Extracted

• 2024-09-27_2e3e6f9f9ee037d6099d36e7cf03e9f0_cobalt-strike_ryuk

  .exe windows:6 windows x64 arch:x64

  69573714e11441683ea863c40a1c0d54

  
  

  Code Sign

  8e:3f:bf:b9:1b:e6:da:04:1b:a4:1f:7a:98:3a:d6:1e

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  06-11-2021 00:00

  Not After

  05-11-2024 23:59

  Subject

  CN=Simon Tatham,O=Simon Tatham,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  01-01-2004 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  03-05-2023 00:00

  Not After

  02-08-2034 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  8e:3f:bf:b9:1b:e6:da:04:1b:a4:1f:7a:98:3a:d6:1e

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  06-11-2021 00:00

  Not After

  05-11-2024 23:59

  Subject

  CN=Simon Tatham,O=Simon Tatham,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  01-01-2004 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  03-05-2023 00:00

  Not After

  02-08-2034 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  b9:63:aa:ab:1b:9c:80:91:96:05:88:c4:f9:bc:03:84:bc:c9:51:a6:31:d3:f8:f2:64:02:61:35:80:98:a0:ba

  Signer

  Actual PE Digest

  b9:63:aa:ab:1b:9c:80:91:96:05:88:c4:f9:bc:03:84:bc:c9:51:a6:31:d3:f8:f2:64:02:61:35:80:98:a0:ba

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  16:7b:5a:2b:c0:cc:aa:37:bc:27:05:34:7f:89:44:e7:13:0f:d0:de

  Signer

  Actual PE Digest

  16:7b:5a:2b:c0:cc:aa:37:bc:27:05:34:7f:89:44:e7:13:0f:d0:de

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  gdi32

  BitBlt

  CreateBitmap

  CreateCompatibleBitmap

  CreateCompatibleDC

  CreateFontA

  CreateFontIndirectA

  CreatePalette

  CreatePen

  CreateSolidBrush

  DeleteDC

  DeleteObject

  ExcludeClipRect

  ExtTextOutA

  ExtTextOutW

  GetBkMode

  GetCharABCWidthsFloatA

  GetCharWidth32A

  GetCharWidth32W

  GetCharWidthA

  GetCharWidthW

  GetCharacterPlacementW

  GetCurrentObject

  GetDIBits

  GetDeviceCaps

  GetObjectA

  GetOutlineTextMetricsA

  GetPixel

  GetStockObject

  GetTextExtentExPointA

  GetTextExtentPoint32A

  GetTextMetricsA

  IntersectClipRect

  LineTo

  MoveToEx

  Polyline

  RealizePalette

  Rectangle

  SelectObject

  SelectPalette

  SetBkColor

  SetBkMode

  SetMapMode

  SetPaletteEntries

  SetPixel

  SetTextAlign

  SetTextColor

  TextOutA

  TranslateCharsetInfo

  UnrealizeObject

  UpdateColors

  imm32

  ImmGetCompositionStringW

  ImmGetContext

  ImmReleaseContext

  ImmSetCompositionFontA

  ImmSetCompositionWindow

  ole32

  CoCreateInstance

  CoInitialize

  CoUninitialize

  user32

  AppendMenuA

  BeginPaint

  CheckDlgButton

  CheckMenuItem

  CheckRadioButton

  CloseClipboard

  CreateCaret

  CreateDialogParamA

  CreateMenu

  CreatePopupMenu

  CreateWindowExA

  CreateWindowExW

  DefDlgProcA

  DefWindowProcA

  DefWindowProcW

  DeleteMenu

  DestroyCaret

  DestroyIcon

  DestroyWindow

  DialogBoxParamA

  DispatchMessageA

  DispatchMessageW

  DrawEdge

  DrawIconEx

  EmptyClipboard

  EnableMenuItem

  EnableWindow

  EndDialog

  EndPaint

  FindWindowA

  FlashWindow

  GetCapture

  GetCaretBlinkTime

  GetClientRect

  GetClipboardData

  GetClipboardOwner

  GetCursorPos

  GetDC

  GetDesktopWindow

  GetDlgItem

  GetDlgItemTextA

  GetDoubleClickTime

  GetForegroundWindow

  GetKeyboardLayout

  GetKeyboardState

  GetMessageA

  GetMessageTime

  GetParent

  GetQueueStatus

  GetScrollInfo

  GetSysColor

  GetSysColorBrush

  GetSystemMenu

  GetSystemMetrics

  GetWindowLongPtrA

  GetWindowPlacement

  GetWindowRect

  GetWindowTextA

  GetWindowTextLengthA

  HideCaret

  InsertMenuA

  InvalidateRect

  IsDialogMessageA

  IsDlgButtonChecked

  IsIconic

  IsWindow

  IsZoomed

  KillTimer

  LoadCursorA

  LoadIconA

  LoadImageA

  MapDialogRect

  MessageBeep

  MessageBoxA

  MessageBoxIndirectA

  MoveWindow

  MsgWaitForMultipleObjects

  OffsetRect

  OpenClipboard

  PeekMessageA

  PeekMessageW

  PostMessageA

  PostQuitMessage

  RegisterClassA

  RegisterClassW

  RegisterClipboardFormatA

  RegisterWindowMessageA

  ReleaseCapture

  ReleaseDC

  ScreenToClient

  SendDlgItemMessageA

  SendMessageA

  SetActiveWindow

  SetCapture

  SetCaretPos

  SetClassLongPtrA

  SetClipboardData

  SetCursor

  SetDlgItemTextA

  SetFocus

  SetForegroundWindow

  SetKeyboardState

  SetScrollInfo

  SetTimer

  SetWindowLongPtrA

  SetWindowPlacement

  SetWindowPos

  SetWindowTextA

  SetWindowTextW

  ShowCaret

  ShowCursor

  ShowWindow

  SystemParametersInfoA

  ToAsciiEx

  TrackPopupMenu

  TranslateMessage

  UpdateWindow

  kernel32

  Beep

  ClearCommBreak

  CloseHandle

  CompareStringW

  ConnectNamedPipe

  CreateEventA

  CreateFileA

  CreateFileMappingA

  CreateFileW

  CreateMutexA

  CreateNamedPipeA

  CreatePipe

  CreateProcessA

  CreateThread

  DeleteCriticalSection

  DeleteFileA

  EncodePointer

  EnterCriticalSection

  EnumSystemLocalesW

  ExitProcess

  FindClose

  FindFirstFileA

  FindFirstFileExW

  FindNextFileA

  FindNextFileW

  FindResourceA

  FlsAlloc

  FlsFree

  FlsGetValue

  FlsSetValue

  FlushFileBuffers

  FormatMessageA

  FreeEnvironmentStringsW

  FreeLibrary

  GetACP

  GetCPInfo

  GetCommState

  GetCommandLineA

  GetCommandLineW

  GetConsoleMode

  GetConsoleOutputCP

  GetCurrentDirectoryA

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThread

  GetCurrentThreadId

  GetDateFormatW

  GetEnvironmentStringsW

  GetEnvironmentVariableA

  GetFileSizeEx

  GetFileType

  GetLastError

  GetLocalTime

  GetLocaleInfoA

  GetLocaleInfoW

  GetModuleFileNameA

  GetModuleFileNameW

  GetModuleHandleExW

  GetModuleHandleW

  GetOEMCP

  GetOverlappedResult

  GetProcAddress

  GetProcessHeap

  GetProcessTimes

  GetStartupInfoW

  GetStdHandle

  GetStringTypeW

  GetSystemDirectoryA

  GetSystemTimeAsFileTime

  GetTempPathA

  GetThreadTimes

  GetTickCount

  GetTimeFormatW

  GetTimeZoneInformation

  GetUserDefaultLCID

  GetWindowsDirectoryA

  GlobalAlloc

  GlobalFree

  GlobalLock

  GlobalMemoryStatus

  GlobalUnlock

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  InitializeCriticalSection

  InitializeCriticalSectionAndSpinCount

  InitializeSListHead

  IsDBCSLeadByteEx

  IsDebuggerPresent

  IsProcessorFeaturePresent

  IsValidCodePage

  IsValidLocale

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryExA

  LoadLibraryExW

  LoadResource

  LocalAlloc

  LocalFileTimeToFileTime

  LocalFree

  LockResource

  MapViewOfFile

  MulDiv

  MultiByteToWideChar

  OpenProcess

  OutputDebugStringW

  QueryPerformanceCounter

  RaiseException

  ReadConsoleW

  ReadFile

  ReleaseMutex

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlPcToFileHeader

  RtlUnwind

  RtlUnwindEx

  RtlVirtualUnwind

  SetCommBreak

  SetCommState

  SetCommTimeouts

  SetCurrentDirectoryA

  SetEndOfFile

  SetEnvironmentVariableW

  SetEvent

  SetFilePointerEx

  SetHandleInformation

  SetLastError

  SetStdHandle

  SetUnhandledExceptionFilter

  SizeofResource

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  UnmapViewOfFile

  WaitForSingleObject

  WaitNamedPipeA

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  shell32

  ShellExecuteA

  comdlg32

  ChooseColorA

  ChooseFontA

  GetOpenFileNameA

  GetSaveFileNameA

  advapi32

  AllocateAndInitializeSid

  CopySid

  EqualSid

  GetLengthSid

  GetUserNameA

  InitializeSecurityDescriptor

  RegCloseKey

  RegCreateKeyExA

  RegDeleteKeyA

  RegEnumKeyA

  RegOpenKeyA

  RegOpenKeyExA

  RegQueryValueExA

  RegSetValueExA

  SetSecurityDescriptorDacl

  SetSecurityDescriptorOwner

  Sections

  .text

  Size: 928KB - Virtual size: 928KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 258KB - Virtual size: 257KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 21KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 27KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .00cfg

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .gxfg

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 17B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  _RDATA

  Size: 512B - Virtual size: 348B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 363KB - Virtual size: 362KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 8KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ