Extracted

Extracted

• 2024-09-07_150fdfcf72ba2f9f6e35de9d06ef2d4f_ryuk

  .exe windows:6 windows x64 arch:x64

  ab39f89bff9ecb7aa7dca3d97c1a7afa

  
  

  Code Sign

  2a:95:32:18:e1:0b:4b:7b:6f:d1:4b:2a:9e:c3:0d:26

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12/05/2016, 00:00

  Not After

  11/05/2026, 23:59

  Subject

  CN=Symantec Class 3 Extended Validation Code Signing CA - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  63:e3:4d:3c:5e:10:d7:36:de:e1:c5:32:0c:2e:f8:f8

  Certificate

  Issuer

  CN=Symantec Class 3 Extended Validation Code Signing CA - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  29/08/2017, 00:00

  Not After

  28/08/2020, 23:59

  Subject

  SERIALNUMBER=HE 340361,CN=Movavi Software Limited,O=Movavi Software Limited,L=Apsiou,ST=Limassol,C=CY,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1306417073696f75,1.3.6.1.4.1.311.60.2.1.2=#13084c696d6173736f6c,1.3.6.1.4.1.311.60.2.1.3=#13024359

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12/01/2016, 00:00

  Not After

  11/01/2031, 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  02/01/2017, 00:00

  Not After

  01/04/2028, 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  20:4b:f2:b7:91:a4:da:49:d2:a9:0e:ec:34:93:a6:e8:9b:16:fb:d2:ac:37:b9:2a:3d:e3:14:67:bd:ff:4f:df

  Signer

  Actual PE Digest

  20:4b:f2:b7:91:a4:da:49:d2:a9:0e:ec:34:93:a6:e8:9b:16:fb:d2:ac:37:b9:2a:3d:e3:14:67:bd:ff:4f:df

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  E:\J\WS\workspace\PhotoKit_All\bin64\PhotoProjects1_866_feature-PE-7958_2996108_BUILD001_WIN64_setup.pdb

  Imports

  kernel32

  CreateThread

  CreateProcessW

  GetModuleFileNameW

  LocalFree

  GetFileAttributesW

  CreateFileA

  CreateFileW

  GetFileSize

  ReadFile

  SetFilePointer

  WriteFile

  GetLastError

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  SetEvent

  ResetEvent

  WaitForSingleObjectEx

  CreateEventW

  GetModuleHandleW

  GetProcAddress

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  UnhandledExceptionFilter

  Sleep

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  HeapSize

  ReadConsoleW

  WriteConsoleW

  GetTimeZoneInformation

  SetStdHandle

  OutputDebugStringW

  OutputDebugStringA

  SetConsoleCtrlHandler

  GetProcessHeap

  SetEnvironmentVariableW

  SetEnvironmentVariableA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  WaitForSingleObject

  CloseHandle

  GetCommandLineW

  GetStdHandle

  GetTempPathW

  CreateDirectoryW

  FindResourceW

  SizeofResource

  VerSetConditionMask

  LockResource

  LoadResource

  VerifyVersionInfoW

  SetUnhandledExceptionFilter

  GetOEMCP

  IsValidCodePage

  FindNextFileW

  WideCharToMultiByte

  MultiByteToWideChar

  GetStringTypeW

  FormatMessageW

  EncodePointer

  DecodePointer

  SetLastError

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetTickCount

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetCPInfo

  RtlPcToFileHeader

  RaiseException

  RtlUnwindEx

  InterlockedPushEntrySList

  InterlockedFlushSList

  FreeLibrary

  LoadLibraryExW

  GetFileAttributesExW

  ExitProcess

  GetModuleHandleExW

  GetModuleFileNameA

  GetACP

  HeapAlloc

  HeapFree

  HeapReAlloc

  GetCurrentThread

  GetConsoleCP

  GetConsoleMode

  GetDateFormatW

  GetTimeFormatW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetFileType

  FlushFileBuffers

  SetFilePointerEx

  FindClose

  FindFirstFileExA

  FindFirstFileExW

  FindNextFileA

  SetEndOfFile

  user32

  MessageBoxA

  LoadImageW

  LoadCursorW

  RedrawWindow

  EndPaint

  UpdateWindow

  GetSystemMetrics

  ShowWindow

  DestroyWindow

  CreateWindowExW

  RegisterClassExW

  DefWindowProcW

  BeginPaint

  gdi32

  Rectangle

  MoveToEx

  GetObjectW

  SelectObject

  LineTo

  GetStockObject

  DeleteObject

  DeleteDC

  CreateSolidBrush

  CreatePen

  CreateCompatibleDC

  BitBlt

  shell32

  CommandLineToArgvW

  SHFileOperationW

  Sections

  .text

  Size: 668KB - Virtual size: 667KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 189KB - Virtual size: 189KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 38KB - Virtual size: 38KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .gfids

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 45.3MB - Virtual size: 45.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ