2024-05-23_3903738af4c8891d76349877f3776e74_megazord

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-23_3903738af4c8891d76349877f3776e74_megazord
Size

8.1MB
MD5

3903738af4c8891d76349877f3776e74
SHA1

f206c530d1b1a432e45edc1979ed37d730faa0ad
SHA256

b6aff1deeb65e14bf5b4a4664ee1760e635a92cd90b588a933ef2447aa0fbb33
SHA512

f322f3fec38189d146cbe669492104f2c2f23dcd5faef75ca757663686cb2a6254321b1ef5dd6d0411e730f2d0c4e95050453d8a3c3e0a048371d9a15b8a4a73
SSDEEP

196608:BTJp+2txTvbVTUAQso32yN73fn2AhpiD:BJ82t/Uvso32yZn5piD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-23_3903738af4c8891d76349877f3776e74_megazord

Files

2024-05-23_3903738af4c8891d76349877f3776e74_megazord
.exe windows:6 windows x64 arch:x64

53720cc27ec064d1155608f510efad68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rs-editor-app-utils

rsAppUtilsGenerateFontCache
rsAppUtilsLibraryInit

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

FreeLibrary
Sleep
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetCurrentThreadId
ReleaseSemaphore
GetVolumeInformationW
OpenProcess
GetCurrentProcess
DuplicateHandle
FindClose
GetProcessId
GetLastError
HeapDestroy
GetUserDefaultUILanguage
SwitchToThread
HeapSize
WaitForSingleObject
DeleteProcThreadAttributeList
InitializeCriticalSectionEx
DeleteCriticalSection
ReadDirectoryChangesW
lstrlenW
CancelIo
WaitForSingleObjectEx
HeapReAlloc
CreateFileW
CreateSemaphoreW
AcquireSRWLockShared
CreatePipe
ReleaseSRWLockShared
WideCharToMultiByte
AreFileApisANSI
GetFileAttributesExW
GetLocaleInfoEx
FormatMessageA
LocalFree
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapFree
InitializeCriticalSectionAndSpinCount
LCIDToLocaleName
CloseHandle
OutputDebugStringA
EncodePointer
OutputDebugStringW
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryExW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
CreateWaitableTimerExW
SetWaitableTimer
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
SetFilePointerEx
TerminateProcess
GetExitCodeProcess
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFileEx
SleepEx
WriteFileEx
GetProcessHeap
HeapAlloc
ReleaseMutex
CreateMutexA
LoadLibraryA
GetTempPathW
GetFullPathNameW
GetCurrentThread
CreateThread
WriteConsoleW
MultiByteToWideChar
GetConsoleMode
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetStdHandle
GetFileAttributesW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateNamedPipeW
GetCurrentProcessId
ExitProcess
GetModuleFileNameW
FormatMessageW
GetModuleHandleW
FindNextFileW
SetFileInformationByHandle
CopyFileExW
GetFinalPathNameByHandleW
RemoveDirectoryW
MoveFileExW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandle
GetFileInformationByHandleEx

shell32

SHGetKnownFolderPath
SHCreateItemFromParsingName
SHGetFolderPathA
ShellExecuteW
SHAppBarMessage
DragFinish
DragQueryFileW

ole32

CoTaskMemFree
OleInitialize
RegisterDragDrop
CoTaskMemAlloc
CreateStreamOnHGlobal
RevokeDragDrop
CoCreateInstance
CoUninitialize
CoInitializeEx

bcrypt

BCryptEncrypt
BCryptGenRandom
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptDecrypt

advapi32

EventWriteTransfer
EventSetInformation
SystemFunction036
EventRegister
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
EventUnregister

user32

GetActiveWindow
IsWindowVisible
GetWindowLongPtrW
DefWindowProcW
SystemParametersInfoA
GetKeyboardState
DestroyIcon
DestroyAcceleratorTable
GetKeyboardLayout
ToUnicodeEx
GetSystemMetrics
ClipCursor
EnumDisplayMonitors
MonitorFromPoint
GetRawInputData
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
SetWindowDisplayAffinity
MonitorFromRect
SetForegroundWindow
SendInput
ShowWindow
GetSystemMenu
EnableMenuItem
SendMessageW
SetWindowLongW
SetMenuItemInfoW
CheckMenuItem
CreateMenu
AppendMenuW
SetMenu
PostQuitMessage
CreateAcceleratorTableW
GetDC
IsProcessDPIAware
CreateIcon
InvalidateRgn
TrackMouseEvent
GetClipCursor
ScreenToClient
LoadCursorW
GetCursorPos
GetTouchInputInfo
CloseTouchInputHandle
SetCursor
ShowCursor
IsWindow
RegisterTouchWindow
MonitorFromWindow
GetWindowPlacement
AdjustWindowRectEx
FlashWindowEx
IsIconic
SetCursorPos
RegisterRawInputDevices
GetForegroundWindow
SetWindowPlacement
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
GetClientRect
DestroyWindow
GetMenu
GetUpdateRect
PeekMessageW
PostThreadMessageW
GetMessageA
RedrawWindow
ValidateRect
GetWindowLongW
ChangeDisplaySettingsExW
ReleaseCapture
SetCapture
DispatchMessageA
SetWindowLongPtrW
CreateWindowExW
PostMessageW
MsgWaitForMultipleObjectsEx
RegisterWindowMessageA
EnumChildWindows
ClientToScreen
GetAsyncKeyState
SetWindowPos
GetWindowRect
GetKeyState
MapVirtualKeyExW
RegisterClassExW
VkKeyScanW
GetMonitorInfoW

comctl32

SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc

ntdll

NtReadFile
NtWriteFile
RtlNtStatusToDosError
NtCreateFile

uxtheme

SetWindowTheme

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

oleaut32

GetErrorInfo
SetErrorInfo
SysStringLen
SysFreeString

winhttp

WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen
WinHttpConnect

api-ms-win-crt-string-l1-1-0

isalnum
strlen
wcsncmp
strcpy_s
_wcsicmp
wcslen
strnlen

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow
trunc
floor
round
_ldclass
_fdclass
_fdsign
_ldsign
_dsign
ceilf
_dclass

api-ms-win-crt-runtime-l1-1-0

_exit
terminate
exit
_initterm
_invalid_parameter_noinfo
__p___argv
_cexit
_crt_atexit
_register_onexit_function
_errno
abort
_initialize_onexit_table
_get_initial_narrow_environment
_initialize_narrow_environment
_initterm_e
_seh_filter_exe
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
__p___argc
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
calloc
free

api-ms-win-crt-stdio-l1-1-0

fflush
fgetc
__p__commode
fclose
_get_stream_buffer_pointers
fgetpos
fputc
fread
_fseeki64
fwrite
setvbuf
ungetc
__stdio_common_vsprintf
_set_fmode
fsetpos

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-convert-l1-1-0

atoi
_ultow_s
strtoull
strtoll
strtod
wcstol

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcpy_s
_mbsicmp

api-ms-win-crt-time-l1-1-0

_ctime64
_time64

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Xbad_alloc@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??0_Lockit@std@@QEAA@H@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@DD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
_Stolx
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?narrow@?$ctype@D@std@@QEBADDD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
_Xtime_get_ticks
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_XGetLastError@std@@YAXXZ
?_Xruntime_error@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xbad_function_call@std@@YAXXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

msvcp140_atomic_wait

__std_tzdb_get_leap_seconds
__std_tzdb_delete_leap_seconds
__std_calloc_crt
__std_free_crt
__std_tzdb_delete_time_zones
__std_tzdb_get_time_zones

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53720cc27ec064d1155608f510efad68

Headers

DLL Characteristics

File Characteristics

Imports

rs-editor-app-utils

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

shell32

ole32

bcrypt

advapi32

user32

comctl32

ntdll

uxtheme

gdi32

dwmapi

oleaut32

winhttp

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-time-l1-1-0

msvcp140

msvcp140_atomic_wait

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 4.7MB - Virtual size: 4.7MB

.data Size: 5KB - Virtual size: 17KB

.pdata Size: 112KB - Virtual size: 112KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 4.7MB - Virtual size: 4.7MB

.data
Size: 5KB - Virtual size: 17KB

.pdata
Size: 112KB - Virtual size: 112KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 41KB - Virtual size: 40KB