2024-08-20_f5e4b83c342a7543e2033e00efffb3f2_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-20_f5e4b83c342a7543e2033e00efffb3f2_ryuk
Size

2.2MB
MD5

f5e4b83c342a7543e2033e00efffb3f2
SHA1

588a24fc73a41d316ca91f1394c8f0f22bbe08f7
SHA256

871eaa5fdcd5f5cd1368953b06f69602aa4b7f479f6aadc19583ad527d76a732
SHA512

937a2fa2729e804fb999275462c51ae4c2cc84eaa5e42ffb9021fc39b6c4255fce3f8e0abc997c881c4694d6d1c653e26a167733fe24bfc81089ef1804a232d5
SSDEEP

49152:uo5KFZCHRuK6mSmLognVHiqJcDT4Wpnw+afT:D5PJSmLomfJWafT

Score

1^/10

Malware Config

Signatures

Files

2024-08-20_f5e4b83c342a7543e2033e00efffb3f2_ryuk
.exe windows:6 windows x64 arch:x64

0faf49b969829b40d6565baf1f56439a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:64:08:ab:6a:c9:70:36:b6:49:90:84:4c:d7:0b:9c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14-01-2016 00:00

Not After

26-12-2016 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:64:08:ab:6a:c9:70:36:b6:49:90:84:4c:d7:0b:9c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14-01-2016 00:00

Not After

26-12-2016 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:1b:68:6c:af:a3:63:a8:e1:1d:ae:30:ea:59:10:e4:0e:98:72:ca:26:67:f7:10:b9:c0:30:9b:2d:7c:f0:e2
Signer

Actual PE Digest

a2:1b:68:6c:af:a3:63:a8:e1:1d:ae:30:ea:59:10:e4:0e:98:72:ca:26:67:f7:10:b9:c0:30:9b:2d:7c:f0:e2

Digest Algorithm

sha256

PE Digest Matches

true

81:de:f1:dd:c5:f6:7b:23:3f:4b:62:d7:25:73:19:2d:f1:7b:5f:fe
Signer

Actual PE Digest

81:de:f1:dd:c5:f6:7b:23:3f:4b:62:d7:25:73:19:2d:f1:7b:5f:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\devel\Ark6\bin\Bandizip64.pdb

Imports

kernel32

GetExitCodeProcess
GetCurrentProcessId
OpenProcess
TerminateProcess
GetSystemInfo
LocalAlloc
FileTimeToLocalFileTime
GetModuleHandleExW
MulDiv
GlobalLock
GlobalUnlock
FormatMessageW
WriteFile
GlobalSize
GetTickCount64
lstrlenA
InitializeCriticalSection
CreateEventW
SetEvent
GetWindowsDirectoryW
GetDateFormatW
GetTimeFormatW
CompareFileTime
GetVersion
ResetEvent
FlushFileBuffers
CompareStringW
GetTickCount
MoveFileW
GlobalMemoryStatusEx
TerminateThread
SetPriorityClass
CreateMutexW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
lstrcmpiW
LoadLibraryExW
DecodePointer
SetErrorMode
SetUnhandledExceptionFilter
SetCurrentDirectoryW
CreateFileMappingW
GetDriveTypeW
GetShortPathNameW
GetUserDefaultLangID
GetPrivateProfileIntW
GetEnvironmentVariableW
SearchPathW
SetFileTime
ReleaseMutex
VirtualProtect
SetEndOfFile
SetStdHandle
SetEnvironmentVariableW
WaitForSingleObject
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetFilePointerEx
WriteConsoleW
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileType
GetStringTypeW
GetACP
GetStdHandle
GetConsoleMode
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwindEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
ExitProcess
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
IsDebuggerPresent
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
CreateDirectoryW
LocalFree
GetFileSizeEx
GetFileSize
GetFileAttributesW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetSystemDirectoryW
GetModuleFileNameW
GetDiskFreeSpaceW
GlobalFree
GlobalAlloc
GetCurrentThread
GetCurrentProcess
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcpyW
lstrcpynW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileTime
ReadFile
SetFilePointer
CreateFileW
OutputDebugStringW
lstrlenW
CloseHandle
SetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
Sleep
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
SetEnvironmentVariableA
HeapDestroy
VirtualQuery

user32

EnumWindows
GetMenuDefaultItem
TrackPopupMenu
CreatePopupMenu
RedrawWindow
EndDialog
DrawIcon
IsDialogMessageW
GetMessageW
GetCapture
CreateDialogIndirectParamW
SetFocus
GetFocus
LoadIconW
PostMessageW
SendMessageTimeoutW
GetActiveWindow
GetSubMenu
GetMenuItemInfoW
ModifyMenuW
GetMenuItemID
GetMenuStringW
GetMenuItemCount
EnumChildWindows
MapWindowPoints
SetWindowRgn
AdjustWindowRectEx
SubtractRect
GetClassLongW
GetClassNameW
EnumDisplayMonitors
ReleaseCapture
SetCapture
GetDlgItem
SetWindowLongW
DestroyIcon
BringWindowToTop
SetForegroundWindow
AttachThreadInput
IntersectRect
UnionRect
SetPropW
GetPropW
RemovePropW
GetKeyState
IsWindowEnabled
RegisterClassW
TrackMouseEvent
LoadMenuW
DestroyMenu
MessageBoxW
MonitorFromWindow
GetWindow
SetDlgItemTextW
WaitForInputIdle
CheckMenuItem
DialogBoxParamW
CreateIconIndirect
LoadImageW
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
SendMessageW
GetCaretPos
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
SetCursor
DefWindowProcW
DestroyWindow
FindWindowExW
GetDlgCtrlID
SetWindowLongPtrW
GetWindowLongPtrW
CallWindowProcW
ShowWindow
IsWindowVisible
CallNextHookEx
SetWindowsHookExW
GetDlgItemInt
SetDlgItemInt
ScrollWindow
SetWindowPlacement
CreateDialogParamW
InsertMenuW
PostQuitMessage
GetMenu
wsprintfW
TranslateAcceleratorW
LoadAcceleratorsW
CharNextW
DeleteMenu
EnableMenuItem
SetWindowTextA
RegisterClipboardFormatW
UnhookWindowsHookEx
SetWindowTextW
RegisterWindowMessageW
PeekMessageW
GetForegroundWindow
GetWindowPlacement
GetWindowThreadProcessId
TranslateMessage
DispatchMessageW
SetRectEmpty
GetDesktopWindow
GetSysColor
DrawTextW
BeginPaint
GetClientRect
EndPaint
GetSystemMetrics
CreateWindowExW
EnableWindow
SetScrollPos
GetDC
ReleaseDC
MoveWindow
IsRectEmpty
GetWindowRect
ScreenToClient
SetScrollRange
SetScrollInfo
GetWindowDC
OffsetRect
SetRect
PtInRect
InvalidateRect
GetCursorPos
SetWindowPos
SetTimer
GetParent
KillTimer
EqualRect
InflateRect
UnregisterClassW
RegisterClassExW
GetClassInfoExW
FindWindowW
SystemParametersInfoW
MonitorFromRect
GetMonitorInfoW
CopyRect
MonitorFromPoint
GetWindowLongW
ClientToScreen
IsWindow
GetScrollInfo

gdi32

GetPixel
CreateBitmap
SetPixel
CombineRgn
ExtCreateRegion
LineTo
MoveToEx
CreateSolidBrush
OffsetRgn
CreateFontIndirectW
CreateDIBSection
OffsetWindowOrgEx
CreateFontW
CreateRectRgn
GetDeviceCaps
GetObjectW
GetTextExtentPoint32W
ExcludeClipRect
GetTextMetricsW
DeleteDC
DeleteObject
BitBlt
SetBkMode
GetStockObject
SetWindowOrgEx
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkColor
ExtTextOutW

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

AreAllAccessesGranted
OpenProcessToken
GetTokenInformation
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RevertToSelf
OpenThreadToken
AccessCheck
ImpersonateSelf
GetFileSecurityW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ord155
SHOpenFolderAndSelectItems
ord190
SHBrowseForFolderW
ShellExecuteW
Shell_NotifyIconW
SHGetFolderLocation
SHGetSpecialFolderPathW
DragFinish
DragQueryFileW
DragAcceptFiles
ord16
SHCreateDirectoryExW
ord2
ord4
ord21
SHGetDataFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoW
SHChangeNotify
SHAppBarMessage
ShellExecuteExW
SHFileOperationW
SHGetPathFromIDListW

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateInstance
DoDragDrop
CoTaskMemAlloc
CoTaskMemFree
OleGetClipboard
ReleaseStgMedium
OleSetClipboard

oleaut32

VarUI4FromStr

shlwapi

StrStrW
PathFileExistsW
PathMatchSpecW
PathGetDriveNumberW
StrFormatByteSizeW
PathIsDirectoryW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipCreateFont
GdipGetLineSpacing
GdipGetEmHeight
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipGetRegionBounds
GdipDeleteRegion
GdipCreateRegionPath
GdipCreateRegion
GdipSetClipRegion
GdipMeasureCharacterRanges
GdipDrawString
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipDeleteGraphics
GdiplusStartup
GdipDeleteFont
GdipDeletePath
GdipCreatePath
GdipStringFormatGetGenericTypographic
GdipSetStringFormatMeasurableCharacterRanges
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetSolidFillColor
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdipAddPathRectangleI
GdipGetFontSize
GdipCreateFromHDC

dbghelp

MiniDumpWriteDump

wininet

HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpOpenRequestA
InternetQueryOptionW
HttpSendRequestW
InternetQueryDataAvailable
InternetReadFile
InternetCrackUrlA
InternetCloseHandle
HttpAddRequestHeadersW
InternetConnectA
InternetSetOptionW
HttpQueryInfoW
InternetOpenW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ve_share
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0faf49b969829b40d6565baf1f56439a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5f:64:08:ab:6a:c9:70:36:b6:49:90:84:4c:d7:0b:9cCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5f:64:08:ab:6a:c9:70:36:b6:49:90:84:4c:d7:0b:9cCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

a2:1b:68:6c:af:a3:63:a8:e1:1d:ae:30:ea:59:10:e4:0e:98:72:ca:26:67:f7:10:b9:c0:30:9b:2d:7c:f0:e2Signer

81:de:f1:dd:c5:f6:7b:23:3f:4b:62:d7:25:73:19:2d:f1:7b:5f:feSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

comctl32

gdiplus

dbghelp

wininet

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 480KB - Virtual size: 479KB

.data Size: 35KB - Virtual size: 70KB

.pdata Size: 61KB - Virtual size: 61KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 296B

ve_share Size: 2KB - Virtual size: 1KB

.rsrc Size: 126KB - Virtual size: 125KB

.reloc Size: 6KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5f:64:08:ab:6a:c9:70:36:b6:49:90:84:4c:d7:0b:9c
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5f:64:08:ab:6a:c9:70:36:b6:49:90:84:4c:d7:0b:9c
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

a2:1b:68:6c:af:a3:63:a8:e1:1d:ae:30:ea:59:10:e4:0e:98:72:ca:26:67:f7:10:b9:c0:30:9b:2d:7c:f0:e2
Signer

81:de:f1:dd:c5:f6:7b:23:3f:4b:62:d7:25:73:19:2d:f1:7b:5f:fe
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 480KB - Virtual size: 479KB

.data
Size: 35KB - Virtual size: 70KB

.pdata
Size: 61KB - Virtual size: 61KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 296B

ve_share
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 126KB - Virtual size: 125KB

.reloc
Size: 6KB - Virtual size: 6KB