2024-09-12_4556bb09cb9e900ed5c8ccefe05f5dac_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-12_4556bb09cb9e900ed5c8ccefe05f5dac_ryuk
Size

692KB
MD5

4556bb09cb9e900ed5c8ccefe05f5dac
SHA1

303d39148daadc5bb12cb5e93b4f651d0fc29fea
SHA256

af9bd0af545d1a15c3a8974d9f4c9a109f2c262c6f40a2d9accc20c67d938ec1
SHA512

04a0ed36233d27e681b1831711a9b4fa5736683c6bd74da9aba35eb75f0a977c828facb98260f2f01e041dba56e1feb258ccebda0873ac0f72ba1ab45c20ad03
SSDEEP

12288:PkMgNCOXTLfrXWlxnaLYnTYvAykezrm1RGOWaBt1G6g5SdT:PMCOXTLfrGlxnaLpvAykezC1RGOWaBiy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-12_4556bb09cb9e900ed5c8ccefe05f5dac_ryuk

Files

2024-09-12_4556bb09cb9e900ed5c8ccefe05f5dac_ryuk
.exe windows:6 windows x64 arch:x64

cb173f8ca3f04faafa51a2f1f4eb2b80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\constructicon\builds\gfx\three\17.50\drivers\2d\dal\eeu\build\client\wNow64a\B_rel\atieclxx.pdb

Imports

user32

CreateWindowExA
KillTimer
UpdateWindow
GetForegroundWindow
DestroyWindow
RegisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
UnregisterHotKey
DispatchMessageA
ShowWindow
ChangeWindowMessageFilter
SetTimer
RegisterWindowMessageA
wsprintfW
SendMessageA
GetMessageA
GetPropA
FindWindowA
EnumWindows
EnumDisplaySettingsExA
EnumDisplayDevicesA
EnumDisplaySettingsA
ChangeDisplaySettingsExA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop
SendInput
GetAsyncKeyState
RegisterHotKey
SystemParametersInfoA
SetSysColors
GetSysColor
RedrawWindow
PostThreadMessageA
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
UnregisterDeviceNotification
RegisterDeviceNotificationA
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
FindWindowExA
GetWindowLongPtrA
GetClientRect
GetWindowTextA
UnhookWinEvent
SetWinEventHook
GetWindowThreadProcessId
IsWindowVisible
MessageBoxW
MessageBoxA
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes

gdi32

D3DKMTPollDisplayChildren
D3DKMTQueryAdapterInfo
DeleteDC
CreateDCA
SetDeviceGammaRamp

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterEventSourceA
ReportEventA
RegGetValueW
RegGetValueA
RegSetValueExW
RegDeleteValueA
RegDeleteKeyA
RegOpenCurrentUser
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
CreateProcessAsUserA
OpenProcessToken
RegDeleteTreeA
RevertToSelf
RegCloseKey

userenv

UnloadUserProfile
LoadUserProfileA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory
WTSQueryUserToken
WTSRegisterSessionNotification
WTSEnumerateProcessesA

powrprof

PowerGetActiveScheme
PowerSetActiveScheme
PowerReadSettingAttributes
PowerWriteDCValueIndex
PowerSettingAccessCheck
PowerWriteFriendlyName
PowerWritePossibleValue
PowerWritePossibleFriendlyName
PowerWriteACDefaultIndex
PowerWriteDCDefaultIndex
PowerWriteSettingAttributes
PowerRemovePowerSetting
PowerCreateSetting
PowerCreatePossibleSetting
PowerEnumerate
PowerReadACValueIndex
PowerReadDCValueIndex
PowerWriteACValueIndex

setupapi

SetupDiSetClassInstallParamsA
SetupDiOpenDeviceInfoA
CM_Reenumerate_DevNode
CM_Locate_DevNodeA
CM_Get_Parent
CM_Get_DevNode_Status
CM_Get_Device_IDA
CM_Get_Child_Ex
SetupDiClassGuidsFromNameA
SetupDiCallClassInstaller
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_ExA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupUninstallOEMInfA
SetupDiSetDeviceRegistryPropertyA
SetupDiGetClassDevsExA
SetupDiGetHwProfileList
SetupDiGetDeviceInstanceIdA

dwmapi

ord102
DwmIsCompositionEnabled

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
PropVariantClear
CoInitialize
CoTaskMemFree

difxapi

DriverPackageInstallA
DriverPackageUninstallA
DriverPackageGetPathA
DriverPackagePreinstallA

propsys

InitPropVariantFromDoubleVector

shlwapi

PathStripPathW
StrStrIA

kernel32

GetDateFormatW
OutputDebugStringW
GetFileType
GetCurrentThread
HeapAlloc
HeapFree
GetACP
GetModuleHandleExW
ExitProcess
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
WriteFile
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedFlushSList
InterlockedPushEntrySList
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetModuleFileNameW
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindFirstFileExA
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
CreateFileW
RaiseException
EncodePointer
RtlPcToFileHeader
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
SetFilePointerEx
HeapSize
GetCurrentThreadId
WinExec
TerminateThread
OpenMutexA
CreateMutexA
ReleaseMutex
WaitForMultipleObjects
OpenEventA
CreateEventA
ResetEvent
SetEvent
GetTickCount
VerifyVersionInfoW
RemoveDirectoryA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
VerSetConditionMask
GetLocalTime
UnmapViewOfFile
SetThreadPriority
CreateThread
QueryPerformanceCounter
K32GetModuleBaseNameA
K32EnumProcessModules
QueryFullProcessImageNameA
GetEnvironmentVariableA
K32GetProcessImageFileNameA
K32EnumProcesses
GetSystemDefaultLangID
CopyFileA
FindResourceExA
LockResource
LoadResource
FreeResource
GetSystemDirectoryA
SetLastError
SetFileAttributesA
GetFileAttributesA
CreateDirectoryA
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
GetCommandLineA
ExpandEnvironmentStringsA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FreeLibrary
WriteConsoleW
Sleep
CreateProcessA
MapViewOfFile
AssignProcessToJobObject
CreateFileMappingA
OpenFileMappingA
CloseHandle
WaitForSingleObject
GetExitCodeProcess
OpenProcess
IsWow64Process
OutputDebugStringA
SetInformationJobObject
CreateJobObjectA
WTSGetActiveConsoleSessionId
LocalFree
GetLastError
TerminateProcess
lstrlenW
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemPowerStatus

shell32

SHGetKnownFolderPath

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb173f8ca3f04faafa51a2f1f4eb2b80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

advapi32

userenv

wtsapi32

powrprof

setupapi

dwmapi

ole32

difxapi

propsys

shlwapi

kernel32

shell32

version

Sections

.text Size: 476KB - Virtual size: 475KB

.rdata Size: 152KB - Virtual size: 152KB

.data Size: 4KB - Virtual size: 11KB

.pdata Size: 29KB - Virtual size: 28KB

.gfids Size: 512B - Virtual size: 392B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 476KB - Virtual size: 475KB

.rdata
Size: 152KB - Virtual size: 152KB

.data
Size: 4KB - Virtual size: 11KB

.pdata
Size: 29KB - Virtual size: 28KB

.gfids
Size: 512B - Virtual size: 392B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB