2024-08-06_f9dfa24873e59f0d6f3513e3e0d2c9f2_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-06_f9dfa24873e59f0d6f3513e3e0d2c9f2_ryuk
Size

6.2MB
MD5

f9dfa24873e59f0d6f3513e3e0d2c9f2
SHA1

b0ecb505dcfea3e37098c1a95aee848384b1eaa1
SHA256

6cef6028ad734d6e76e92f82485257fc76ad8e06d3f463b5621ce572e2a07652
SHA512

679a6ecd33bc019aba869ded9a76eb137b714ae5b4a6ee641856a504c82ade7d442d8055fa6489b4feea0b17d3162bd2e8a58cb618f746cbab2c3da34936a6f7
SSDEEP

98304:GbTK9e4kn3djdZ72LuDfJkCPbjFLOAkGkzdnEVomFHKnP:G/7xd46kCnFLOyomFHKnP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-06_f9dfa24873e59f0d6f3513e3e0d2c9f2_ryuk

Files

2024-08-06_f9dfa24873e59f0d6f3513e3e0d2c9f2_ryuk
.exe windows:5 windows x64 arch:x64

1c0f61a420b620800dec827531aca47c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Other\Code\FetusBlaster\MODEL_TOOL\Noesis\x64\Release\guitest2.pdb

Imports

kernel32

GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetStringTypeW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
HeapQueryInformation
FreeEnvironmentStringsW
VirtualAlloc
GetSystemInfo
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
GetDriveTypeW
GetFileType
SetStdHandle
GetCommandLineW
GetCommandLineA
CreateDirectoryW
ExitProcess
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExA
LCMapStringW
GetLocaleInfoA
GetModuleHandleA
OutputDebugStringW
SetEnvironmentVariableA
WriteConsoleW
GetLastError
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
VirtualQuery
SizeofResource
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
InitializeCriticalSection
WaitForSingleObject
CreateEventW
Sleep
SetEvent
CloseHandle
CreateThread
ResetEvent
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetFileAttributesW
MultiByteToWideChar
lstrcmpiW
GetWindowsDirectoryW
GlobalAlloc
GetModuleHandleW
OpenProcess
GetModuleFileNameW
VirtualAllocEx
WriteProcessMemory
GetProcAddress
LoadLibraryW
FreeLibrary
GetTempPathA
GetTempFileNameA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
OpenThread
SuspendThread
GetThreadContext
ResumeThread
CreateMutexW
HeapFree
LockResource
LoadResource
FindResourceW
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
VirtualFree
LoadLibraryA
SetFilePointer
ReadFile
CreateFileW
CreateProcessW
GetTempPathW
SetLastError
SleepEx
FormatMessageA
ExpandEnvironmentStringsA
OutputDebugStringA
EncodePointer
GetSystemDirectoryW
FreeResource
GetModuleHandleExW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GlobalFree
GlobalSize
LocalFree
MulDiv
FormatMessageW
CopyFileW
lstrcpyW
GlobalGetAtomNameW
lstrcmpA
GetVersionExW
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
SetThreadPriority
GetFileSize
GlobalReAlloc
GetCurrentDirectoryW
VirtualProtect
VerSetConditionMask
VerifyVersionInfoW
FileTimeToLocalFileTime
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalAlloc
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetThreadLocale
DeleteFileW
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
GetFileTime
GetTempFileNameW
GetFileAttributesExW
GetFileSizeEx
GetProfileIntW
SearchPathW
FindResourceExW
SetErrorMode
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW

user32

SetRect
ReuseDDElParam
UnpackDDElParam
LoadImageW
DestroyIcon
IntersectRect
SetCursor
ReleaseCapture
BringWindowToTop
MapVirtualKeyW
GetKeyNameTextW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
GetCursorPos
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetWindowTextW
IsWindowEnabled
IsDlgButtonChecked
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
DestroyCursor
PtInRect
EqualRect
GetSysColor
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
ValidateRect
EndPaint
BeginPaint
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgItem
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
UpdateLayeredWindow
EnableScrollBar
UnionRect
MessageBoxA
EnableWindow
SendMessageW
SetDlgItemTextA
PeekMessageW
GetWindowPlacement
IsChild
IsMenu
IsWindow
CharUpperBuffW
GetClassInfoW
RegisterClassW
PostMessageW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetClassNameW
FillRect
DrawStateW
SetWindowTextA
DrawFocusRect
NotifyWinEvent
IsZoomed
MessageBeep
SystemParametersInfoW
PostQuitMessage
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
InflateRect
MonitorFromPoint
GetMessageW
ShowOwnedPopups
GetMenuDefaultItem
LockWindowUpdate
SetWindowRgn
TrackMouseEvent
CharUpperW
SetDlgItemTextW
EnableMenuItem
ModifyMenuW
SetCapture
GetSystemMenu
DeleteMenu
WindowFromPoint
IsRectEmpty
CopyImage
DrawFrameControl
GetIconInfo
SetCursorPos
GetClassLongPtrW
DrawTextA
CreateIconIndirect
CallWindowProcA
GetWindowLongA
GetUpdateRgn
LoadCursorA
PostMessageA
MsgWaitForMultipleObjects
RegisterClassExW
SetCaretPos
SetWindowLongA
CreateCaret
DefWindowProcA
CreateWindowExA
GetClipboardData
DestroyCaret
SystemParametersInfoA
AppendMenuA
GetWindowLongPtrA
UnregisterClassA
GetCaretBlinkTime
ShowCaret
SetWindowLongPtrA
RegisterClassExA
RegisterClipboardFormatA
TranslateMessage
DispatchMessageW
LoadCursorW
KillTimer
GetDlgItemTextA
SetTimer
SendMessageA
RedrawWindow
GetWindowTextW
GetWindowThreadProcessId
MessageBoxW
EnumWindows
SetForegroundWindow
UpdateWindow
GetMenuItemCount
InsertMenuItemW
GetWindowRect
CreatePopupMenu
GetSystemMetrics
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DestroyMenu
GetActiveWindow
GetParent
IsDialogMessageW
TranslateAcceleratorW
GetForegroundWindow
InvalidateRect
SetParent
SetActiveWindow
GetDesktopWindow
GetClientRect
LoadIconW
GetDlgCtrlID
GetScrollPos
SetScrollPos
GetAsyncKeyState
GetMenuItemID
LoadMenuW
GetSubMenu
CheckMenuItem
GetMenuItemInfoW
GetWindowLongW
SetWindowLongW
GetDC
ReleaseDC
GetDlgItemTextW
CopyRect
LoadBitmapW
LoadAcceleratorsW
SetWindowLongPtrW
CreateWindowExW
DestroyAcceleratorTable
DestroyWindow
GetWindowLongPtrW
SetWindowPos
GetFocus
CallWindowProcW
DefWindowProcW
MapWindowPoints
GetSysColorBrush
SetClassLongPtrW
DrawEdge
DrawIconEx
SetLayeredWindowAttributes
EnumDisplayMonitors
DrawIcon
RealChildWindowFromPoint
SetMenuDefaultItem
GetTabbedTextExtentW
PostThreadMessageW
CopyAcceleratorTableW
CreateMenu
WaitMessage
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
EnumChildWindows
CharNextW
UnregisterClassW
GetWindowRgn
MapVirtualKeyExW
IsCharLowerW
InvertRect
HideCaret
GetDoubleClickTime
GetUpdateRect
SubtractRect
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CopyIcon
IsClipboardFormatAvailable
GetNextDlgGroupItem
GetClassInfoExW
InvalidateRgn

gdi32

GetObjectA
GetTextMetricsA
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPoint32A
PtVisible
SetPixelV
RoundRect
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
GetSystemPaletteEntries
GetNearestPaletteIndex
EnumFontFamiliesExW
SetPaletteEntries
ExtFloodFill
GetPaletteEntries
CreatePalette
OffsetRgn
GetRgnBox
GetTextFaceW
GetWindowOrgEx
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
GetCharWidthW
SetRectRgn
GetMapMode
LPtoDP
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
Polyline
Polygon
CreatePolygonRgn
GetTextColor
GetBkColor
Ellipse
CreateEllipticRgn
CreateFontIndirectW
SetDIBColorTable
SetPixel
RealizePalette
GetDIBits
CombineRgn
CreateRoundRectRgn
GetTextExtentPoint32W
GetTextMetricsW
Rectangle
GetViewportOrgEx
DPtoLP
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
CreateCompatibleBitmap
PatBlt
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
StartDocW
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
ExtTextOutA
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
GetDeviceCaps
CreateDCW
CopyMetaFileW
SetTextColor
SetBkColor
GetObjectW
GetStockObject
CreateSolidBrush
CreateBitmap
DeleteObject
StretchBlt
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
ClosePrinter
GetJobW
OpenPrinterW

advapi32

RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueW

shell32

SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetDesktopFolder
ord190
SHOpenFolderAndSelectItems
ord155
DragAcceptFiles
DragQueryFileW
ShellExecuteW
SHAppBarMessage
DragFinish
SHGetMalloc
SHBrowseForFolderW

comctl32

ImageList_Add
InitCommonControlsEx

shlwapi

PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW
PathIsUNCW
PathStripToRootW
PathIsDirectoryW

uxtheme

GetThemeColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
GetWindowTheme
DrawThemeText
GetCurrentThemeName
DrawThemeParentBackground
GetThemeSysColor

ole32

CLSIDFromProgID
OleGetClipboard
OleLockRunning
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoGetClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoDisconnectObject
CreateStreamOnHGlobal
CLSIDFromString
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CoLockObjectExternal

oleaut32

VariantCopy
SafeArrayDestroy
LoadTypeLi
SysStringLen
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
OleCreateFontIndirect

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdiplusShutdown

ws2_32

getaddrinfo
gethostname
WSASetLastError
ntohs
htons
getsockopt
getsockname
WSAGetLastError
setsockopt
ioctlsocket
freeaddrinfo
recv
connect
socket
send
WSAStartup
listen
shutdown
select
closesocket
bind
accept
__WSAFDIsSet
WSACleanup
getpeername

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmNotifyIME
ImmSetCandidateWindow
ImmSetCompositionStringW
ImmEscapeW
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext

winmm

PlaySoundW

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1018KB - Virtual size: 1017KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 558KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.noever
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c0f61a420b620800dec827531aca47c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

ws2_32

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 1018KB - Virtual size: 1017KB

.data Size: 558KB - Virtual size: 726KB

.pdata Size: 136KB - Virtual size: 135KB

.gfids Size: 109KB - Virtual size: 108KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.noever Size: 512B - Virtual size: 48B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 74KB - Virtual size: 74KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 1018KB - Virtual size: 1017KB

.data
Size: 558KB - Virtual size: 726KB

.pdata
Size: 136KB - Virtual size: 135KB

.gfids
Size: 109KB - Virtual size: 108KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.noever
Size: 512B - Virtual size: 48B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 74KB - Virtual size: 74KB