Metamorph[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Metamorph.exe
Size

679KB
MD5

1fca81b4c9dbee44c78b0b704a31046c
SHA1

b388ddf07e110d79ada6a365aadd028916e7a9a5
SHA256

3edb4048164c839dc52eb7b03657626b48d38f30f92dabf44e873e11c9ba6e4d
SHA512

50b00d9da3aa6dea2a2c03e3e3f77fc2e6e652f1627b6e339c9f7e0ae8088ee7aff14ed581fa32900533a93a9f3927171a3bf35becd2f5bfa95487afae65a79f
SSDEEP

12288:1bWTYdoIo0RMwBFSRuibPoIovlJTSp8WR4XF0xr:1bWTYpo0jFu5jCldy8WR4Kr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Metamorph.exe

Files

Metamorph.exe
.exe windows:6 windows x64 arch:x64

99fc3d84b102e6c0d0e0b2b42f730448

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Spuck\Downloads\Metamorph-main\Metamorph-main\x64\Release\Metamorph.pdb

Imports

kernel32

GetProcAddress
GetCurrentProcessId
GetTempPathW
GetSystemFirmwareTable
GetLastError
HeapAlloc
GetProcessHeap
CloseHandle
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32Next
WriteConsoleW
HeapSize
SetStdHandle
GetModuleHandleA
GetCurrentThreadId
CreateFileW
VirtualAlloc
DeviceIoControl
VirtualFree
GetStdHandle
Process32First
SetConsoleTextAttribute
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
ReadConsoleW
FormatMessageA
LocalFree
GetLocaleInfoEx
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
DeleteFileW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetTimeZoneInformation
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
SetEndOfFile

user32

SystemParametersInfoA

advapi32

RegSetValueExA
RegOpenKeyExA
RegSetKeyValueW
RegCloseKey
RegDeleteTreeW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExA

ntdll

NtQuerySystemInformation
RtlInitUnicodeString
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99fc3d84b102e6c0d0e0b2b42f730448

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ntdll

rpcrt4

Sections

.text Size: 315KB - Virtual size: 315KB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 12KB - Virtual size: 239KB

.pdata Size: 14KB - Virtual size: 14KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 184KB - Virtual size: 183KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 315KB - Virtual size: 315KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 12KB - Virtual size: 239KB

.pdata
Size: 14KB - Virtual size: 14KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 184KB - Virtual size: 183KB

.reloc
Size: 3KB - Virtual size: 2KB