2024-11-08_853341a37ee6cd6516e03ce1341c7889_ryuk

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-08_853341a37ee6cd6516e03ce1341c7889_ryuk
Size

5.4MB
MD5

853341a37ee6cd6516e03ce1341c7889
SHA1

6ff55c00a1c09ccd6af7727d526e21ca969e0af0
SHA256

773760fd71d52457ba53a314f15dddb1a74e8b2f5a90e5e150dea48a21aa76df
SHA512

28b6ce445fd4b449880ecb56f6c70e7b16cc587f93581545f8ca1bae05b9b7b97fc2bc882d75b75c1dbe42db1377c3cee5402eefa3cea5c2d12d22494840f3e6
SSDEEP

98304:42K7dKBS4R1tQesBeOm2OYrrMkhYjpRun+MHwiQ2:4BISXBeL1TltRun+Mft

Score

1^/10

Malware Config

Signatures

Files

2024-11-08_853341a37ee6cd6516e03ce1341c7889_ryuk
.exe windows:6 windows x64 arch:x64

8e1c949f4ead8984162701be92e3ea40

Code Sign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03-05-2011 07:00

Not After

03-05-2031 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:2b:bd:8d:56:24:bd:ac
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

04-12-2018 17:13

Not After

04-12-2021 17:13

Subject

CN=OSPREY VIDEO\, INC.,O=OSPREY VIDEO\, INC.,L=Carrollton,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

81:96:28:a1:ee:f8:86:02:a0:f1:95:3b:98:7d:bc:6b:65:d7:8f:65
Signer

Actual PE Digest

81:96:28:a1:ee:f8:86:02:a0:f1:95:3b:98:7d:bc:6b:65:d7:8f:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetACP
ExitProcess
GetModuleFileNameA
GetStdHandle
GetFileType
ReadConsoleW
FindNextFileA
VirtualAlloc
GetSystemInfo
QueryPerformanceFrequency
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
SetFilePointerEx
FindFirstFileExA
SetStdHandle
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
LocalUnlock
LocalLock
GetUserDefaultLCID
ReplaceFileW
GetDiskFreeSpaceW
Sleep
GetProfileIntW
SearchPathW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
FindResourceExW
GetStringTypeExW
MoveFileW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
SystemTimeToFileTime
FileTimeToSystemTime
VerifyVersionInfoW
lstrcpyW
VerSetConditionMask
GetThreadLocale
DeleteFileW
GetCurrentDirectoryW
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetAtomNameW
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
WaitForSingleObject
SetEvent
CloseHandle
CopyFileW
FormatMessageW
LocalFree
GlobalSize
InitializeCriticalSectionAndSpinCount
GlobalFree
GetTickCount
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
MultiByteToWideChar
lstrcmpA
GlobalAlloc
GetVersionExW
GetCurrentThread
WideCharToMultiByte
GlobalGetAtomNameW
GetCurrentProcessId
MulDiv
GlobalUnlock
GlobalLock
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
FindResourceW
LoadLibraryW
lstrcmpW
GlobalDeleteAtom
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
FreeResource
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
SetLastError
EncodePointer
OutputDebugStringA
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapFree
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
WriteConsoleW
CreateFileA
GetModuleHandleA
LoadLibraryA
VirtualFree

user32

GetAsyncKeyState
RealChildWindowFromPoint
GetSysColorBrush
SendDlgItemMessageA
CopyImage
InflateRect
GetMenuItemInfoW
ShowOwnedPopups
TranslateMessage
GetMessageW
GetCursorPos
RemoveMenu
InsertMenuW
GetMenuState
GetMenuStringW
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DrawStateW
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
PostQuitMessage
SystemParametersInfoW
SetParent
IsRectEmpty
DeleteMenu
AppendMenuW
GetSystemMenu
IsZoomed
GetSystemMetrics
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
LoadImageW
DestroyIcon
GetWindowThreadProcessId
GetDesktopWindow
OffsetRect
IntersectRect
SetRectEmpty
SetCursor
InvalidateRect
InsertMenuItemW
DestroyMenu
CreatePopupMenu
LoadMenuW
TranslateAcceleratorW
LoadAcceleratorsW
ReleaseCapture
GetActiveWindow
BringWindowToTop
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
FillRect
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetParent
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
GetKeyNameTextW
MapVirtualKeyW
UnionRect
LoadCursorW
EnableWindow
UpdateWindow
UnregisterClassW
RegisterWindowMessageW
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
SetTimer
KillTimer
WindowFromPoint
SetRect
SetCapture
GetDCEx
LockWindowUpdate
PostThreadMessageW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetLayeredWindowAttributes
ScrollWindow
RedrawWindow
EnumDisplayMonitors
GetDialogBaseUnits
TrackMouseEvent
CharUpperW
SetWindowRgn
NotifyWinEvent
GetMenuDefaultItem
SetMenuDefaultItem
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
SendMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
DestroyAcceleratorTable
GetSubMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
TrackPopupMenuEx
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
ValidateRect
SetCursorPos
SetClassLongPtrW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CharUpperBuffW
ModifyMenuW
CopyIcon
FrameRect
WaitMessage
GetIconInfo
HideCaret
InvertRect
DrawIcon
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
SendNotifyMessageW
MonitorFromRect
InSendMessage
CreateMenu
WindowFromDC
DestroyCursor
GetComboBoxInfo
EnumChildWindows
GetWindowRgn
GetTabbedTextExtentW
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
MonitorFromPoint
EnableScrollBar
UpdateLayeredWindow

gdi32

GetCurrentPositionEx
GetDeviceCaps
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateCompatibleBitmap
CreateFontW
GetCharWidthW
StretchDIBits
GetTextExtentPoint32W
GetTextMetricsW
GetClipRgn
CreateDCW
CreateFontIndirectW
CombineRgn
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
EnumFontFamiliesExW
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
GetCurrentObject
GetDIBits
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
OffsetRgn
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
SetPixelV
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
GetObjectW
SetTextColor
SetBkColor
CopyMetaFileW
CreateDIBPatternBrushPt
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

GetJobW
ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegSetValueW
SetFileSecurityW
GetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW

shell32

DragQueryFileW
DragFinish
SHAddToRecentDocs
ExtractIconW
SHGetFileInfoW
ShellExecuteExW
SHBrowseForFolderW
SHGetMalloc
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
PathFindExtensionW

uxtheme

CloseThemeData
GetThemeSysColor
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
IsAppThemed
DrawThemeText
OpenThemeData
GetCurrentThemeName
GetThemePartSize
GetThemeColor
GetWindowTheme

ole32

DoDragDrop
CoInitializeEx
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
PropVariantCopy
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleRun
StringFromGUID2
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
OleCreateLinkFromData
OleCreateStaticFromData
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoDisconnectObject
SetConvertStg
OleRegGetUserType
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CLSIDFromProgID
CLSIDFromString
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
CreateStreamOnHGlobal
ReleaseStgMedium

oleaut32

VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroyData
VarBstrFromDec
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
SysReAllocStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SafeArrayDestroy
VarDecFromStr
SystemTimeToVariantTime
OleCreateFontIndirect
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SafeArrayDestroyDescriptor
VariantTimeToSystemTime

oledlg

OleUIBusyW

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDrawImageI
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 41KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e1c949f4ead8984162701be92e3ea40

Code Sign

07Certificate

Key Usages

73:2b:bd:8d:56:24:bd:acCertificate

Extended Key Usages

Key Usages

81:96:28:a1:ee:f8:86:02:a0:f1:95:3b:98:7d:bc:6b:65:d7:8f:65Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 41KB - Virtual size: 88KB

.pdata Size: 169KB - Virtual size: 168KB

.gfids Size: 139KB - Virtual size: 139KB

.giats Size: 512B - Virtual size: 28B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 98KB - Virtual size: 97KB

.reloc Size: 78KB - Virtual size: 78KB

07
Certificate

73:2b:bd:8d:56:24:bd:ac
Certificate

81:96:28:a1:ee:f8:86:02:a0:f1:95:3b:98:7d:bc:6b:65:d7:8f:65
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 41KB - Virtual size: 88KB

.pdata
Size: 169KB - Virtual size: 168KB

.gfids
Size: 139KB - Virtual size: 139KB

.giats
Size: 512B - Virtual size: 28B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 98KB - Virtual size: 97KB

.reloc
Size: 78KB - Virtual size: 78KB