2024-05-27_139acf4277cca13083abc27d68abf9d1_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-27_139acf4277cca13083abc27d68abf9d1_megazord
Size

6.9MB
MD5

139acf4277cca13083abc27d68abf9d1
SHA1

7994a8bc18540ad699ef813e2efce5dc48615ae5
SHA256

95bc912bdf87fa7a73db453dd34c644a75f743475607d0459b51a10162393c35
SHA512

50fa527e8e77aa4d6c23cd305e511f055b14323ab8280816ae2beb366e2cdd6e1123d13192c56a9589059afcdf60895cca1e0b33a09342932de7e08a6d15b775
SSDEEP

49152:Omml11VMIenivnI2XK/06MNigwMFrWvLw/9qH0+K3eagEoE5r0BUOGKItyueYQA2:OnCuktvUDZLNwW7sDHZK+PiDKn2P2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-27_139acf4277cca13083abc27d68abf9d1_megazord

Files

2024-05-27_139acf4277cca13083abc27d68abf9d1_megazord
.exe windows:6 windows x64 arch:x64

718e9b67e3a77103b2885a280b615aef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\rustdesk-server\rustdesk-server\target\x86_64-pc-windows-msvc\release\deps\hbbs.pdb

Imports

kernel32

FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
CreateFileMappingW
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetTickCount
RtlVirtualUnwind
GetModuleHandleA
ReleaseSRWLockShared
AcquireSRWLockShared
FlushFileBuffers
SleepConditionVariableSRW
FileTimeToSystemTime
LocalFree
FormatMessageW
MapViewOfFile
UnmapViewOfFile
GetStringTypeW
lstrlenW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
SetHandleInformation
FlsAlloc
GetCommandLineA
GetCurrentProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetFileCompletionNotificationModes
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
GetFileInformationByHandleEx
SetConsoleMode
SystemTimeToTzSpecificLocalTime
CloseHandle
GetTimeZoneInformation
RaiseException
FreeEnvironmentStringsW
ReleaseMutex
FindClose
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
ReleaseSRWLockExclusive
RtlPcToFileHeader
GetCommandLineW
SetFilePointerEx
TerminateProcess
WakeConditionVariable
QueryPerformanceFrequency
RtlUnwindEx
CreateMutexA
FindNextFileW
GetFileInformationByHandle
CreateDirectoryW
FindFirstFileW
MoveFileExW
GetFinalPathNameByHandleW
GetFileType
GetModuleHandleW
GetModuleFileNameW
ExitProcess
WriteConsoleW
ReadConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetStartupInfoW
IsDebuggerPresent
QueryPerformanceCounter
FlsGetValue
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
AcquireSRWLockExclusive
UnhandledExceptionFilter

ws2_32

freeaddrinfo
WSAStartup
WSASend
WSACleanup
getaddrinfo
WSASocketW
accept
setsockopt
sendto
send
recvfrom
recv
shutdown
ioctlsocket
getsockopt
getsockname
listen
bind
WSAGetLastError
connect
WSAIoctl
closesocket

iphlpapi

GetAdaptersAddresses
GetIpForwardTable

advapi32

SystemFunction036

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ntdll

NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
NtReadFile

bcrypt

BCryptGenRandom

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

718e9b67e3a77103b2885a280b615aef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

iphlpapi

advapi32

shell32

ole32

ntdll

bcrypt

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 25KB - Virtual size: 33KB

.pdata Size: 247KB - Virtual size: 246KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 25KB - Virtual size: 33KB

.pdata
Size: 247KB - Virtual size: 246KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 32KB - Virtual size: 31KB