2024-05-26_20c607e6a54b46d4e7612c35ecf66e13_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-26_20c607e6a54b46d4e7612c35ecf66e13_megazord
Size

13.5MB
MD5

20c607e6a54b46d4e7612c35ecf66e13
SHA1

388f8305261eeff1d2dac9aa3a7eaf9f31e67bf3
SHA256

37a1c711a43a88954bfe759341f17c9b2d255edf537fe02f486a650cc898a5b2
SHA512

d9b4904f3d471f42259214d4342f9d0b3142299381515ccd528fc4691f3471825c4e0af8f0f5592590f644c6681ae00b9d05e19895661e055ab711abce928133
SSDEEP

98304:S431YHWZkugMgZsjYEXCNPXL5YIDnjGxHrPJnMMCSun3FEnLtqAFjn76oPMpuaH7:XgMgZUYEZIDjGxLPJAD3FOquE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-26_20c607e6a54b46d4e7612c35ecf66e13_megazord

Files

2024-05-26_20c607e6a54b46d4e7612c35ecf66e13_megazord
.exe windows:6 windows x64 arch:x64

a87fe76142b119c3abfe211f6c7911a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

meowpad_configurator.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

kernel32

TlsFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
TlsSetValue
SleepConditionVariableSRW
GetCurrentThreadId
CloseHandle
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
ReleaseMutex
GetCurrentProcess
GetProcAddress
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
lstrlenW
GetStdHandle
GetConsoleScreenBufferInfo
GetConsoleMode
SetConsoleMode
GetFileInformationByHandleEx
SetConsoleTextAttribute
GetModuleHandleA
GetSystemInfo
GetNativeSystemInfo
LoadLibraryExA
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
GetLastError
FormatMessageW
GetUserDefaultLocaleName
CreateEventA
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
GetCurrentThread
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultUILanguage
LCIDToLocaleName
LoadLibraryW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
LoadLibraryExW
GetEnvironmentVariableW
Sleep
DuplicateHandle
CreatePipe
GetFileInformationByHandle
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
WriteFile
SetFileCompletionNotificationModes
CreateFileW
DeviceIoControl
CancelIo
ResetEvent
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineW
SetFileInformationByHandle
SetFilePointerEx
WriteFileEx
SleepEx
GetExitCodeProcess
TerminateProcess
GetProcessId
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
HeapReAlloc
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
DeleteFileW
MoveFileExW
RemoveDirectoryW
GetFinalPathNameByHandleW
CopyFileExW
GetFileType
ExitProcess
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
WriteConsoleW
CreateThread
GetFullPathNameW
GetTempPathW
GetSystemTimeAsFileTime
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead

user32

PostThreadMessageW
PeekMessageW
GetUpdateRect
GetKeyboardLayout
MapVirtualKeyW
VkKeyScanW
GetMessageW
GetAncestor
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
FlashWindowEx
IsProcessDPIAware
LoadCursorW
SetCursor
MonitorFromRect
TrackMouseEvent
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
GetWindowLongW
CreateIcon
GetClientRect
ClientToScreen
SystemParametersInfoA
ScreenToClient
CloseTouchInputHandle
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
GetCursorPos
MonitorFromWindow
SendInput
DestroyWindow
ValidateRect
ShowWindow
AppendMenuW
SetCapture
SetWindowLongPtrW
GetWindowRect
DestroyAcceleratorTable
GetMonitorInfoW
GetWindowLongPtrW
MsgWaitForMultipleObjectsEx
SetWindowPos
GetMenu
CreateMenu
CheckMenuItem
ChangeDisplaySettingsExW
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
AdjustWindowRectEx
GetSystemMenu
EnumChildWindows
RegisterClipboardFormatW
SetMenuItemInfoW
ShowCursor
CloseClipboard
EnableMenuItem
GetDC
SetClipboardData
EmptyClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
SetWindowLongW
SetWindowDisplayAffinity
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
SetForegroundWindow
UnregisterHotKey
RegisterHotKey
GetMessageA
DispatchMessageA
IsWindowVisible
EnumDisplayMonitors
GetRawInputData
PostQuitMessage
ClipCursor
MonitorFromPoint
GetTouchInputInfo
GetClipCursor
SendMessageW
DestroyIcon
RedrawWindow
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
GetForegroundWindow
SetCursorPos
ReleaseCapture
IsIconic
GetActiveWindow
SetMenu
InvalidateRgn
GetWindowPlacement
SetWindowPlacement

comctl32

DefSubclassProc
SetWindowSubclass
TaskDialogIndirect
RemoveWindowSubclass

ole32

CoIncrementMTAUsage
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
RegisterDragDrop
RevokeDragDrop
CoTaskMemAlloc

shell32

SHCreateItemFromParsingName
SHGetKnownFolderPath
DragFinish
DragQueryFileW
ShellExecuteW
SHAppBarMessage

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

advapi32

EventSetInformation
EventWriteTransfer
EventUnregister
RegCloseKey
RegGetValueW
SystemFunction036
RevertToSelf
ImpersonateAnonymousToken
EventRegister
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

SysFreeString
SysStringLen
GetErrorInfo
SetErrorInfo

uxtheme

SetWindowTheme

ntdll

NtReadFile
NtWriteFile
NtCancelIoFileEx
NtCreateFile
RtlNtStatusToDosError
NtDeviceIoControlFile
RtlGetVersion

bcrypt

BCryptGenRandom

ws2_32

freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAGetLastError
WSAIoctl
setsockopt
closesocket
WSASend
send
recv
shutdown
getsockopt
ioctlsocket
connect
bind
WSASocketW
getpeername
getsockname

secur32

FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
ApplyControlToken
EncryptMessage
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA
FreeCredentialsHandle

crypt32

CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateStore
CertFreeCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateContext
CertEnumCertificatesInStore

api-ms-win-crt-math-l1-1-0

round
__setusermatherr
floor
pow
trunc
fmod

api-ms-win-crt-string-l1-1-0

strcpy_s
_wcsicmp
_wcsdup
wcsncmp
wcsncpy
wcslen
towupper
strlen

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_initialize_onexit_table
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
__p___argc
_initterm
_initterm_e
exit
_exit
__p___argv
strerror
abort
terminate

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
__stdio_common_vswprintf

api-ms-win-crt-heap-l1-1-0

calloc
free
_callnewh
_set_new_mode
malloc

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

hid_close
hid_enumerate
hid_error
hid_exit
hid_free_enumeration
hid_get_device_info
hid_get_feature_report
hid_get_indexed_string
hid_get_input_report
hid_get_manufacturer_string
hid_get_product_string
hid_get_report_descriptor
hid_get_serial_number_string
hid_init
hid_open
hid_open_path
hid_read
hid_read_timeout
hid_send_feature_report
hid_set_nonblocking
hid_version
hid_version_str
hid_winapi_descriptor_reconstruct_pp_data
hid_winapi_get_container_id
hid_write

Sections

.text
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 443KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a87fe76142b119c3abfe211f6c7911a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

comctl32

ole32

shell32

gdi32

dwmapi

advapi32

api-ms-win-core-winrt-l1-1-0

oleaut32

uxtheme

ntdll

bcrypt

ws2_32

secur32

crypt32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 8.7MB - Virtual size: 8.7MB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 21KB - Virtual size: 33KB

.pdata Size: 443KB - Virtual size: 443KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 72KB - Virtual size: 71KB

.text
Size: 8.7MB - Virtual size: 8.7MB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 21KB - Virtual size: 33KB

.pdata
Size: 443KB - Virtual size: 443KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 72KB - Virtual size: 71KB