2024-08-23_672b4b73a0c35b145b17b98c0a7f7ca6_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-23_672b4b73a0c35b145b17b98c0a7f7ca6_ryuk
Size

2.1MB
MD5

672b4b73a0c35b145b17b98c0a7f7ca6
SHA1

10f741062f3515a1741ade26280ad94ac7f1fd7b
SHA256

a3b9427308bb0cb31a1b521f8fbb7525274ccb8d0e59c42c101d1894daea5594
SHA512

6fe9186efa41b638c58d49aad1e4e07f044efca5d870431df3ef106675f66bf6573ae339acc54039e7bacbb215964c49b4a14c189e1ea982dda7a27421b392a1
SSDEEP

49152:EpTa01AB86K8Fs8HAa50CdeoezXgKDM6yc6t29gD:8Tz918ekezXgKDM6ycP9gD

Score

1^/10

Malware Config

Signatures

Files

2024-08-23_672b4b73a0c35b145b17b98c0a7f7ca6_ryuk
.exe windows:5 windows x64 arch:x64

6c0244faf43f76b167629cdd58b8550e

Code Sign

16:dc:64:2c:85:52:4a:5c:b7:90:67:0a:11:92:d5:7b
Certificate

Issuer

CN=ArmyLeelang,1.2.840.113549.1.9.1=#0c1573746172744061726d796c65656c616e672e6e6574

Not Before

13/02/2020, 00:00

Not After

13/02/2021, 23:59

Subject

CN=ArmyLeelang,1.2.840.113549.1.9.1=#0c1573746172744061726d796c65656c616e672e6e6574

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSEnumerateServersW

kernel32

GetCurrentProcessId
ConvertThreadToFiber
GetThreadTimes
GetLastError
SetCriticalSectionSpinCount
SetEvent
WaitForSingleObject
Sleep
LoadResource
SizeofResource
WriteFile
ReadFile
GetDevicePowerState
CloseHandle
CompareFileTime
CreateEventA
OpenSemaphoreW
GetModuleHandleA
FindResourceW
FindResourceExW
GetPrivateProfileSectionA
GetTempPathA
GetFileAttributesW
GetCompressedFileSizeA
SearchPathW
MoveFileTransactedW
CreateHardLinkA
GetVolumeInformationByHandleW
CommConfigDialogW
CreateThreadpool
CloseThreadpool
SetEventWhenCallbackReturns
StartThreadpoolIo
WideCharToMultiByte
SetProcessAffinityMask
EnumDateFormatsW
FoldStringA
WriteConsoleOutputCharacterA
MultiByteToWideChar
DecodePointer
FreeLibrary
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryA
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesA
FormatMessageW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetTimeZoneInformation
HeapDestroy
FlushInstructionCache
LocalFree
LocalAlloc
GetProcAddress
LockResource
Heap32ListNext
DeleteFileW
EnumCalendarInfoExA
FindClose
GetFullPathNameA
GetFullPathNameW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetCommandLineW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExW
SetEndOfFile
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
CreateFileW
GetFileType
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
ExitProcess
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetUserDefaultLCID

user32

EnumDisplayDevicesA
DlgDirListW
GetMouseMovePointsEx
PostMessageA
GetWindowPlacement
CreateDialogIndirectParamA
IsCharLowerW
ReleaseCapture
BeginPaint
SetClassWord
UnregisterClassA
LoadIconA

advapi32

OpenEventLogW
RegOpenKeyTransactedW
SetSecurityDescriptorRMControl
GetSecurityDescriptorLength
SetAclInformation
GetAclInformation
FreeSid
AccessCheckByTypeResultListAndAuditAlarmW
AccessCheckByTypeAndAuditAlarmA
DecryptFileA
EncryptFileW
EncryptFileA
GetLocalManagedApplications
PerfQueryInstance

ole32

CoTestCancel
CoBuildVersion

shell32

SHEvaluateSystemCommandTemplate

powrprof

PowerCanRestoreIndividualDefaultPowerScheme
PowerEnumerate
PowerDeleteScheme
PowerWriteValueUnitsSpecifier
PowerReadPossibleDescription
PowerReadDCValueIndex

oledlg

OleUIChangeSourceW
ord12
OleUIUpdateLinksW
ord1
ord4
ord5

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c0244faf43f76b167629cdd58b8550e

Code Sign

16:dc:64:2c:85:52:4a:5c:b7:90:67:0a:11:92:d5:7bCertificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

kernel32

user32

advapi32

ole32

shell32

powrprof

oledlg

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 334KB - Virtual size: 334KB

.data Size: 11KB - Virtual size: 23KB

.pdata Size: 59KB - Virtual size: 59KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 2KB - Virtual size: 1KB

.rsrc Size: 564KB - Virtual size: 564KB

.reloc Size: 7KB - Virtual size: 7KB

16:dc:64:2c:85:52:4a:5c:b7:90:67:0a:11:92:d5:7b
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 334KB - Virtual size: 334KB

.data
Size: 11KB - Virtual size: 23KB

.pdata
Size: 59KB - Virtual size: 59KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 564KB - Virtual size: 564KB

.reloc
Size: 7KB - Virtual size: 7KB