Extracted

• 2024-12-13_d66e1da9ef242a8b115d0f47308819fb_ryuk

  .exe windows:6 windows x64 arch:x64

  5f179977b2789a197ac1e0c160228fd4

  
  

  Code Sign

  01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  01-02-2010 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  be:8e:1d:85:c5:d2:52:1b:6d:33:37:9e:3b:85:01:a9

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  27-09-2024 00:00

  Not After

  27-09-2027 23:59

  Subject

  CN=Simon Tatham,O=Simon Tatham,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  02:7c:39:01:0c:a7:5a:c3:3a:b5:ee:0d:54:0e:f9:e5

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  22-03-2021 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  22-03-2021 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f

  Certificate

  Issuer

  CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89

  Certificate

  Issuer

  CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

  Not Before

  15-01-2024 00:00

  Not After

  14-04-2035 23:59

  Subject

  CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  01-02-2010 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  be:8e:1d:85:c5:d2:52:1b:6d:33:37:9e:3b:85:01:a9

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  27-09-2024 00:00

  Not After

  27-09-2027 23:59

  Subject

  CN=Simon Tatham,O=Simon Tatham,ST=Cambridgeshire,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  02:7c:39:01:0c:a7:5a:c3:3a:b5:ee:0d:54:0e:f9:e5

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  22-03-2021 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  22-03-2021 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f

  Certificate

  Issuer

  CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89

  Certificate

  Issuer

  CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

  Not Before

  15-01-2024 00:00

  Not After

  14-04-2035 23:59

  Subject

  CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  88:98:20:f8:47:2a:e2:39:7d:c0:f0:2e:fc:a7:50:50:af:fc:c8:59:09:33:14:92:19:e8:fd:b2:fd:f8:41:80

  Signer

  Actual PE Digest

  88:98:20:f8:47:2a:e2:39:7d:c0:f0:2e:fc:a7:50:50:af:fc:c8:59:09:33:14:92:19:e8:fd:b2:fd:f8:41:80

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  64:47:34:6a:4a:c2:04:f9:d2:75:6e:78:d4:0b:bf:b8:fd:fe:84:46

  Signer

  Actual PE Digest

  64:47:34:6a:4a:c2:04:f9:d2:75:6e:78:d4:0b:bf:b8:fd:fe:84:46

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  gdi32

  BitBlt

  CreateBitmap

  CreateCompatibleBitmap

  CreateCompatibleDC

  CreateFontA

  CreateFontIndirectA

  CreatePalette

  CreatePen

  CreateSolidBrush

  DeleteDC

  DeleteObject

  ExcludeClipRect

  ExtTextOutA

  ExtTextOutW

  GetBkMode

  GetCharABCWidthsFloatA

  GetCharWidth32A

  GetCharWidth32W

  GetCharWidthA

  GetCharWidthW

  GetCharacterPlacementW

  GetCurrentObject

  GetDIBits

  GetDeviceCaps

  GetObjectA

  GetOutlineTextMetricsA

  GetPixel

  GetStockObject

  GetTextExtentExPointA

  GetTextExtentPoint32A

  GetTextMetricsA

  IntersectClipRect

  LineTo

  MoveToEx

  Polyline

  RealizePalette

  Rectangle

  SelectObject

  SelectPalette

  SetBkColor

  SetBkMode

  SetMapMode

  SetPaletteEntries

  SetPixel

  SetTextAlign

  SetTextColor

  TextOutA

  TranslateCharsetInfo

  UnrealizeObject

  UpdateColors

  imm32

  ImmGetCompositionStringW

  ImmGetContext

  ImmReleaseContext

  ImmSetCompositionFontA

  ImmSetCompositionWindow

  ole32

  CoCreateInstance

  CoInitialize

  CoUninitialize

  user32

  AppendMenuA

  BeginPaint

  CheckDlgButton

  CheckMenuItem

  CheckRadioButton

  CloseClipboard

  CreateCaret

  CreateDialogParamA

  CreateMenu

  CreatePopupMenu

  CreateWindowExA

  CreateWindowExW

  DefDlgProcA

  DefWindowProcA

  DefWindowProcW

  DeleteMenu

  DestroyCaret

  DestroyIcon

  DestroyWindow

  DialogBoxParamA

  DispatchMessageA

  DispatchMessageW

  DrawEdge

  DrawIconEx

  EmptyClipboard

  EnableMenuItem

  EnableWindow

  EndDialog

  EndPaint

  FindWindowA

  FlashWindow

  GetCapture

  GetCaretBlinkTime

  GetClientRect

  GetClipboardData

  GetClipboardOwner

  GetCursorPos

  GetDC

  GetDesktopWindow

  GetDlgItem

  GetDlgItemTextA

  GetDlgItemTextW

  GetDoubleClickTime

  GetForegroundWindow

  GetKeyboardLayout

  GetKeyboardState

  GetMessageA

  GetMessageTime

  GetParent

  GetQueueStatus

  GetScrollInfo

  GetSysColor

  GetSysColorBrush

  GetSystemMenu

  GetSystemMetrics

  GetWindowLongPtrA

  GetWindowPlacement

  GetWindowRect

  GetWindowTextA

  GetWindowTextLengthA

  HideCaret

  InsertMenuA

  InvalidateRect

  IsDialogMessageA

  IsDlgButtonChecked

  IsIconic

  IsWindow

  IsZoomed

  KillTimer

  LoadCursorA

  LoadIconA

  LoadImageA

  MapDialogRect

  MessageBeep

  MessageBoxA

  MessageBoxIndirectW

  MoveWindow

  MsgWaitForMultipleObjects

  OffsetRect

  OpenClipboard

  PeekMessageA

  PeekMessageW

  PostMessageA

  PostQuitMessage

  RegisterClassA

  RegisterClassW

  RegisterClipboardFormatA

  RegisterWindowMessageA

  ReleaseCapture

  ReleaseDC

  ScreenToClient

  SendDlgItemMessageA

  SendMessageA

  SetActiveWindow

  SetCapture

  SetCaretPos

  SetClassLongPtrA

  SetClipboardData

  SetCursor

  SetDlgItemTextA

  SetDlgItemTextW

  SetFocus

  SetForegroundWindow

  SetKeyboardState

  SetScrollInfo

  SetTimer

  SetWindowLongPtrA

  SetWindowPlacement

  SetWindowPos

  SetWindowTextA

  SetWindowTextW

  ShowCaret

  ShowCursor

  ShowWindow

  SystemParametersInfoA

  ToAsciiEx

  TrackPopupMenu

  TranslateMessage

  UpdateWindow

  kernel32

  Beep

  ClearCommBreak

  CloseHandle

  CompareStringW

  ConnectNamedPipe

  CreateEventA

  CreateFileA

  CreateFileMappingA

  CreateFileW

  CreateMutexA

  CreateNamedPipeA

  CreatePipe

  CreateProcessA

  CreateThread

  DeleteCriticalSection

  DeleteFileA

  EncodePointer

  EnterCriticalSection

  EnumSystemLocalesW

  ExitProcess

  FindClose

  FindFirstFileA

  FindFirstFileExW

  FindFirstFileW

  FindNextFileA

  FindNextFileW

  FindResourceA

  FlsAlloc

  FlsFree

  FlsGetValue

  FlsSetValue

  FlushFileBuffers

  FormatMessageA

  FreeEnvironmentStringsW

  FreeLibrary

  GetACP

  GetCPInfo

  GetCommState

  GetCommandLineA

  GetCommandLineW

  GetConsoleMode

  GetConsoleOutputCP

  GetCurrentDirectoryW

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThread

  GetCurrentThreadId

  GetDateFormatW

  GetEnvironmentStringsW

  GetEnvironmentVariableA

  GetFileSizeEx

  GetFileType

  GetLastError

  GetLocalTime

  GetLocaleInfoA

  GetLocaleInfoW

  GetModuleFileNameA

  GetModuleFileNameW

  GetModuleHandleExW

  GetModuleHandleW

  GetOEMCP

  GetOverlappedResult

  GetProcAddress

  GetProcessHeap

  GetProcessTimes

  GetStartupInfoW

  GetStdHandle

  GetStringTypeW

  GetSystemDirectoryA

  GetSystemTimeAsFileTime

  GetTempPathA

  GetThreadTimes

  GetTickCount

  GetTimeFormatW

  GetTimeZoneInformation

  GetUserDefaultLCID

  GetWindowsDirectoryA

  GlobalAlloc

  GlobalFree

  GlobalLock

  GlobalMemoryStatus

  GlobalUnlock

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  InitializeCriticalSection

  InitializeCriticalSectionAndSpinCount

  InitializeSListHead

  IsDBCSLeadByteEx

  IsDebuggerPresent

  IsProcessorFeaturePresent

  IsValidCodePage

  IsValidLocale

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryA

  LoadLibraryExA

  LoadLibraryExW

  LoadResource

  LocalAlloc

  LocalFileTimeToFileTime

  LocalFree

  LockResource

  MapViewOfFile

  MulDiv

  MultiByteToWideChar

  OpenProcess

  OutputDebugStringW

  QueryPerformanceCounter

  RaiseException

  ReadConsoleW

  ReadFile

  ReleaseMutex

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlPcToFileHeader

  RtlUnwind

  RtlUnwindEx

  RtlVirtualUnwind

  SetCommBreak

  SetCommState

  SetCommTimeouts

  SetCurrentDirectoryW

  SetEndOfFile

  SetEnvironmentVariableW

  SetEvent

  SetFilePointerEx

  SetHandleInformation

  SetLastError

  SetStdHandle

  SetUnhandledExceptionFilter

  SizeofResource

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  UnmapViewOfFile

  WaitForSingleObject

  WaitNamedPipeA

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  shell32

  ShellExecuteA

  comdlg32

  ChooseColorA

  ChooseFontA

  GetOpenFileNameW

  GetSaveFileNameW

  advapi32

  AllocateAndInitializeSid

  CopySid

  EqualSid

  GetLengthSid

  GetUserNameA

  InitializeSecurityDescriptor

  RegCloseKey

  RegCreateKeyExA

  RegDeleteKeyA

  RegEnumKeyA

  RegOpenKeyExA

  RegQueryValueExA

  RegSetValueExA

  SetSecurityDescriptorDacl

  SetSecurityDescriptorOwner

  Sections

  .text

  Size: 924KB - Virtual size: 923KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 270KB - Virtual size: 269KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 28KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .00cfg

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .gxfg

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 17B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  _RDATA

  Size: 512B - Virtual size: 348B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 370KB - Virtual size: 370KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ