreateNamedPipeA

  CreatePipe

  CreateProcessA

  CreateThread

  DeleteCriticalSection

  DeleteFileA

  EnterCriticalSection

  ExitProcess

  FindClose

  FindFirstFileA

  FindFirstFileExA

  FindNextFileA

  FlushFileBuffers

  FormatMessageA

  FreeEnvironmentStringsW

  FreeLibrary

  GetACP

  GetCPInfo

  GetCommState

  GetCommandLineA

  GetCommandLineW

  GetConsoleCP

  GetConsoleMode

  GetCurrentDirectoryA

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThread

  GetCurrentThreadId

  GetDateFormatW

  GetEnvironmentStringsW

  GetEnvironmentVariableA

  GetFileType

  GetLastError

  GetLocalTime

  GetLocaleInfoA

  GetModuleFileNameA

  GetModuleFileNameW

  GetModuleHandleA

  GetModuleHandleExW

  GetModuleHandleW

  GetOEMCP

  GetOverlappedResult

  GetProcAddress

  GetProcessHeap

  GetProcessTimes

  GetStartupInfoW

  GetStdHandle

  GetStringTypeW

  GetSystemDirectoryA

  GetSystemTime

  GetSystemTimeAdjustment

  GetSystemTimeAsFileTime

  GetThreadTimes

  GetTickCount

  GetTimeFormatW

  GetTimeZoneInformation

  GetVersionExA

  GetWindowsDirectoryA

  GlobalAlloc

  GlobalFree

  GlobalLock

  GlobalMemoryStatus

  GlobalUnlock

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  InitializeCriticalSectionAndSpinCount

  InitializeSListHead

  IsDBCSLeadByteEx

  IsDebuggerPresent

  IsProcessorFeaturePresent

  IsValidCodePage

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryExA

  LoadLibraryExW

  LocalAlloc

  LocalFree

  MapViewOfFile

  MulDiv

  MultiByteToWideChar

  OpenProcess

  OutputDebugStringW

  QueryPerformanceCounter

  RaiseException

  ReadConsoleW

  ReadFile

  ReleaseMutex

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlUnwindEx

  RtlVirtualUnwind

  SetCommBreak

  SetCommState

  SetCommTimeouts

  SetCurrentDirectoryA

  SetEndOfFile

  SetEnvironmentVariableA

  SetEvent

  SetFilePointerEx

  SetHandleInformation

  SetLastError

  SetStdHandle

  SetUnhandledExceptionFilter

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  UnmapViewOfFile

  WaitForSingleObject

  WaitForSingleObjectEx

  WaitNamedPipeA

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  Sections

  .00cfg

  Size: 512B - Virtual size: 16B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 156KB - Virtual size: 155KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 18KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .data

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 168B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .pdata

  Size: 20KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .text

  Size: 587KB - Virtual size: 587KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .xdata

  Size: 25KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ