2024-08-24_5e6dac293aa0cbd6dfe3b31f218b7d02_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-24_5e6dac293aa0cbd6dfe3b31f218b7d02_ryuk
Size

4.1MB
MD5

5e6dac293aa0cbd6dfe3b31f218b7d02
SHA1

66bd05cec62caa3bbb350c4783d9f4b694370343
SHA256

ad0db8b526fa5e104a1509559fcb7b3ecd22c50ca1710972e787c608a1a91381
SHA512

456bf0a8147ba614cbf59c54d65b4ca320645432fedcb1517142b4fd3108a713fff3b84a2b0f3386c11a98a10991cca0bda3fab212574353cce2937c14298d45
SSDEEP

49152:bL95k1kVAWrCsdTFg/R9Cfw4iUwlJsr1riCxb3NJm/VTlvSXbhs+IPjOQQS6NC9u:bHkWVrdTWtJEpjNJiVslUNR6fzCJ3gt

Score

1^/10

Malware Config

Signatures

Files

2024-08-24_5e6dac293aa0cbd6dfe3b31f218b7d02_ryuk
.exe windows:6 windows x64 arch:x64

0614034a1d5741459fbc3ee802c933c8

Code Sign

4b:c9:e8:6a:1b:b8:e2:6f:35:a6:d7:c0:37:4b:34:a5
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22-06-2018 00:00

Not After

21-06-2021 23:59

Subject

CN=TMurgent Technologies\, LLP,O=TMurgent Technologies\, LLP,POSTALCODE=02021,STREET=26 Angela Street,L=Canton,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:c9:e8:6a:1b:b8:e2:6f:35:a6:d7:c0:37:4b:34:a5
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22-06-2018 00:00

Not After

21-06-2021 23:59

Subject

CN=TMurgent Technologies\, LLP,O=TMurgent Technologies\, LLP,POSTALCODE=02021,STREET=26 Angela Street,L=Canton,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:a1:2c:fe:b9:98:26:4f:a7:79:eb:47:9a:e0:4c:a1:04:fd:36:9e:66:b6:8d:98:b7:01:09:d4:18:26:d0:56
Signer

Actual PE Digest

cd:a1:2c:fe:b9:98:26:4f:a7:79:eb:47:9a:e0:4c:a1:04:fd:36:9e:66:b6:8d:98:b7:01:09:d4:18:26:d0:56

Digest Algorithm

sha256

PE Digest Matches

true

9a:ee:97:50:71:b4:18:88:01:82:4f:57:ec:e0:be:ce:ba:a8:57:24
Signer

Actual PE Digest

9a:ee:97:50:71:b4:18:88:01:82:4f:57:ec:e0:be:ce:ba:a8:57:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r530\r530_00\drivers\ui\SedonaServers\WorkStationServer\NvGpuUtilization\NvGpuUtilization\x64\Release\bin\NvGpuUtilization.pdb

Imports

kernel32

GetFileAttributesExW
GetFileTime
SystemTimeToTzSpecificLocalTime
OutputDebugStringA
EncodePointer
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
SetThreadPriority
GlobalGetAtomNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
FindClose
FindFirstFileW
FlushFileBuffers
GetFileSize
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
GlobalFlags
CompareStringW
lstrcpyW
GetCurrentDirectoryW
GetWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetProfileIntW
SearchPathW
GetUserDefaultLCID
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
LCMapStringW
GetCPInfo
FormatMessageA
FindNextFileW
SetFilePointerEx
GetModuleHandleA
FileTimeToLocalFileTime
RtlUnwindEx
ExitThread
FreeLibraryAndExitThread
HeapQueryInformation
GetCommandLineA
GetCommandLineW
VirtualAlloc
SetStdHandle
GetFileType
ExitProcess
GetStdHandle
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
ResumeThread
CreateThread
CreateEventW
HeapFree
ResetEvent
GetSystemDefaultLCID
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiW
lstrcmpW
FormatMessageW
MulDiv
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleExW
FreeResource
FindResourceExW
GetVersionExW
GetSystemTimeAsFileTime
ProcessIdToSessionId
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
WaitForSingleObjectEx
WaitForSingleObject
SetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
WriteFile
GetFileSizeEx
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
CopyFileW
GlobalSize
RtlPcToFileHeader
FileTimeToSystemTime
VerifyVersionInfoW
lstrcmpA
LocalFree
LocalAlloc
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetSystemDirectoryW
SetLastError
CloseHandle
GetFullPathNameW
GetFileAttributesW
CreateFileW
VerSetConditionMask
GetProcAddress
FreeLibrary
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount

gdi32

MoveToEx
PolylineTo
DeleteObject
GetStockObject
SetDCBrushColor
SetDCPenColor
Rectangle
LineTo
SetBkColor
SetTextColor
TextOutW
CreateFontW
CreateSolidBrush
SetBkMode
SelectObject
ExtCreatePen
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
CreateRoundRectRgn
CreateCompatibleBitmap
OffsetRgn
GetRgnBox
SetViewportExtEx
ExtTextOutW
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
CreateDCW
CopyMetaFileW
CreateCompatibleDC
BitBlt
DeleteDC
GetObjectW
GetTextMetricsW
GetTextExtentPoint32W
GetDeviceCaps
CreateFontIndirectW
LPtoDP

oleaut32

LoadTypeLi
VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

uxtheme

OpenThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeText
GetThemeSysColor
GetThemePartSize
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
CloseThemeData

gdiplus

GdipDrawImageRectI
GdipAlloc
GdipFree
GdiplusStartup
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown

wtsapi32

WTSQueryUserToken

winmm

PlaySoundW

shlwapi

PathIsUNCW
StrFormatKBSizeW
PathFindExtensionW
PathStripToRootW
PathRemoveFileSpecW
PathFindFileNameW

msimg32

TransparentBlt
AlphaBlend

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoInitializeEx
CoInitialize
CoUninitialize
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 726KB - Virtual size: 725KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0614034a1d5741459fbc3ee802c933c8

Code Sign

4b:c9:e8:6a:1b:b8:e2:6f:35:a6:d7:c0:37:4b:34:a5Certificate

Extended Key Usages

Key Usages

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4b:c9:e8:6a:1b:b8:e2:6f:35:a6:d7:c0:37:4b:34:a5Certificate

Extended Key Usages

Key Usages

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

cd:a1:2c:fe:b9:98:26:4f:a7:79:eb:47:9a:e0:4c:a1:04:fd:36:9e:66:b6:8d:98:b7:01:09:d4:18:26:d0:56Signer

9a:ee:97:50:71:b4:18:88:01:82:4f:57:ec:e0:be:ce:ba:a8:57:24Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

oleaut32

oleacc

uxtheme

gdiplus

wtsapi32

winmm

shlwapi

msimg32

imm32

winspool.drv

advapi32

ole32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 726KB - Virtual size: 725KB

.data Size: 41KB - Virtual size: 111KB

.pdata Size: 93KB - Virtual size: 92KB

.didat Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 66KB - Virtual size: 66KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

4b:c9:e8:6a:1b:b8:e2:6f:35:a6:d7:c0:37:4b:34:a5
Certificate

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4b:c9:e8:6a:1b:b8:e2:6f:35:a6:d7:c0:37:4b:34:a5
Certificate

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

cd:a1:2c:fe:b9:98:26:4f:a7:79:eb:47:9a:e0:4c:a1:04:fd:36:9e:66:b6:8d:98:b7:01:09:d4:18:26:d0:56
Signer

9a:ee:97:50:71:b4:18:88:01:82:4f:57:ec:e0:be:ce:ba:a8:57:24
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 726KB - Virtual size: 725KB

.data
Size: 41KB - Virtual size: 111KB

.pdata
Size: 93KB - Virtual size: 92KB

.didat
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 66KB - Virtual size: 66KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB