2024-09-07_89e2196d65171a3216682029b082a377_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-07_89e2196d65171a3216682029b082a377_ryuk
Size

6.7MB
MD5

89e2196d65171a3216682029b082a377
SHA1

7c93b1e87fa3fe723b22a30e26ce17e7bb6ce8e1
SHA256

3e060a84a69a374916c17f3f528f524990cd1c1c957d03e20e035f4a00d86615
SHA512

56b6f4f5c29a6a3c80da83b6837d6bb0904e8dc4c50794f8124ff7746aeb62e9bc9d2d1017b486722dcdbfc9e2769a1a720f9c9207ad3c8d6203955ecbcfa6e6
SSDEEP

196608:KFvEJ/UPBeAgMbDZB1AUdYuFGhXZlj1YB9mDgV5y9dcPNNR0AZx1ZuAo8Z/AJg+N:0vEJ/UPBeAgMbDZB1AUdYuFGhXZlj1YO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-07_89e2196d65171a3216682029b082a377_ryuk

Files

2024-09-07_89e2196d65171a3216682029b082a377_ryuk
.exe windows:6 windows x64 arch:x64

6e3b24c23f8a43a1b2cd4af0867fd281

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualQuery
ExpandEnvironmentStringsA
SetCurrentDirectoryA
CreateDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GetFileTime
GetFullPathNameA
GetLogicalDrives
RemoveDirectoryA
SetFileAttributesA
SetHandleInformation
CreateProcessA
GetSystemTime
GetTempFileNameA
CreateDirectoryExA
CopyFileA
CopyFileExA
MoveFileA
MoveFileExA
SetVolumeLabelA
GetComputerNameA
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
CreateEventExW
SwitchToThread
SetThreadAffinityMask
SetErrorMode
GetModuleHandleExW
IsDBCSLeadByteEx
SetStdHandle
DeviceIoControl
SetUnhandledExceptionFilter
LoadResource
LockResource
SizeofResource
FindResourceW
EnumResourceNamesW
K32GetMappedFileNameW
IsDebuggerPresent
RtlLookupFunctionEntry
RtlVirtualUnwind
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
RaiseException
VirtualFree
InitializeCriticalSectionEx
GetComputerNameW
SetVolumeLabelW
MoveFileExW
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
GetProcessHeap
FindFirstFileExA
WriteConsoleW
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
TzSpecificLocalTimeToSystemTime
SetFileTime
GetFileInformationByHandle
GetTempPathW
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetFileType
FreeLibraryAndExitThread
VirtualProtect
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
EncodePointer
GetStringTypeW
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
GetLogicalProcessorInformation
VirtualAlloc
GetTickCount
GlobalMemoryStatusEx
HeapSetInformation
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
HeapCreate
MoveFileW
CopyFileExW
CopyFileW
CreateDirectoryExW
RemoveDirectoryW
GetTempFileNameW
GetFullPathNameW
FindNextFileW
FindFirstFileW
DeleteFileW
CreateFileW
CreateDirectoryW
ExpandEnvironmentStringsW
UnlockFile
GetConsoleMode
CreateProcessW
WaitForSingleObjectEx
CreateWaitableTimerA
SignalObjectAndWait
SetWaitableTimer
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
SetFilePointer
K32GetModuleFileNameExA
Thread32Next
Thread32First
CreateToolhelp32Snapshot
MapViewOfFile
ReadProcessMemory
GetThreadContext
GetProcessId
SuspendThread
OpenThread
GetCurrentThread
GetFileAttributesA
DeleteFileA
CreateFileA
GetCurrentDirectoryA
RtlCaptureContext
K32GetProcessImageFileNameW
GetUserDefaultLangID
UnmapViewOfFile
ReleaseMutex
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFileAttributesW
FlushFileBuffers
GetCurrentDirectoryW
SetCurrentDirectoryW
VerifyVersionInfoW
CreateFileMappingA
CreateSemaphoreW
CreateSemaphoreA
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetVersionExW
GetVersionExA
CreateEventW
OutputDebugStringW
OutputDebugStringA
GetShortPathNameW
GetDriveTypeW
GetDriveTypeA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
VerSetConditionMask
WaitForMultipleObjects
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
SetThreadPriority
ReleaseSemaphore
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GenerateConsoleCtrlEvent
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
LocalFree
OpenProcess
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
Sleep
ResetEvent
PeekNamedPipe
CreatePipe
SetLastError
DuplicateHandle
WriteFile
ReadFile
GetFileAttributesExW
FileTimeToLocalFileTime
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiW
FreeLibrary
lstrcpyW
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
lstrcmpW
GetCommandLineW
GetLastError
GetCurrentThreadId
CreateThread
CreateEventA
WaitForSingleObject
SetEvent
CloseHandle
MulDiv
GetWindowsDirectoryW
FindAtomW
AddAtomW
LoadLibraryW
lstrlenW
DeleteAtom
GetProcAddress
GetModuleHandleW
IsWow64Process
GetSystemInfo
GetCurrentProcess
GetVolumeInformationA
ExitThread
GetVolumeInformationW

netapi32

NetRemoteTOD
NetApiBufferFree

ws2_32

__WSAFDIsSet
accept
bind
closesocket
connect
ioctlsocket
getpeername
getsockname
getsockopt
listen
recv
recvfrom
select
send
sendto
htonl
shutdown
socket
gethostbyaddr
gethostbyname
gethostname
getaddrinfo
freeaddrinfo
getnameinfo
WSAGetLastError
WSACleanup
WSAStartup
WSASetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
htons
ntohl
ntohs
setsockopt

user32

DispatchMessageA
GetWindowDC
UpdateWindow
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
GetGUIThreadInfo
NotifyWinEvent
GetGuiResources
EnumChildWindows
SetParent
GetCaretPos
SetCaretPos
DestroyCaret
CreateCaret
EnumPropsExW
ScrollWindow
GetUpdateRgn
SetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
GetMenuItemCount
GetMenuItemID
EnableMenuItem
GetSystemMenu
IsWindowEnabled
EnableWindow
SetCapture
MapVirtualKeyExW
CreateDialogIndirectParamW
IsZoomed
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
CallWindowProcA
AttachThreadInput
SendMessageW
GetMessageExtraInfo
GetMessageTime
IsHungAppWindow
ChangeWindowMessageFilterEx
ClientToScreen
EnumDisplayMonitors
GetMonitorInfoW
MapVirtualKeyW
SetProcessDPIAware
EnumDisplayDevicesA
GetClassWord
GetCaretBlinkTime
MessageBeep
GetWindowRgn
AnimateWindow
GetDoubleClickTime
GetKeyboardLayout
EnumThreadWindows
DestroyIcon
DefWindowProcW
CallWindowProcW
GetKeyboardLayoutList
ActivateKeyboardLayout
GetCursor
SetCursor
SetCursorPos
SetWindowRgn
ShowWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsClipboardFormatAvailable
EmptyClipboard
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
OpenClipboard
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
FindWindowW
GetParent
SetWindowLongPtrW
SetWindowLongPtrA
ChildWindowFromPointEx
WindowFromPoint
ScreenToClient
GetPropA
SetPropA
GetForegroundWindow
MsgWaitForMultipleObjectsEx
ReleaseCapture
GetCapture
GetQueueStatus
GetKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
PostQuitMessage
PostThreadMessageW
SendNotifyMessageW
GetMessagePos
PeekMessageW
TrackMouseEvent
GetIconInfo
CreateIconIndirect
DrawIconEx
PtInRect
EqualRect
OffsetRect
IntersectRect
SetRectEmpty
GetSysColor
AdjustWindowRectEx
GetWindowRect
GetMenu
FillRect
GetAncestor
LoadIconW
LoadCursorW
GetWindow
GetWindowThreadProcessId
GetWindowLongPtrW
GetWindowLongPtrA
SetWindowLongW
GetWindowLongW
GetCursorPos
RegisterClassW
FindWindowExW
CreateWindowExW
DestroyWindow
GetSystemMetrics
DrawTextW
GetDC
ReleaseDC
GetDesktopWindow
SystemParametersInfoW
GetMessageW
PeekMessageA
TranslateMessage
DispatchMessageW
GetWindowLongA
IsRectEmpty
SetRect
InvertRect
DrawFocusRect
MapWindowPoints
GetClientRect
RemovePropW
GetPropW
PostMessageW
IsWindow
UpdateLayeredWindow
GetLayeredWindowAttributes
SetLayeredWindowAttributes
SetWindowPos
SetTimer
KillTimer
IsWindowUnicode
GetDCEx
BeginPaint
EndPaint
GetUpdateRect
ValidateRect
MsgWaitForMultipleObjects
LoadBitmapW
CreateIconFromResource
CloseClipboard
RedrawWindow
SetPropW

gdi32

GetArcDirection
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolylineTo
SetWindowOrgEx
SetBrushOrgEx
GdiFlush
GetROP2
GetCharABCWidthsW
GetFontLanguageInfo
GetCharacterPlacementW
SetTextAlign
ExtTextOutW
GetPaletteEntries
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
CreateDIBitmap
ExtCreatePen
GetDIBits
SetDIBits
EqualRgn
AnimatePalette
CreatePalette
GetNearestColor
CreateBitmapIndirect
SetArcDirection
PathToRegion
EndPath
BeginPath
AbortPath
CreateDIBSection
SetTextColor
SetStretchBltMode
SetROP2
StretchDIBits
StretchBlt
SetPolyFillMode
SetPixelV
SetMapMode
SetBkMode
SetDCPenColor
SetDCBrushColor
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
RealizePalette
Rectangle
RectInRegion
PtInRegion
Pie
PatBlt
OffsetRgn
MaskBlt
LineTo
LineDDA
InvertRgn
GetWindowOrgEx
GetTextColor
GetRgnBox
GetRegionData
GetPixel
GetMapMode
GetCurrentObject
GetClipRgn
GetBitmapBits
GetBkColor
FillRgn
ExtCreateRegion
ExcludeClipRect
Ellipse
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
CreateFontIndirectW
EnumFontFamiliesExW
GetDeviceCaps
GetFontData
GetStockObject
GetFontUnicodeRanges
AddFontResourceExW
AddFontMemResourceEx
GetTextMetricsW
GetObjectW
GetKerningPairsW
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
GetBrushOrgEx
CreatePatternBrush
CreateEllipticRgn

advapi32

CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetFileSecurityW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
InitializeSecurityDescriptor
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegConnectRegistryA
RegSetValueExW
RegOpenKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RevertToSelf
ImpersonateSelf
GetFileSecurityW
AccessCheck
OpenThreadToken
GetUserNameA
LookupAccountNameW
LookupAccountNameA
LookupAccountSidW
LookupAccountSidA
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptReleaseContext

mpr

WNetEnumResourceA
WNetCloseEnum
WNetGetConnectionA
WNetOpenEnumA

shell32

SHGetFolderPathW
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
SHGetFolderLocation
ord155
SHGetFileInfoW
ExtractIconExW

ole32

ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleUninitialize

msimg32

GradientFill
AlphaBlend

winmm

PlaySoundW

imm32

ImmGetContext
ImmGetCompositionStringW
ImmSetCompositionFontW
ImmGetCompositionWindow
ImmSetCompositionWindow
ImmAssociateContext
ImmAssociateContextEx
ImmReleaseContext

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ucore46

ucnv_toUnicode
ucnv_fromUnicode
ucnv_setFromUCallBack
ucnv_setToUCallBack
ucnv_getUnicodeSet
ucnv_getName
ucnv_getMaxCharSize
ucnv_resetFromUnicode
ucnv_fromUChars
ucnv_reset
ucnv_close
ucnv_open
ucnv_compareNames
??3UMemory@icu@@SAXPEAX@Z
??2UMemory@icu@@SAPEAX_K@Z
utf8_prevCharSafeBody
utf8_nextCharSafeBody
ucnv_cbToUWriteUChars
ucnv_cbFromUWriteBytes
u_cleanup
u_init
ubrk_following
ubrk_first
ubrk_next
ubrk_setUText
ubrk_close
ubrk_open
utext_openUChars
utext_close
uloc_getISOCountries
uloc_getISOLanguages
uloc_getDisplayCountry
uloc_getDisplayLanguage
uloc_getCountry
uloc_getLanguage
uloc_setDefault
uloc_getDefault
ucase_fold
ucase_toupper
ucase_tolower
ucase_toFullUpper
ucase_toFullLower
ucase_toFullFolding
ucasemap_close
ucasemap_open
u_memcpy
??0UnicodeSet@icu@@QEAA@XZ
u_toupper
u_tolower
u_isprint
u_iscntrl
u_isspace
u_isblank
u_isgraph
u_ispunct
u_isxdigit
u_isalnum
u_isalpha
u_isdigit
u_isupper
u_islower
ucnv_toUCountPending
ucnv_fromUCountPending
ucnv_setFallback
ucnv_getAliases
ucnv_countAliases
ucnv_resetToUnicode
ucnv_convertEx

oleaut32

VariantClear

Exports

Exports

?CurrentKind@btkEvent@@1HA
?PRO_MACHINE_TYPE@@3PEBDEB
?PRO_OS_TYPE@@3PEBDEB
?StdStream@btkProcess@@2VDefaultStream@1@A
?mbsMode@btkMBStrFunc@@0PEAVbtkOBSFunc@@EA
storageclient_debug_bind_hack

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1001KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.datapro
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e3b24c23f8a43a1b2cd4af0867fd281

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

netapi32

ws2_32

user32

gdi32

advapi32

mpr

shell32

ole32

msimg32

winmm

imm32

version

ucore46

oleaut32

Exports

Exports

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 1001KB - Virtual size: 2.5MB

.pdata Size: 249KB - Virtual size: 248KB

.datapro Size: 512B - Virtual size: 100B

.tls Size: 512B - Virtual size: 9B

.gfids Size: 3KB - Virtual size: 2KB

_RDATA Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 744B

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 1001KB - Virtual size: 2.5MB

.pdata
Size: 249KB - Virtual size: 248KB

.datapro
Size: 512B - Virtual size: 100B

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 744B

.reloc
Size: 40KB - Virtual size: 39KB