2024-09-27_9e3622a306f15ac12ec753105f7aaf00_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-27_9e3622a306f15ac12ec753105f7aaf00_ryuk
Size

6.9MB
MD5

9e3622a306f15ac12ec753105f7aaf00
SHA1

04ab73eaeb26558f4e1a44bed80ce148ed31d53e
SHA256

c84a403abad2bbaf3df37e283aeb89919fa023459e5b584f2d8dd79c419fab6b
SHA512

1ee4456d8960e04002910cd388d23d0ea59d50f73a304cf0401ed68e73919a38849ae2d10811aefbea450ddaa1efb8ee78e4e294b704876b1c4e984d775903ae
SSDEEP

49152:YfiuYE8YzC+CDSE20beNl3BnAuFZQeZTc5vYjDE5aPLHFE9ImOmQDmg27RnWGj:YquYEFd6ATFwI15D527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-27_9e3622a306f15ac12ec753105f7aaf00_ryuk

Files

2024-09-27_9e3622a306f15ac12ec753105f7aaf00_ryuk
.exe windows:5 windows x64 arch:x64

d7f1a89137271f0be585c386ded22c69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\jnks\workspace\K24_CXP_Production_Build\build2784\SxS\src\x64\Release\HPCustPartic.pdb

Imports

kernel32

GetCommandLineW
GetTempFileNameW
GetLongPathNameW
SearchPathW
FormatMessageW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalMemoryStatusEx
LocalAlloc
GetShortPathNameW
GetCurrentProcess
GetExitCodeProcess
CreateThread
TerminateThread
GetExitCodeThread
TryEnterCriticalSection
SetEvent
ResetEvent
WaitForMultipleObjects
GetFileSizeEx
DeviceIoControl
FindClose
GetFileTime
GetSystemTime
GetLocalTime
CreatePipe
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
FlushViewOfFile
CreateEventW
OpenEventW
CreateProcessW
GetStartupInfoW
GetEnvironmentVariableW
GetSystemDirectoryW
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDiskFreeSpaceExW
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
CreateNamedPipeW
WaitNamedPipeW
GetComputerNameExW
GetVersionExW
VerifyVersionInfoW
DecodePointer
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultLCID
GetUserDefaultLCID
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStringA
FileTimeToSystemTime
SystemTimeToFileTime
GetFullPathNameW
RemoveDirectoryW
MoveFileW
GetUserGeoID
GetModuleFileNameW
VerSetConditionMask
GetModuleHandleW
GetTimeZoneInformation
GetFileSize
GetFileAttributesExW
GetStringTypeW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetCPInfo
IsDebuggerPresent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
ReadConsoleW
WriteConsoleW
SetEndOfFile
OpenProcess
GetCurrentThreadId
OutputDebugStringW
WriteFile
SetFilePointer
RaiseException
InitializeCriticalSectionAndSpinCount
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
UnmapViewOfFile
CloseHandle
CreateFileW
LeaveCriticalSection
EnterCriticalSection
OpenMutexW
OpenFileMappingW
ReleaseMutex
CreateMutexW
MapViewOfFile
GetLastError
CreateFileMappingW
QueryPerformanceCounter
SetLastError
MultiByteToWideChar
GetTickCount
GetCurrentProcessId
InitializeCriticalSection
ReadFile
ExpandEnvironmentStringsW
DeleteCriticalSection
WideCharToMultiByte
GetGeoInfoW
FreeResource
WaitForSingleObject
Sleep
ProcessIdToSessionId
FileTimeToDosDateTime
GetFileInformationByHandle
CancelIo
GetOverlappedResult
lstrcmpiW
lstrcatW
lstrcpyW

user32

SetForegroundWindow
ShowWindow
IsWindowVisible
EnumWindows
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenDesktopW
MsgWaitForMultipleObjectsEx
GetAsyncKeyState
WaitForInputIdle
GetDesktopWindow
SystemParametersInfoW
CloseWindowStation
LoadIconW
AllowSetForegroundWindow
GetSystemMetrics
SetTimer
MsgWaitForMultipleObjects
GetKeyState
SetProcessWindowStation
IsWindow
GetWindowThreadProcessId
GetProcessWindowStation
GetRawInputDeviceList
DestroyIcon
OpenWindowStationW
RegisterWindowMessageW
GetMessageW
SendMessageCallbackW
ExitWindowsEx
PeekMessageW

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathIsDirectoryW
PathFindFileNameW
PathIsFileSpecW

psapi

GetModuleFileNameExW
GetModuleBaseNameW
EnumProcesses
EnumProcessModules

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
GetUserNameW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ChangeServiceConfigW
QueryServiceConfigW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
CheckTokenMembership
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
FreeSid
CryptAcquireContextW
CryptReleaseContext
ImpersonateLoggedOnUser
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
DuplicateToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam

shell32

ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
ExtractIconW
SHGetSpecialFolderPathW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize
CoInitializeEx
OleRun
CLSIDFromProgID
CoTaskMemAlloc
PropVariantCopy
CoInitializeSecurity
CoSetProxyBlanket
OleUninitialize

oleaut32

GetErrorInfo
VariantInit
SysAllocString
VariantChangeType
SysFreeString
VariantClear
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayLock
SafeArrayDestroy
SafeArrayUnlock
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCopy
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetVartype
DispCallFunc
SysStringLen

wininet

HttpOpenRequestW
InternetSetOptionW
InternetGetConnectedState
InternetCloseHandle
InternetQueryOptionW
InternetConnectW
InternetOpenW
HttpSendRequestW
HttpSendRequestExW
InternetErrorDlg
HttpAddRequestHeadersW
HttpQueryInfoW
HttpQueryInfoA
InternetReadFileExA
InternetWriteFile
HttpEndRequestW

ws2_32

closesocket
listen
recv
send
setsockopt
WSACleanup
shutdown
accept
WSAGetLastError
bind
WSAStartup
freeaddrinfo
getaddrinfo
WSAStringToAddressW
WSAAddressToStringW
WSASocketW
WSAResetEvent
WSAEventSelect
WSACloseEvent
WSAEnumNetworkEvents
WSADuplicateSocketW
WSACreateEvent
WSAConnect

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

setupapi

SetupDiRemoveDevice
CMP_WaitNoPendingInstallEvents
CM_Set_DevNode_Registry_PropertyW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_IDW
CM_Disable_DevNode
SetupDiSetClassInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiCreateDevRegKeyW
SetupDiOpenClassRegKey
SetupGetLineTextW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiBuildDriverInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW

gdi32

GetDeviceCaps
CreateDCW
DeleteEnhMetaFile
PlayEnhMetaFile
SetEnhMetaFileBits
StartDocW
EndDoc
StartPage
EndPage
DeleteDC

winspool.drv

EnumJobsW
AddPrinterW
DeletePrinter
SetPrinterW
GetPrinterW
AddPrinterDriverW
EnumPrinterDriversW
GetPrinterDriverW
GetPrinterDriverDirectoryW
DeletePrinterDriverExW
StartDocPrinterW
StartPagePrinter
WritePrinter
EndPagePrinter
EndDocPrinter
DocumentPropertiesW
GetPrinterDataExW
SetPrinterDataExW
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification
ClosePrinter
EnumMonitorsW
AddMonitorW
DeleteMonitorW
EnumPortsW
XcvDataW
ord203
ord204
OpenPrinterW
SetJobW
GetJobW
EnumPrintersW

iphlpapi

IcmpCloseHandle
IcmpCreateFile
IpRenewAddress
GetIfEntry
GetInterfaceInfo
NotifyAddrChange
AddIPAddress
DeleteIPAddress
GetAdaptersInfo
GetAdaptersAddresses
IpReleaseAddress
IcmpSendEcho

crypt32

CertCloseStore
CryptUnprotectData
CertDeleteCertificateFromStore
CertAddEncodedCertificateToStore
CertOpenStore

Exports

Exports

Create_Config_JobFactory

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 884KB - Virtual size: 888KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d7f1a89137271f0be585c386ded22c69

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

rpcrt4

shlwapi

psapi

advapi32

shell32

ole32

oleaut32

wininet

ws2_32

version

secur32

setupapi

gdi32

winspool.drv

iphlpapi

crypt32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 3.9MB - Virtual size: 3.9MB

.data Size: 42KB - Virtual size: 85KB

.pdata Size: 95KB - Virtual size: 95KB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 196KB - Virtual size: 196KB

.reloc Size: 884KB - Virtual size: 888KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 42KB - Virtual size: 85KB

.pdata
Size: 95KB - Virtual size: 95KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 196KB - Virtual size: 196KB

.reloc
Size: 884KB - Virtual size: 888KB