2024-10-09_1c14b3a6f18e88bcb8a8af34d1f1bec2_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-10-09_1c14b3a6f18e88bcb8a8af34d1f1bec2_ryuk
Size

5.9MB
MD5

1c14b3a6f18e88bcb8a8af34d1f1bec2
SHA1

c239646c82c10697462228fc3681a0ac69a67b56
SHA256

2e4ee6cd469420e8d0b6fb49ffedbf92af614eb714be872c0d4f7babd07e1cb6
SHA512

b82a39ece8850d7396766cf0e9be3da0e4ab4a9cd1080f1dc14ad390125e660eb37512097cf95f03cc6a5998fb507272ddd6024f11eda3b53b2ca8aca7ef6b9d
SSDEEP

98304:GSzCfdmm5exnKMIytB8LFjMBjEkb1Bkq/mpKArEkb1Bkq/mpKA2:Km9xnKJYBlxGxP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-09_1c14b3a6f18e88bcb8a8af34d1f1bec2_ryuk

Files

2024-10-09_1c14b3a6f18e88bcb8a8af34d1f1bec2_ryuk
.exe windows:5 windows x64 arch:x64

66bd75b5126d69278bcbb4d36078679c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\jnks\workspace\KM_Prod_Active\build3868\SxS\src\x64\Release\HPInstallerExe.pdb

Imports

kernel32

HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
GetCurrentThread
GetCurrentThreadId
GetVersionExW
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
LoadResource
LockResource
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemDefaultLCID
GetUserDefaultLangID
ProcessIdToSessionId
GetComputerNameExW
WaitNamedPipeW
CreateNamedPipeW
MoveFileExW
CreateDirectoryW
GetDiskFreeSpaceExW
SetCurrentDirectoryW
GetEnvironmentVariableW
CreateProcessW
OpenFileMappingW
OpenEventW
OpenMutexW
FlushViewOfFile
PeekNamedPipe
DisconnectNamedPipe
ConnectNamedPipe
CreatePipe
GetLocalTime
GetSystemTime
DeviceIoControl
WaitForMultipleObjects
TryEnterCriticalSection
GetExitCodeThread
TerminateThread
GetExitCodeProcess
GlobalMemoryStatusEx
SizeofResource
GlobalAlloc
LeaveCriticalSection
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingW
CreateMutexW
GetLongPathNameW
OpenProcess
ExpandEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetACP
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GlobalLock
CreateEventW
GlobalDeleteAtom
lstrcmpA
lstrcmpW
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
CompareStringA
CloseHandle
SetEvent
WaitForSingleObject
HeapFree
SetThreadPriority
ResumeThread
GetModuleHandleW
GetProcAddress
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
GetCurrentProcessId
OutputDebugStringA
SetLastError
FreeResource
GetModuleHandleExW
GlobalUnlock
GlobalFree
LoadLibraryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
EncodePointer
GetSystemDirectoryW
GlobalFindAtomW
GlobalSize
LocalFree
MulDiv
FormatMessageW
CopyFileW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
DeleteFileW
GlobalGetAtomNameW
VerSetConditionMask
lstrcpyW
VerifyVersionInfoW
CreateFileW
GetFileAttributesW
GetFileSize
FindClose
FindFirstFileW
FlushFileBuffers
GetFullPathNameW
GetShortPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
VirtualProtect
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetFileAttributesW
SystemTimeToTzSpecificLocalTime
SearchPathW
GetTempFileNameW
GetTempPathW
GetTickCount
GetProfileIntW
Sleep
GetWindowsDirectoryW
FindResourceExW
GetUserDefaultLCID
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW

user32

CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
MapVirtualKeyW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
PostThreadMessageW
ModifyMenuW
NotifyWinEvent
InflateRect
SetWindowRgn
GetSystemMenu
GetAsyncKeyState
CharUpperW
TrackMouseEvent
IsRectEmpty
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
GetSysColorBrush
MessageBeep
RedrawWindow
IsZoomed
IsWindow
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
SetLayeredWindowAttributes
MonitorFromPoint
SetParent
GetSystemMetrics
ReuseDDElParam
UnpackDDElParam
LoadImageW
DestroyIcon
IntersectRect
EnumChildWindows
InsertMenuItemW
DestroyMenu
CreatePopupMenu
LoadMenuW
LockWindowUpdate
SetClassLongPtrW
SendDlgItemMessageA
GetMenuItemInfoW
MapDialogRect
GetKeyNameTextW
UnionRect
SetRect
DrawIconEx
DrawEdge
DrawFrameControl
DrawFocusRect
SetCursorPos
TranslateAcceleratorW
LoadAcceleratorsW
CharUpperBuffW
UpdateLayeredWindow
EnableScrollBar
GetMenuDefaultItem
SetMenuDefaultItem
CopyIcon
FrameRect
GetNextDlgTabItem
SetActiveWindow
GetDesktopWindow
RegisterWindowMessageW
GetMessagePos
GetMessageTime
PostQuitMessage
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
IsClipboardFormatAvailable
DrawMenuBar
DefFrameProcW
SetRectEmpty
RegisterClipboardFormatW
DefMDIChildProcW
TranslateMDISysAccel
CreateWindowExW
IsMenu
IsChild
SetWindowPos
AllowSetForegroundWindow
MsgWaitForMultipleObjects
SendMessageCallbackW
ExitWindowsEx
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
OpenWindowStationW
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenDesktopW
MsgWaitForMultipleObjectsEx
WaitForInputIdle
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
UpdateWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetUpdateRect
AdjustWindowRectEx
PostMessageW
ScreenToClient
MapWindowPoints
FlashWindowEx
wsprintfW
GetSysColor
CopyRect
EqualRect
PtInRect
SetWindowLongW
GetLastActivePopup
GetWindowLongPtrW
SetWindowLongPtrW
GetClassLongPtrW
GetClassNameW
GetDoubleClickTime
GetIconInfo
CreateMenu
DestroyCursor
GetNextDlgGroupItem
GetComboBoxInfo
DrawIcon
GetWindowRgn
HideCaret
InvertRect
GetWindowThreadProcessId
GetWindowLongW
MessageBoxW
IsWindowEnabled
SetCursor
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
SystemParametersInfoW
OffsetRect
GetTopWindow
GetWindow
UnhookWindowsHookEx
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
MoveWindow
CheckDlgButton
SetWindowTextW
IsDialogMessageW
WaitMessage
SetCapture
ReleaseCapture
ClientToScreen
WindowFromPoint
LoadCursorW
GetMenuStringW
GetMenuState
InsertMenuW
SendMessageW
UnregisterClassW
DefWindowProcW
EnableWindow
BringWindowToTop
FillRect
ReleaseDC
GetWindowDC
AppendMenuW
RemoveMenu
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
CopyImage

gdi32

SetPixelV
GetTextFaceW
GetSystemPaletteEntries
GetNearestPaletteIndex
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
SetPaletteEntries
ExtFloodFill
GetPaletteEntries
CreatePalette
RoundRect
EnumFontFamiliesExW
Rectangle
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
GetBkColor
DPtoLP
SetRectRgn
GetTextExtentPoint32W
GetTextColor
OffsetRgn
GetRgnBox
CreateRoundRectRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
RealizePalette
PatBlt
GetDIBits
CombineRgn
GetTextMetricsW
GetTextCharsetInfo
EnumFontFamiliesW
CreateRectRgnIndirect
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleBitmap
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
DeleteObject
DeleteDC

msimg32

TransparentBlt
GradientFill
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

SetEntriesInAclW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
ChangeServiceConfigW
CreateProcessAsUserW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
OpenEventLogW
CloseEventLog
BackupEventLogW
RegQueryInfoKeyW
GetUserNameW
CheckTokenMembership
OpenProcessToken
SystemFunction036
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegCloseKey

shell32

DragFinish
CommandLineToArgvW
SHGetSpecialFolderPathW
DragQueryFileW
SHGetFolderPathW
SHAppBarMessage
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
ExtractIconW
ShellExecuteExW
ShellExecuteW
SHGetFileInfoW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
PathIsFileSpecW
PathFindFileNameW

uxtheme

GetThemePartSize
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
OpenThemeData
CloseThemeData
GetThemeColor
IsAppThemed

ole32

RevokeDragDrop
CoLockObjectExternal
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
OleLockRunning
OleGetClipboard
DoDragDrop
CLSIDFromString
StringFromGUID2
CoDisconnectObject
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoCreateGuid
CoUninitialize
OleInitialize
OleUninitialize
RegisterDragDrop

oleaut32

VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString

gdiplus

GdipCloneImage
GdipLoadImageFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdiplusStartup
GdipCreateHBITMAPFromBitmap

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules
GetModuleBaseNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

msi

ord94
ord141
ord8
ord72

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66bd75b5126d69278bcbb4d36078679c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

psapi

version

secur32

msi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 732KB - Virtual size: 731KB

.data Size: 33KB - Virtual size: 87KB

.pdata Size: 92KB - Virtual size: 91KB

.gfids Size: 1024B - Virtual size: 768B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 144KB - Virtual size: 143KB

.reloc Size: 66KB - Virtual size: 62KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 732KB - Virtual size: 731KB

.data
Size: 33KB - Virtual size: 87KB

.pdata
Size: 92KB - Virtual size: 91KB

.gfids
Size: 1024B - Virtual size: 768B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 144KB - Virtual size: 143KB

.reloc
Size: 66KB - Virtual size: 62KB