2024-06-05_399177f4c753c26e0012cf8f50003938_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-05_399177f4c753c26e0012cf8f50003938_megazord
Size

14.2MB
MD5

399177f4c753c26e0012cf8f50003938
SHA1

5c2fdc1afb595ac09b9e2c6fe0e1ad87cc41edbd
SHA256

018ebeae1a1dd72f7d7266c41c783360a4f971419b146e53ddc0ae4c5f307586
SHA512

a15b5cd7bf55e5a7b44e82b5eabfef48ae2db19d7bd81a8c9d73f186383c916fa32d670fa92618c8d8bc066330dca2605112d3ffa61db0828100438add937274
SSDEEP

196608:WqMgtxPEAkcH/XlMg46stfVvjY97Lt0W4e/hMu/jTWtL0B:1Mgtx9HHvlfmtfVvjMLthH/jTWtK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-05_399177f4c753c26e0012cf8f50003938_megazord

Files

2024-06-05_399177f4c753c26e0012cf8f50003938_megazord
.exe windows:6 windows x64 arch:x64

1ba6314b9d8a0c47a0f26e9c19f5f564

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\clash-verge-rev\clash-verge-rev\src-tauri\target\x86_64-pc-windows-msvc\release\deps\clash_verge.pdb

Imports

kernel32

CreatePipe
GetModuleHandleA
GetProcAddress
WakeAllConditionVariable
SetConsoleTextAttribute
lstrlenW
OpenProcess
GetCurrentProcess
GetConsoleMode
LocalFree
CreateNamedPipeW
GetCurrentProcessId
GetExitCodeProcess
WaitForSingleObject
CreateFileW
WriteConsoleW
ReadFile
Sleep
GetSystemInfo
GetCurrentThread
GetTimeZoneInformationForYear
SystemTimeToFileTime
GetProcessId
TerminateProcess
SystemTimeToTzSpecificLocalTime
SleepConditionVariableSRW
WakeConditionVariable
PostQueuedCompletionStatus
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
ReleaseSRWLockShared
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
AcquireSRWLockShared
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
CreateIoCompletionPort
SetHandleInformation
HeapReAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
MoveFileExW
CopyFileExW
SetThreadStackGuarantee
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
AddVectoredExceptionHandler
GetConsoleScreenBufferInfo
ReadProcessMemory
GetStdHandle
VirtualQueryEx
GlobalSize
FindClose
CloseHandle
GlobalMemoryStatusEx
K32GetPerformanceInfo
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
SetEnvironmentVariableW
DeleteFileW
RtlPcToFileHeader
LoadLibraryW
RaiseException
EncodePointer
SetFileCompletionNotificationModes
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
TlsAlloc
ReleaseSRWLockExclusive
SwitchToThread
GlobalFree
LoadLibraryExW
TlsGetValue
TlsSetValue
GlobalUnlock
GlobalLock
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
GlobalAlloc
LoadLibraryExA
FreeLibrary
SetFilePointerEx
GetLastError
MultiByteToWideChar
AcquireSRWLockExclusive
HeapFree
TlsFree

user32

GetMessageA
DispatchMessageA
IsIconic
MonitorFromWindow
SetWindowDisplayAffinity
GetDC
GetMessageW
EnumChildWindows
EnumDisplayMonitors
SystemParametersInfoA
GetWindowPlacement
IsWindowVisible
SetForegroundWindow
GetCursorPos
PostThreadMessageW
GetClientRect
ShowWindow
PostQuitMessage
SendInput
MonitorFromPoint
TranslateMessage
SetMenuItemInfoW
CheckMenuItem
TrackPopupMenu
AppendMenuW
RedrawWindow
CreateIcon
PeekMessageW
RegisterHotKey
UnregisterHotKey
IsWindow
VkKeyScanW
DefWindowProcW
RegisterClassW
SetClipboardData
EmptyClipboard
IsProcessDPIAware
GetSystemMenu
MsgWaitForMultipleObjectsEx
RegisterClassExW
CreateMenu
CreatePopupMenu
DestroyAcceleratorTable
DestroyIcon
AdjustWindowRectEx
GetMenu
GetWindowLongW
InvalidateRgn
SetWindowPos
RegisterWindowMessageA
PostMessageW
ShowCursor
ClipCursor
SetCursor
GetSystemMetrics
GetClipCursor
GetActiveWindow
LoadCursorW
CloseTouchInputHandle
ClientToScreen
GetTouchInputInfo
GetAncestor
TranslateAcceleratorW
CreateWindowExW
SetWindowLongPtrW
RegisterRawInputDevices
GetRawInputData
GetWindowRect
MonitorFromRect
ValidateRect
GetUpdateRect
MapVirtualKeyW
SetCapture
ScreenToClient
GetWindowLongPtrW
GetWindowTextW
GetWindowTextLengthW
RegisterTouchWindow
TrackMouseEvent
GetKeyState
DestroyWindow
GetAsyncKeyState
SetCursorPos
GetForegroundWindow
FlashWindowEx
GetMonitorInfoW
SetWindowPlacement
CreateAcceleratorTableW
SetWindowTextW
ToUnicodeEx
GetKeyboardLayout
IsClipboardFormatAvailable
GetClipboardData
GetKeyboardState
MapVirtualKeyExW
ReleaseCapture
SetWindowLongW
SendMessageW
SetMenu
ChangeDisplaySettingsExW
EnableMenuItem
CloseClipboard
OpenClipboard
DispatchMessageW

comctl32

RemoveWindowSubclass
TaskDialogIndirect
DefSubclassProc
SetWindowSubclass

ws2_32

closesocket
setsockopt
bind
connect
WSASocketW
freeaddrinfo
WSAStartup
WSACleanup
getsockname
listen
getsockopt
WSAIoctl
WSAGetLastError
getpeername
ioctlsocket
getaddrinfo
shutdown
WSASend
send
recv
accept

shell32

DragQueryFileW
DragFinish
SHCreateItemFromParsingName
ShellExecuteW
ShellExecuteExW
SHAppBarMessage
CommandLineToArgvW
Shell_NotifyIconW
Shell_NotifyIconGetRect
SHGetKnownFolderPath

advapi32

IsWellKnownSid
RegCreateKeyExW
CopySid
SystemFunction036
RegCloseKey
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
DuplicateTokenEx
CreateWellKnownSid
ImpersonateAnonymousToken
GetLengthSid
CheckTokenMembership
IsValidSid
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RevertToSelf

pdh

PdhOpenQueryA
PdhGetFormattedCounterValue
PdhCloseQuery
PdhRemoveCounter
PdhCollectQueryData
PdhAddEnglishCounterW

dwmapi

DwmExtendFrameIntoClientArea
DwmEnableBlurBehindWindow

ole32

CoCreateInstance
CoInitializeEx
RevokeDragDrop
CoIncrementMTAUsage
CoTaskMemAlloc
OleInitialize
CoTaskMemFree
CreateStreamOnHGlobal
RegisterDragDrop
CoUninitialize

bcrypt

BCryptGenRandom

ntdll

NtQuerySystemInformation
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
RtlGetVersion
NtQueryInformationProcess
NtReadFile
NtWriteFile

crypt32

CertGetCertificateChain
CertFreeCertificateContext
CertOpenStore
CertDuplicateStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertCloseStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen

secur32

QueryContextAttributesW
ApplyControlToken
FreeCredentialsHandle
DecryptMessage
FreeContextBuffer
DeleteSecurityContext
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
AcquireCredentialsHandleA

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

powrprof

CallNtPowerInformation

wininet

InternetSetOptionW

uxtheme

SetWindowTheme

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

api-ms-win-crt-math-l1-1-0

floor
fmod
acos
atan2
trunc
log
log10
log2
round
fma
sinh
asin
tan
tanh
cbrt
_hypot
expm1
ceil
sin
exp
log1p
atan
pow
__setusermatherr
cosh
cos

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp
_wcsicmp
wcslen

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_crt_atexit
_initialize_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argv
abort
__p___argc
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_seh_filter_exe
terminate
_cexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
calloc
malloc

Sections

.text
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ba6314b9d8a0c47a0f26e9c19f5f564

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

ws2_32

shell32

advapi32

pdh

dwmapi

ole32

bcrypt

ntdll

crypt32

api-ms-win-core-winrt-l1-1-0

oleaut32

secur32

psapi

powrprof

wininet

uxtheme

gdi32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 7.3MB - Virtual size: 7.3MB

.rdata Size: 6.6MB - Virtual size: 6.6MB

.data Size: 20KB - Virtual size: 34KB

.pdata Size: 143KB - Virtual size: 143KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 77KB - Virtual size: 76KB

.text
Size: 7.3MB - Virtual size: 7.3MB

.rdata
Size: 6.6MB - Virtual size: 6.6MB

.data
Size: 20KB - Virtual size: 34KB

.pdata
Size: 143KB - Virtual size: 143KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 77KB - Virtual size: 76KB