2024-08-24_4346c9c9dd083132c20145d614be3d32_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-24_4346c9c9dd083132c20145d614be3d32_ryuk
Size

25.5MB
MD5

4346c9c9dd083132c20145d614be3d32
SHA1

b0c0b41ae681af679c4c86a4e6014e9ebf7856e0
SHA256

e2cac2d7fd7e35f1eb3b4767ab8bc8d39c8fe05d1f2a1015fea9b79f5b9f1b76
SHA512

3d1a7a8cafd1feb30b68bd9df4c08083b1782e786d0c65aff619f528b7ca9ad6b112dc60ab4b46d5b8a4eba4cc636ce30e0b42cf7bb9ce13eb6a7e38acc1d0d3
SSDEEP

98304:0cgIOlJoQknz/giTtZB69ms/Gyn9/leibOVEi6elhRqsXoow9NGDOnuP:0QOyEiTkbOcVl9epqqwWOu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-24_4346c9c9dd083132c20145d614be3d32_ryuk

Files

2024-08-24_4346c9c9dd083132c20145d614be3d32_ryuk
.exe windows:6 windows x64 arch:x64

3abe9c5b501c2c2c8c7ba36086e2a305

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
GetFileAttributesExW
OutputDebugStringW
TerminateThread
QueryPerformanceFrequency
DeleteFileW
GetNativeSystemInfo
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
ReplaceFileW
DeleteCriticalSection
ExitProcess
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
IsDebuggerPresent
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
LocalFree
GlobalSize
GlobalAlloc
GlobalLock
GetCurrentProcessId
GlobalUnlock
GetEnvironmentVariableA
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FormatMessageW
GetProcessHeap
HeapSize
ReadConsoleW
GetModuleHandleA
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
GetFileType
SetFilePointerEx
GetACP
GetStdHandle
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
FreeLibraryAndExitThread
ExitThread
CreateThread
GetTimeZoneInformation
GetModuleHandleExW
LoadLibraryExW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
WideCharToMultiByte
GetLogicalDriveStringsW
FindFirstFileExA
DisconnectNamedPipe
CreateFileA
GetSystemDirectoryA
GetVersionExA
CloseHandle
GetWindowsDirectoryA
SetPriorityClass
GetCurrentProcess
SetThreadPriority
WaitForSingleObject
CreateEventW
MultiByteToWideChar
Sleep
SetEvent
UnmapViewOfFile
GetSystemDirectoryW
ReleaseMutex
GetCurrentThreadId
GetFileAttributesW
CreateFileW
GetLocaleInfoW
FindClose
CreateMutexW
GetTempPathW
SetEndOfFile
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
WriteFile
FindNextFileW
EnterCriticalSection
FindFirstFileW
CancelIo
GetVolumeInformationW
ReadFile
TryEnterCriticalSection
SetThreadAffinityMask
EnumSystemLocalesW
CreateDirectoryW
GetProcAddress
GetPriorityClass
ResetEvent
GetThreadPriority
LoadLibraryA
GetCurrentThread
DeviceIoControl

user32

PostMessageW
GetMessageW
ReleaseDC
GetDC
EndPaint
BeginPaint
GetCursorPos
SetCursorPos
InvalidateRect
SetForegroundWindow
ReleaseCapture
GetParent
SystemParametersInfoW
EnableMenuItem
ShowCaret
GetClientRect
SetWindowLongW
UnregisterClassW
ToUnicode
SetClipboardData
SetCapture
SendMessageTimeoutW
LoadCursorW
FindWindowW
GetClipboardData
SetLayeredWindowAttributes
DispatchMessageW
GetForegroundWindow
TrackMouseEvent
CreateCaret
IsChild
EmptyClipboard
CloseClipboard
CreateIconIndirect
GetMonitorInfoW
GetWindowInfo
DestroyIcon
RedrawWindow
GetCapture
OpenClipboard
GetAsyncKeyState
ShowWindow
GetActiveWindow
SetCaretPos
GetKeyboardState
DestroyCaret
GetFocus
DestroyCursor
GetWindowPlacement
WindowFromPoint
MessageBeep
SetWindowTextW
GetSystemMetrics
GetWindowLongPtrW
RegisterClassExW
GetDesktopWindow
PeekMessageW
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
DefWindowProcW
AttachThreadInput
GetWindowThreadProcessId
GetWindowTextW
TranslateMessage
SetFocus
GetMessageTime
EnumWindows
SetWindowPos
IsWindowVisible
GetWindowRect
MapVirtualKeyW
GetMessagePos
GetUpdateRgn
MessageBoxW
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
ScreenToClient
SendMessageW
GetMessageExtraInfo
GetSystemMenu
GetWindowLongW
MoveWindow
CallWindowProcW
SetCursor

gdi32

SwapBuffers
SaveDC
CreateDIBSection
StretchDIBits
CreateRectRgnIndirect
GetPixel
CreateRectRgn
GetRegionData
GetObjectW
ExcludeClipRect
RestoreDC
CreateBitmap
CombineRgn
AddFontMemResourceEx
SelectObject
GetKerningPairsW
CreateCompatibleDC
EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
DeleteDC
SetMapperFlags
GetGlyphIndicesW
GetGlyphOutlineW
DeleteObject
RemoveFontMemResourceEx
SetMapMode
CreateFontIndirectW
GetOutlineTextMetricsW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyA
RegQueryValueExA
SystemFunction036

shell32

SHGetFolderPathA
ShellExecuteW
SHGetSpecialFolderPathW
SHGetMalloc
ExtractAssociatedIconW
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteA

ole32

OleCreate
OleSetContainedObject
RevokeDragDrop
RegisterDragDrop
DoDragDrop
OleInitialize
OleUninitialize
CLSIDFromString
CoTaskMemFree
CoCreateInstance
PropVariantClear
CoInitialize
CoTaskMemAlloc

oleaut32

SafeArrayAccessData
SafeArrayCreateVector
SafeArrayUnaccessData
SysAllocString
SysFreeString
VariantInit
SafeArrayDestroy
VariantClear

wininet

InternetReadFile
InternetSetOptionW
InternetWriteFile
InternetCloseHandle
HttpSendRequestExW
HttpEndRequestW
InternetCrackUrlW
InternetSetFilePointer
HttpQueryInfoW
InternetOpenW
InternetQueryOptionW
HttpOpenRequestW
InternetConnectW
FtpOpenFileW

ws2_32

inet_ntoa
recv
getsockopt
setsockopt
send
WSAStartup
select
closesocket
accept
__WSAFDIsSet

shlwapi

PathStripToRootW

winmm

midiOutOpen
midiOutGetDevCapsW
midiInOpen
midiInUnprepareHeader
midiInReset
midiInPrepareHeader
midiOutUnprepareHeader
midiInGetDevCapsW
midiInStart
midiInClose
midiInAddBuffer
midiInGetNumDevs
midiOutShortMsg
midiOutGetNumDevs
midiOutClose
midiOutLongMsg
midiInStop
timeKillEvent
timeGetTime
timeBeginPeriod
midiOutPrepareHeader

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

opengl32

wglGetProcAddress
glTexParameteri
glDeleteTextures
glClearColor
glGetBooleanv
glDrawArrays
glTexImage2D
glReadPixels
glDisable
wglMakeCurrent
glPixelStorei
glTexSubImage2D
glGetString
glGetError
glGetIntegerv
glEnable
glBlendFunc
glViewport
glClear
wglGetCurrentContext
glBindTexture
glGenTextures
glDrawElements

Sections

.text
Size: 16.2MB - Virtual size: 16.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 237KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 652KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3abe9c5b501c2c2c8c7ba36086e2a305

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

wininet

ws2_32

shlwapi

winmm

imm32

opengl32

Sections

.text Size: 16.2MB - Virtual size: 16.2MB

.rdata Size: 7.9MB - Virtual size: 7.9MB

.data Size: 237KB - Virtual size: 481KB

.pdata Size: 295KB - Virtual size: 294KB

.gfids Size: 1024B - Virtual size: 540B

.tls Size: 512B - Virtual size: 33B

_RDATA Size: 42KB - Virtual size: 41KB

.rsrc Size: 218KB - Virtual size: 217KB

.reloc Size: 652KB - Virtual size: 656KB

.text
Size: 16.2MB - Virtual size: 16.2MB

.rdata
Size: 7.9MB - Virtual size: 7.9MB

.data
Size: 237KB - Virtual size: 481KB

.pdata
Size: 295KB - Virtual size: 294KB

.gfids
Size: 1024B - Virtual size: 540B

.tls
Size: 512B - Virtual size: 33B

_RDATA
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 218KB - Virtual size: 217KB

.reloc
Size: 652KB - Virtual size: 656KB