2024-09-05_16cef5145f01e90c1810821711f9316e_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-05_16cef5145f01e90c1810821711f9316e_ryuk
Size

6.6MB
MD5

16cef5145f01e90c1810821711f9316e
SHA1

ab5087abd7275147fd96b60430c3e4de10efa1d4
SHA256

65fd1bf607f8ee2dcadf1db2f0f7b74d998f954888f7559d9e87c00fc72f8ad6
SHA512

e647f4d7549355b6971829887373c891a7ceaa6230ba0e28bb8ed1e35bde24e33fa72741a7b0d0de41d70191c494d7665366f9b9ff25459bc115153b3b5f6fb3
SSDEEP

196608:W4KW7S+J6by7U8r2p5/6u/AZD5TGoU2UhrIF/ADIMlx7NX6B2jgibXkXVUa0tKZg:W4KW7S+J6by7U8r2p5/6u/AZD5TGoU2R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-05_16cef5145f01e90c1810821711f9316e_ryuk

Files

2024-09-05_16cef5145f01e90c1810821711f9316e_ryuk
.exe windows:6 windows x64 arch:x64

557dd41d702f075825a263147cef1179

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
VirtualFree
VirtualQuery
ExpandEnvironmentStringsA
SetCurrentDirectoryA
CreateDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GetFileTime
GetFullPathNameA
GetLogicalDrives
RemoveDirectoryA
SetFileAttributesA
SetHandleInformation
CreateProcessA
GetSystemTime
GetTempFileNameA
CreateDirectoryExA
CopyFileA
CopyFileExA
MoveFileA
MoveFileExA
SetVolumeLabelA
GetComputerNameA
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SetThreadAffinityMask
SetErrorMode
IsDBCSLeadByteEx
SetStdHandle
DeviceIoControl
IsDebuggerPresent
SetUnhandledExceptionFilter
LoadResource
LockResource
SizeofResource
FindResourceW
EnumResourceNamesW
K32GetMappedFileNameW
RtlLookupFunctionEntry
RtlVirtualUnwind
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
ExitThread
DecodePointer
MoveFileExW
GetLogicalProcessorInformation
MoveFileW
CopyFileExW
CopyFileW
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
GetProcessHeap
FindFirstFileExA
WriteConsoleW
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
TzSpecificLocalTimeToSystemTime
SetFileTime
GetFileInformationByHandle
GetTempPathW
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetFileType
FreeLibraryAndExitThread
VirtualProtect
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
EncodePointer
GetStringTypeW
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
HeapSetInformation
GlobalMemoryStatusEx
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapCreate
RaiseException
GetComputerNameW
SetVolumeLabelW
CreateDirectoryExW
RemoveDirectoryW
GetTempFileNameW
GetFullPathNameW
FindNextFileW
FindFirstFileW
DeleteFileW
CreateFileW
CreateDirectoryW
ExpandEnvironmentStringsW
UnlockFile
GetConsoleMode
CreateProcessW
WaitForSingleObjectEx
CreateWaitableTimerA
SignalObjectAndWait
SetWaitableTimer
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
SetFilePointer
K32GetModuleFileNameExA
Thread32Next
Thread32First
CreateToolhelp32Snapshot
MapViewOfFile
ReadProcessMemory
GetThreadContext
GetProcessId
SuspendThread
OpenThread
GetCurrentThread
GetFileAttributesA
DeleteFileA
CreateFileA
GetCurrentDirectoryA
RtlCaptureContext
K32GetProcessImageFileNameW
GetUserDefaultLangID
UnmapViewOfFile
SwitchToThread
ReleaseMutex
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFileAttributesW
FlushFileBuffers
GetCurrentDirectoryW
SetCurrentDirectoryW
VerifyVersionInfoW
CreateFileMappingA
CreateSemaphoreW
CreateSemaphoreA
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetVersionExW
GetVersionExA
CreateEventW
OutputDebugStringW
OutputDebugStringA
GetShortPathNameW
GetDriveTypeW
GetDriveTypeA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
VerSetConditionMask
WaitForMultipleObjects
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
SetThreadPriority
ReleaseSemaphore
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GenerateConsoleCtrlEvent
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
LocalFree
OpenProcess
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
Sleep
ResetEvent
PeekNamedPipe
CreatePipe
SetLastError
DuplicateHandle
WriteFile
ReadFile
GetFileAttributesExW
FileTimeToLocalFileTime
GetStdHandle
IsDBCSLeadByte
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiW
lstrcpyW
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetTickCount
FreeLibrary
lstrcmpW
GetCommandLineW
GetLastError
GetCurrentThreadId
CreateThread
CreateEventA
WaitForSingleObject
SetEvent
CloseHandle
MulDiv
FindAtomW
AddAtomW
LoadLibraryW
lstrlenW
DeleteAtom
GetProcAddress
GetModuleHandleW
IsWow64Process
GetSystemInfo
GetCurrentProcess
GetVolumeInformationA
InitializeCriticalSectionEx
GetVolumeInformationW

netapi32

NetRemoteTOD
NetApiBufferFree

ws2_32

__WSAFDIsSet
accept
bind
closesocket
connect
ioctlsocket
getpeername
getsockname
getsockopt
listen
recv
recvfrom
select
send
sendto
htonl
shutdown
socket
gethostbyaddr
gethostbyname
gethostname
getaddrinfo
freeaddrinfo
getnameinfo
WSAGetLastError
WSACleanup
WSAStartup
WSASetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
htons
ntohl
ntohs
setsockopt

user32

DispatchMessageA
GetWindowDC
UpdateWindow
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
FindWindowExW
SetParent
GetCaretPos
SetCaretPos
DestroyCaret
CreateCaret
EnumPropsExW
ScrollWindow
GetUpdateRgn
SetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
GetMenuItemCount
GetMenuItemID
EnableMenuItem
GetSystemMenu
IsWindowEnabled
EnableWindow
MapVirtualKeyExW
CreateDialogIndirectParamW
IsZoomed
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
CallWindowProcA
AttachThreadInput
SendMessageW
GetMessageExtraInfo
GetMessageTime
IsHungAppWindow
ChangeWindowMessageFilterEx
MapVirtualKeyW
GetCursor
GetCursorPos
SetCursor
SetCursorPos
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsClipboardFormatAvailable
EmptyClipboard
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
EnumThreadWindows
GetDC
ReleaseDC
GetDesktopWindow
SetProcessDPIAware
GetGUIThreadInfo
NotifyWinEvent
EnumDisplayMonitors
EnumDisplayDevicesA
GetClassWord
ClientToScreen
GetCaretBlinkTime
MessageBeep
GetWindowRgn
SetWindowRgn
SetCapture
AnimateWindow
ShowWindow
GetDoubleClickTime
GetKeyboardLayout
GetKeyboardLayoutList
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
FindWindowW
GetParent
SetWindowLongPtrW
SetWindowLongPtrA
ChildWindowFromPointEx
WindowFromPoint
ScreenToClient
GetPropA
SetPropA
GetForegroundWindow
MsgWaitForMultipleObjectsEx
ReleaseCapture
GetCapture
GetQueueStatus
GetKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
PostQuitMessage
PostThreadMessageW
SendNotifyMessageW
GetMessagePos
PeekMessageW
TrackMouseEvent
CreateIconIndirect
DrawIconEx
PtInRect
EqualRect
OffsetRect
IntersectRect
SetRectEmpty
GetSysColor
AdjustWindowRectEx
GetWindowRect
GetMenu
FillRect
DrawTextW
GetAncestor
LoadIconW
LoadCursorW
GetWindow
GetWindowThreadProcessId
GetWindowLongPtrW
GetWindowLongPtrA
SetWindowLongW
GetMonitorInfoW
DestroyIcon
GetIconInfo
DefWindowProcW
EnumChildWindows
CallWindowProcW
RegisterClassW
CreateWindowExW
DestroyWindow
GetSystemMetrics
SystemParametersInfoW
GetMessageW
PeekMessageA
TranslateMessage
DispatchMessageW
GetWindowLongW
GetWindowLongA
IsRectEmpty
SetRect
InvertRect
DrawFocusRect
MapWindowPoints
GetClientRect
RemovePropW
PostMessageW
IsWindow
UpdateLayeredWindow
GetLayeredWindowAttributes
SetLayeredWindowAttributes
SetWindowPos
SetTimer
KillTimer
IsWindowUnicode
GetDCEx
BeginPaint
EndPaint
GetUpdateRect
ValidateRect
RedrawWindow
MsgWaitForMultipleObjects
LoadBitmapW
CreateIconFromResource
ActivateKeyboardLayout
SetPropW
GetPropW

gdi32

CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolylineTo
SetWindowOrgEx
SetBrushOrgEx
GdiFlush
GetROP2
GetCharABCWidthsW
GetFontLanguageInfo
GetCharacterPlacementW
GetFontUnicodeRanges
SetTextAlign
ExtTextOutW
GetKerningPairsW
GetPaletteEntries
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
CreateDIBitmap
MoveToEx
SetDIBits
EqualRgn
AnimatePalette
CreatePalette
GetNearestColor
CreateBitmapIndirect
GetArcDirection
ExtCreatePen
SetArcDirection
PathToRegion
EndPath
BeginPath
AbortPath
CreateDIBSection
SetTextColor
SetStretchBltMode
SetROP2
StretchDIBits
StretchBlt
SetPolyFillMode
SetPixelV
SetMapMode
SetBkMode
SetDCPenColor
SetDCBrushColor
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
RealizePalette
Rectangle
RectInRegion
PtInRegion
Pie
PatBlt
OffsetRgn
MaskBlt
LineTo
LineDDA
InvertRgn
GetWindowOrgEx
GetTextColor
GetRgnBox
GetRegionData
GetPixel
GetMapMode
GetCurrentObject
GetClipRgn
GetBitmapBits
GetBkColor
FillRgn
ExtCreateRegion
ExcludeClipRect
Ellipse
DeleteObject
GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
SelectObject
CreateFontIndirectW
EnumFontFamiliesExW
GetDeviceCaps
GetStockObject
AddFontResourceExW
AddFontMemResourceEx
GetTextMetricsW
GetObjectW
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateEllipticRgn
CreatePatternBrush
CreateRectRgn
GetBrushOrgEx
CreateSolidBrush
CreateRectRgnIndirect

advapi32

CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetFileSecurityW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
InitializeSecurityDescriptor
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegConnectRegistryA
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RevertToSelf
ImpersonateSelf
GetFileSecurityW
AccessCheck
OpenThreadToken
GetUserNameA
LookupAccountNameW
LookupAccountNameA
LookupAccountSidW
LookupAccountSidA
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptReleaseContext

mpr

WNetEnumResourceA
WNetCloseEnum
WNetGetConnectionA
WNetOpenEnumA

shell32

SHGetFolderPathW
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
SHGetFolderLocation
ord155
SHGetFileInfoW
ExtractIconExW

ole32

ReleaseStgMedium
RegisterDragDrop
OleUninitialize
OleInitialize
RevokeDragDrop

msimg32

GradientFill
AlphaBlend

winmm

PlaySoundW

imm32

ImmGetContext
ImmGetCompositionStringW
ImmSetCompositionFontW
ImmGetCompositionWindow
ImmSetCompositionWindow
ImmAssociateContext
ImmAssociateContextEx
ImmReleaseContext

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ucore46

ucnv_toUnicode
ucnv_fromUnicode
ucnv_setFromUCallBack
ucnv_setToUCallBack
ucnv_getUnicodeSet
ucnv_getName
ucnv_getMaxCharSize
ucnv_resetFromUnicode
ucnv_fromUChars
ucnv_reset
ucnv_close
ucnv_open
ucnv_compareNames
??3UMemory@icu@@SAXPEAX@Z
??2UMemory@icu@@SAPEAX_K@Z
utf8_prevCharSafeBody
utf8_nextCharSafeBody
ucnv_convertEx
ucnv_cbToUWriteUChars
ucnv_cbFromUWriteBytes
u_cleanup
u_init
ubrk_following
ubrk_first
ubrk_next
ubrk_setUText
ubrk_close
ubrk_open
utext_openUChars
utext_close
uloc_getISOCountries
uloc_getISOLanguages
uloc_getDisplayCountry
uloc_getDisplayLanguage
uloc_getCountry
uloc_getLanguage
uloc_setDefault
uloc_getDefault
ucase_fold
ucase_toupper
ucase_tolower
ucase_toFullUpper
ucase_toFullLower
ucase_toFullFolding
ucasemap_close
ucasemap_open
u_memcpy
??0UnicodeSet@icu@@QEAA@XZ
u_toupper
u_tolower
u_isprint
u_iscntrl
u_isspace
u_isblank
u_isgraph
u_ispunct
u_isxdigit
u_isalnum
u_isalpha
u_isdigit
u_isupper
u_islower
ucnv_toUCountPending
ucnv_fromUCountPending
ucnv_setFallback
ucnv_getAliases
ucnv_resetToUnicode
ucnv_countAliases

oleaut32

VariantClear

Exports

Exports

?CurrentKind@btkEvent@@1HA
?PRO_MACHINE_TYPE@@3PEBDEB
?PRO_OS_TYPE@@3PEBDEB
?StdStream@btkProcess@@2VDefaultStream@1@A
?mbsMode@btkMBStrFunc@@0PEAVbtkOBSFunc@@EA
storageclient_debug_bind_hack

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 998KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.datapro
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

557dd41d702f075825a263147cef1179

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

netapi32

ws2_32

user32

gdi32

advapi32

mpr

shell32

ole32

msimg32

winmm

imm32

version

ucore46

oleaut32

Exports

Exports

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 998KB - Virtual size: 2.5MB

.pdata Size: 245KB - Virtual size: 245KB

.datapro Size: 512B - Virtual size: 100B

.tls Size: 512B - Virtual size: 9B

.gfids Size: 3KB - Virtual size: 2KB

_RDATA Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 4.2MB - Virtual size: 4.2MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 998KB - Virtual size: 2.5MB

.pdata
Size: 245KB - Virtual size: 245KB

.datapro
Size: 512B - Virtual size: 100B

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 40KB - Virtual size: 39KB