2024-06-01_0a962df6cc732b2dda13d2e4eb25e7d1_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-01_0a962df6cc732b2dda13d2e4eb25e7d1_megazord
Size

22.8MB
MD5

0a962df6cc732b2dda13d2e4eb25e7d1
SHA1

86d5140ea6629daa76485fa5a5e550409d1533a9
SHA256

5d8a8f2e993383e56af8e719302447f2d6f059dc3f1fe1ea9ed87fc18185d570
SHA512

7ba391f0d2f4e35363402a66b3cec6e46b9533208de580c25517d0227ca5f04ead9797cda6cf54ef33ec31e1983992a91e0b11c49e2abf114bf2a0cc51f6bb94
SSDEEP

196608:5UiargOrYVTRpa4lgAjFX1QWwiRUJa5pGhEz11Xk0E:fargtT3a4lgAjnRUJa5pGhEZq

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-01_0a962df6cc732b2dda13d2e4eb25e7d1_megazord

Files

2024-06-01_0a962df6cc732b2dda13d2e4eb25e7d1_megazord
.exe windows:6 windows x64 arch:x64

4c3cee164091650309d14bbbd879b57e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\ludusavi\ludusavi\target\release\deps\ludusavi.pdb

Imports

bcrypt

BCryptGenRandom

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegEnumValueW
SystemFunction036
GetUserNameW

kernel32

HeapSize
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CloseHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
FreeConsole
SetStdHandle
ReleaseSRWLockShared
AcquireSRWLockShared
GetConsoleMode
GetFileType
GetFileInformationByHandleEx
CreateFileW
SetConsoleMode
GetLastError
lstrlenW
RtlVirtualUnwind
GetBinaryTypeW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetFileInformationByHandle
GetFullPathNameW
SetFileAttributesW
MoveFileExW
GetTimeZoneInformationForYear
SetFileTime
Sleep
GlobalLock
GlobalSize
GlobalAlloc
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GlobalUnlock
FormatMessageW
LoadLibraryA
SleepConditionVariableSRW
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
WriteFile
SetFileCompletionNotificationModes
GetSystemInfo
GetUserPreferredUILanguages
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
DuplicateHandle
VirtualProtect
FlushFileBuffers
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForSingleObject
RemoveVectoredExceptionHandler
GetModuleHandleW
GetModuleHandleA
AddVectoredExceptionHandler
GetModuleHandleExW
GetModuleFileNameW
SetThreadErrorMode
GetProcessHeap
HeapFree
LoadLibraryExA
HeapAlloc
CreateEventW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateEventA
GetStdHandle
SetConsoleCursorPosition
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
GetNumberOfConsoleInputEvents
ReadConsoleInputW
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
SetFileInformationByHandle
SetFilePointerEx
GetCurrentProcessId
WriteFileEx
SleepEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
HeapReAlloc
ReleaseMutex
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
CopyFileExW
CancelIo
ExitProcess
CreateNamedPipeW
ReadFileEx
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
WriteConsoleW
ReadConsoleW
CreateThread
GetCurrentThread
GetSystemTimeAsFileTime
WaitForSingleObjectEx
CreateMutexA
InitializeSListHead
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineA
SetConsoleCtrlHandler
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
IsDebuggerPresent
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
UnhandledExceptionFilter

user32

SetMenuDefaultItem
EnableMenuItem
GetSystemMenu
ClientToScreen
SetWindowTextW
GetKeyboardLayout
MapVirtualKeyExW
GetKeyState
ToUnicodeEx
GetAsyncKeyState
GetRawInputData
RegisterRawInputDevices
PostMessageW
SystemParametersInfoA
GetActiveWindow
IsWindowVisible
GetClientRect
GetForegroundWindow
DestroyWindow
RegisterClassExW
CreateWindowExW
RedrawWindow
GetWindowLongPtrW
GetSystemMetrics
RegisterTouchWindow
MapVirtualKeyW
MonitorFromPoint
ReleaseCapture
SetWindowDisplayAffinity
CreateIcon
GetMenu
InvalidateRgn
GetDC
SetCapture
ValidateRect
RegisterWindowMessageA
KillTimer
SetTimer
FlashWindowEx
GetMessageW
LoadCursorW
IsProcessDPIAware
AdjustWindowRectEx
GetWindowLongW
CloseClipboard
RegisterClassExA
DefWindowProcA
SetWindowLongW
ReleaseDC
CreateWindowExA
SendMessageW
ShowWindow
IsIconic
ClipCursor
GetClipCursor
EmptyClipboard
ShowCursor
SetCursor
SetWindowLongPtrW
PeekMessageW
DispatchMessageW
TranslateMessage
SetClipboardData
GetClipboardData
DefWindowProcW
ChangeDisplaySettingsExW
GetWindowRect
OpenClipboard
DestroyIcon
TrackPopupMenu
GetWindowPlacement
SetWindowPlacement
MessageBoxW
SetForegroundWindow
SendInput
SetWindowPos
GetKeyboardState
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
TrackMouseEvent
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
MonitorFromRect

ole32

RevokeDragDrop
CoCreateInstance
RegisterDragDrop
CoUninitialize
OleInitialize
CoInitializeEx
CoTaskMemFree

gdi32

CreateDIBSection
SelectObject
CreateRectRgn
CreateCompatibleDC
DeleteDC
DeleteObject
BitBlt
GetDeviceCaps
GetPixelFormat
ChoosePixelFormat
SwapBuffers
DescribePixelFormat
SetPixelFormat

dwmapi

DwmEnableBlurBehindWindow

shell32

ShellExecuteW
SHCreateItemFromParsingName
DragQueryFileW
DragFinish
SHGetKnownFolderPath

ws2_32

getaddrinfo
freeaddrinfo
closesocket
WSACleanup
WSAStartup
WSAGetLastError
WSAIoctl
setsockopt
send
recv
shutdown
getsockopt
ioctlsocket
connect
bind
WSASocketW
getsockname
getpeername
WSASend

uxtheme

SetWindowTheme

imm32

ImmAssociateContextEx
ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext

ntdll

NtReadFile
NtCreateFile
NtDeviceIoControlFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtWriteFile

opengl32

wglGetCurrentContext
wglCreateContext
wglMakeCurrent
wglDeleteContext
wglGetProcAddress

d3dcompiler_47

D3DCompile

oleaut32

GetErrorInfo
SysStringLen
SysFreeString

Sections

.text
Size: 15.7MB - Virtual size: 15.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c3cee164091650309d14bbbd879b57e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

advapi32

kernel32

user32

ole32

gdi32

dwmapi

shell32

ws2_32

uxtheme

imm32

ntdll

opengl32

d3dcompiler_47

oleaut32

Sections

.text Size: 15.7MB - Virtual size: 15.7MB

.rdata Size: 6.4MB - Virtual size: 6.4MB

.data Size: 21KB - Virtual size: 35KB

.pdata Size: 653KB - Virtual size: 652KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 109KB - Virtual size: 108KB

.text
Size: 15.7MB - Virtual size: 15.7MB

.rdata
Size: 6.4MB - Virtual size: 6.4MB

.data
Size: 21KB - Virtual size: 35KB

.pdata
Size: 653KB - Virtual size: 652KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 109KB - Virtual size: 108KB