2024-09-12_b6138989910c78c0c5e6c343ea1265ed_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-12_b6138989910c78c0c5e6c343ea1265ed_ryuk
Size

696KB
MD5

b6138989910c78c0c5e6c343ea1265ed
SHA1

499b439b343164125e05ef92c57ad5b8ea42ab33
SHA256

32c2e733f9775541658447645c75880961c42cea1b18feba51c414244059a991
SHA512

c0eca4f690c953d8cd0b92a390090e691139cfb6f92748bdf18c510607a96b99c38b3d6d8e1b4178b1436a919093ee35da113de910cc94c4580dab87be0ca4c5
SSDEEP

12288:ICXVEDxJ+qvfS8r8uuWdxnaLj0ZikJWMx7quLJ+ktBtLxXFNUY:EDxJ+qvfS8r3dxnaL4HJWMx7q2+ktBtT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-12_b6138989910c78c0c5e6c343ea1265ed_ryuk

Files

2024-09-12_b6138989910c78c0c5e6c343ea1265ed_ryuk
.exe windows:6 windows x64 arch:x64

737809cc36aedf51ddcb98fcca635eb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\constructicon\builds\gfx\three\18.10\drivers\2d\dal\eeu\build\client\wNow64a\B_rel\atieclxx.pdb

Imports

user32

RegisterDeviceNotificationA
DispatchMessageA
UnregisterHotKey
PostMessageA
DefWindowProcA
PostQuitMessage
RegisterClassA
CreateWindowExA
DestroyWindow
ShowWindow
SetTimer
KillTimer
UpdateWindow
GetForegroundWindow
ChangeWindowMessageFilter
RegisterWindowMessageA
wsprintfW
SendMessageA
GetPropA
FindWindowA
EnumWindows
EnumDisplaySettingsExA
EnumDisplayDevicesA
EnumDisplaySettingsA
ChangeDisplaySettingsExA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop
SendInput
GetAsyncKeyState
RegisterHotKey
SystemParametersInfoA
SetSysColors
GetSysColor
RedrawWindow
PostThreadMessageA
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
UnregisterDeviceNotification
GetMessageA
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
FindWindowExA
GetWindowLongPtrA
GetClientRect
GetWindowTextA
UnhookWinEvent
SetWinEventHook
GetWindowThreadProcessId
IsWindowVisible
MessageBoxW
MessageBoxA
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes

gdi32

D3DKMTPollDisplayChildren
D3DKMTQueryAdapterInfo
DeleteDC
CreateDCA
SetDeviceGammaRamp

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegGetValueW
RegGetValueA
RegSetValueExW
RegDeleteValueA
RegDeleteKeyA
RegOpenCurrentUser
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
CreateProcessAsUserA
OpenProcessToken
RegDeleteTreeA
RevertToSelf
RegCloseKey

userenv

UnloadUserProfile
LoadUserProfileA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory
WTSRegisterSessionNotification
WTSQueryUserToken
WTSEnumerateProcessesA

powrprof

PowerWritePossibleValue
PowerGetActiveScheme
PowerSetActiveScheme
PowerWriteACDefaultIndex
PowerWriteDCDefaultIndex
PowerReadSettingAttributes
PowerWriteFriendlyName
PowerWriteSettingAttributes
PowerRemovePowerSetting
PowerCreateSetting
PowerCreatePossibleSetting
PowerEnumerate
PowerWriteACValueIndex
PowerWriteDCValueIndex
PowerSettingAccessCheck
PowerReadACValueIndex
PowerReadDCValueIndex
PowerWritePossibleFriendlyName

setupapi

CM_Get_DevNode_Status
SetupDiGetClassDevsExA
CM_Get_DevNode_Status_Ex
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Get_Child_Ex
CM_Reenumerate_DevNode
SetupDiOpenDeviceInfoA
SetupDiGetDeviceInstanceIdA
SetupDiCallClassInstaller
SetupDiGetHwProfileList
SetupDiSetClassInstallParamsA
SetupUninstallOEMInfA
SetupDiSetDeviceRegistryPropertyA
CM_Locate_DevNodeA
CM_Get_Device_IDA
SetupDiClassGuidsFromNameA
CM_Get_Device_ID_ExA

dwmapi

ord102
DwmIsCompositionEnabled

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
PropVariantClear
CoInitialize
CoUninitialize

difxapi

DriverPackageInstallA
DriverPackageUninstallA
DriverPackageGetPathA
DriverPackagePreinstallA

propsys

InitPropVariantFromDoubleVector

shlwapi

PathStripPathW
StrStrIA

kernel32

CompareStringW
GetTimeFormatW
GetDateFormatW
OutputDebugStringW
GetFileType
GetCurrentThread
HeapAlloc
HeapFree
GetACP
GetModuleHandleExW
ExitProcess
GetCurrentProcess
WideCharToMultiByte
LCMapStringW
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedFlushSList
InterlockedPushEntrySList
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
MultiByteToWideChar
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindFirstFileExA
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
CreateFileW
SetFilePointerEx
HeapSize
RaiseException
EncodePointer
RtlPcToFileHeader
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WinExec
TerminateThread
OpenMutexA
CreateMutexA
ReleaseMutex
WaitForMultipleObjects
OpenEventA
CreateEventA
ResetEvent
SetEvent
GetTickCount
VerifyVersionInfoW
RemoveDirectoryA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
VerSetConditionMask
GetLocalTime
GetCurrentThreadId
UnmapViewOfFile
SetThreadPriority
CreateThread
QueryPerformanceCounter
K32GetModuleBaseNameA
K32EnumProcessModules
QueryFullProcessImageNameA
GetEnvironmentVariableA
K32GetProcessImageFileNameA
K32EnumProcesses
GetSystemDefaultLangID
CopyFileA
FindResourceExA
LockResource
LoadResource
FreeResource
GetSystemDirectoryA
SetLastError
SetFileAttributesA
GetFileAttributesA
CreateDirectoryA
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
ExpandEnvironmentStringsA
GetProcAddress
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
WriteConsoleW
LoadLibraryA
GetModuleFileNameA
FreeLibrary
GetSystemPowerStatus
Process32Next
GetCommandLineA
Sleep
CreateProcessA
MapViewOfFile
AssignProcessToJobObject
CreateFileMappingA
OpenFileMappingA
CloseHandle
WaitForSingleObject
GetExitCodeProcess
OpenProcess
IsWow64Process
OutputDebugStringA
SetInformationJobObject
CreateJobObjectA
WTSGetActiveConsoleSessionId
LocalFree
GetLastError
TerminateProcess
lstrlenW
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32First

shell32

SHGetKnownFolderPath

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

737809cc36aedf51ddcb98fcca635eb8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

advapi32

userenv

wtsapi32

powrprof

setupapi

dwmapi

ole32

difxapi

propsys

shlwapi

kernel32

shell32

version

Sections

.text Size: 480KB - Virtual size: 479KB

.rdata Size: 153KB - Virtual size: 152KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 29KB - Virtual size: 28KB

.gfids Size: 512B - Virtual size: 388B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 480KB - Virtual size: 479KB

.rdata
Size: 153KB - Virtual size: 152KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 29KB - Virtual size: 28KB

.gfids
Size: 512B - Virtual size: 388B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB