2024-05-15_8a37ef9293cf81b2ca336d6d9e15f566_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-15_8a37ef9293cf81b2ca336d6d9e15f566_megazord
Size

16.2MB
MD5

8a37ef9293cf81b2ca336d6d9e15f566
SHA1

481fc576bf3c4297997cf9c8d2129414375bf04e
SHA256

fc3b5519dd8009a6d3f9c24f3ed0ba38c82989e533d69fc4da9e5770c2e09dee
SHA512

b473d60f023af5f7d785d23c64952737162958092bee80da7daafabfae5b6a20f7c3c05c9422a724fc3d6cb5e5662b9afb622f8d4749de5a0a950a24a2f407f8
SSDEEP

98304:xr0XgBNip/nQQ6vFp/rds6QWh+S1gCuSyLOTaGcWbLABr5y/fyTb4LSxHXHkgWQ1:Udop/pFhRgCuSyLMlcILAe/fyoeNH

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-15_8a37ef9293cf81b2ca336d6d9e15f566_megazord

Files

2024-05-15_8a37ef9293cf81b2ca336d6d9e15f566_megazord
.exe windows:6 windows x64 arch:x64

50229bb0f363ad64b1df53f5f3e4395d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

gale.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

kernel32

RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
DeleteCriticalSection
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
TlsAlloc
CreateNamedPipeW
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
ReadFile
LCIDToLocaleName
FlushFileBuffers
DisconnectNamedPipe
CreateFileW
WaitNamedPipeW
lstrlenW
GetUserDefaultUILanguage
TlsGetValue
EncodePointer
SetFileTime
CreateMutexA
WaitForSingleObjectEx
ConnectNamedPipe
GetTempPathW
GetFullPathNameW
GetCurrentThread
CreateThread
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
LoadLibraryExW
TlsSetValue
CreateProcessW
GetEnvironmentVariableW
GetWindowsDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GetSystemDirectoryW
WriteFile
CreateWaitableTimerExW
WaitForMultipleObjects
ReadFileEx
GlobalAlloc
ExitProcess
GlobalSize
GlobalLock
CancelIo
GlobalUnlock
FormatMessageW
CreateEventW
WaitForSingleObject
CopyFileExW
GetFinalPathNameByHandleW
CreateHardLinkW
FreeLibrary
GetProcAddress
LoadLibraryA
CreateSymbolicLinkW
HeapFree
RemoveDirectoryW
DeleteFileW
HeapAlloc
GetLastError
GetProcessHeap
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
GetCurrentProcess
DuplicateHandle
GetSystemInfo
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
SetFilePointerEx
SetHandleInformation
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
QueryPerformanceCounter
SetWaitableTimer
TlsFree
SwitchToThread
PostQueuedCompletionStatus
SetThreadStackGuarantee
AddVectoredExceptionHandler
CreateIoCompletionPort
CompareStringOrdinal
GetQueuedCompletionStatusEx
DeleteProcThreadAttributeList
GetOverlappedResult
FreeEnvironmentStringsW
MoveFileExW
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetFileInformationByHandle
GetConsoleMode
SetFileAttributesW

user32

GetClipCursor
ShowCursor
ClipCursor
OpenClipboard
AdjustWindowRectEx
GetMenu
IsClipboardFormatAvailable
PeekMessageW
GetClipboardData
EmptyClipboard
SetClipboardData
GetDC
CloseClipboard
GetWindowRect
IsWindowVisible
DispatchMessageA
GetMessageA
SetCapture
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetWindowLongPtrW
GetUpdateRect
SetWindowTextW
MsgWaitForMultipleObjectsEx
GetWindowLongPtrW
RegisterRawInputDevices
MonitorFromPoint
EnumDisplayMonitors
MapVirtualKeyW
PostThreadMessageW
ValidateRect
RedrawWindow
GetMessageW
SetWindowDisplayAffinity
RegisterWindowMessageA
SetWindowLongW
RegisterClassExW
GetAncestor
AppendMenuW
DestroyWindow
CreateMenu
CheckMenuItem
SetMenuItemInfoW
EnableMenuItem
RegisterClipboardFormatW
SendMessageW
GetSystemMenu
ToUnicodeEx
GetKeyboardLayout
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetKeyboardState
DestroyIcon
CreateIcon
GetRawInputData
TranslateAcceleratorW
SendInput
AllowSetForegroundWindow
EnumChildWindows
DestroyAcceleratorTable
SystemParametersInfoA
PostQuitMessage
ShowWindow
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
CreateAcceleratorTableW
GetForegroundWindow
GetActiveWindow
SetCursorPos
ReleaseCapture
IsIconic
SetMenu
LoadCursorW
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ClientToScreen
GetClientRect
GetWindowLongW
TrackMouseEvent
MonitorFromRect
SetCursor
IsProcessDPIAware
FlashWindowEx
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage

advapi32

EventRegister
EventSetInformation
RegOpenKeyExW
RegQueryValueExW
EventWriteTransfer
RegSetValueExW
RegCreateKeyExW
EventUnregister
RegCloseKey
RegGetValueW
SystemFunction036

comctl32

SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc
TaskDialogIndirect

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
RegisterDragDrop
OleInitialize
RevokeDragDrop
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx

shell32

DragQueryFileW
SHAppBarMessage
SHGetKnownFolderPath
ShellExecuteW
DragFinish
SHCreateItemFromParsingName

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ws2_32

getaddrinfo
getsockname
WSAStartup
getpeername
WSASocketW
bind
connect
ioctlsocket
freeaddrinfo
getsockopt
shutdown
recv
send
WSASend
setsockopt
WSAIoctl
WSAGetLastError
WSACleanup
closesocket

secur32

DecryptMessage
FreeContextBuffer
DeleteSecurityContext
InitializeSecurityContextW
QueryContextAttributesW
AcquireCredentialsHandleA
EncryptMessage
ApplyControlToken
AcceptSecurityContext
FreeCredentialsHandle

crypt32

CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy

oleaut32

SysFreeString
GetErrorInfo
SysStringLen
SetErrorInfo

uxtheme

SetWindowTheme

ntdll

NtReadFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile
NtCreateFile

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

floor
truncf
ceilf
expf
exp2f
sinf
pow
floorf
ceil
round
trunc
roundf
__setusermatherr

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcpy_s
wcslen
strlen
wcsncmp

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_callnewh
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
abort
strerror

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 10.1MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50229bb0f363ad64b1df53f5f3e4395d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

advapi32

comctl32

ole32

shell32

gdi32

dwmapi

ws2_32

secur32

crypt32

oleaut32

uxtheme

ntdll

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 10.1MB - Virtual size: 10.1MB

.rdata Size: 5.5MB - Virtual size: 5.5MB

.data Size: 31KB - Virtual size: 42KB

.pdata Size: 470KB - Virtual size: 470KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 78KB - Virtual size: 77KB

.text
Size: 10.1MB - Virtual size: 10.1MB

.rdata
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 31KB - Virtual size: 42KB

.pdata
Size: 470KB - Virtual size: 470KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 78KB - Virtual size: 77KB