2024-07-05_32c143afedf76ada971d66360a88eacf_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-05_32c143afedf76ada971d66360a88eacf_megazord
Size

19.6MB
MD5

32c143afedf76ada971d66360a88eacf
SHA1

166effe789b6c69a074bd334e5c3adb43f475652
SHA256

fcc91f7ccfe33cc2943aa56a67c5dcca5db88da498d865ca2119f91de84e5462
SHA512

661c1f43bf23c2c07ab4210474dc0dccaa900d0e8b23fd84cd1c7224d870a79137ef3eb8974634574cd15aeea87a8eaed21085c5d287f5b14f49fcea40f9f1cb
SSDEEP

196608:J2QDW5dU30by27Ep+42yy75MeGJGl/0yNprG2gm:J2QDW5dJbF7EpGdaGp0iprG2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-05_32c143afedf76ada971d66360a88eacf_megazord

Files

2024-07-05_32c143afedf76ada971d66360a88eacf_megazord
.exe windows:6 windows x64 arch:x64

22a28a9dd16d4a12d4dfb23df1b1ef9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\luis\OneDrive\Documents\GitHub\QuickRemars\frontend\src-tauri\target\release\deps\quick_remarks.pdb

Imports

kernel32

RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
LocalFree
lstrlenW
WriteFile
GetLastError
GetFileAttributesA
GetDiskFreeSpaceW
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
OutputDebugStringA
GetDiskFreeSpaceA
SetFilePointer
CreateFileA
GetFullPathNameA
LoadLibraryA
SetEndOfFile
GetUserDefaultUILanguage
LCIDToLocaleName
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFileEx
UnlockFile
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
RtlVirtualUnwind
GetSystemTimeAsFileTime
AreFileApisANSI
MoveFileExW
CreatePipe
WaitForSingleObject
SleepConditionVariableSRW
GetNativeSystemInfo
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetUserPreferredUILanguages
GetComputerNameExW
FormatMessageA
TryAcquireSRWLockExclusive
GetTempPathW
CreateMutexW
ReadFile
HeapCreate
HeapFree
CreateFileW
GetFileAttributesW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
CreateFileMappingW
MapViewOfFile
IsDebuggerPresent
RtlUnwindEx
RtlPcToFileHeader
GetModuleFileNameW
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
LoadLibraryExW
TlsGetValue
GetEnvironmentVariableW
QueryPerformanceCounter
GetCurrentThreadId
TlsSetValue
AcquireSRWLockShared
ReleaseSRWLockShared
GetTickCount
GetSystemTime
UnmapViewOfFile
CloseHandle
HeapValidate
GetFullPathNameW
FlushFileBuffers
CreateMutexA
TlsFree
GetCurrentThread
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
HeapSize
InitializeProcThreadAttributeList
MultiByteToWideChar
Sleep
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
ExitProcess
CancelIo
CopyFileExW
SetHandleInformation
GetFinalPathNameByHandleW
CreateSymbolicLinkW
DeviceIoControl
RemoveDirectoryW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
QueryPerformanceFrequency
WakeConditionVariable
WakeAllConditionVariable
GetProcessId
CreateIoCompletionPort
TerminateProcess
GetQueuedCompletionStatusEx
GetExitCodeProcess
PostQueuedCompletionStatus
GetOverlappedResult
SleepEx
SetFileCompletionNotificationModes
WriteFileEx
GetTempPathA
FormatMessageW
GetStdHandle
SetFilePointerEx
LoadLibraryExA
DuplicateHandle
SetFileInformationByHandle
CreateEventW
GetCommandLineW
ReleaseSRWLockExclusive
GetCurrentProcess
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
GetFileInformationByHandle
GetConsoleMode
LockFile
AcquireSRWLockExclusive
RtlLookupFunctionEntry
RtlCaptureContext
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer

user32

OffsetRect
GetMenuBarInfo
PostQuitMessage
CreateAcceleratorTableW
TrackPopupMenu
GetForegroundWindow
GetWindowDC
SetMenuItemInfoW
AppendMenuW
FillRect
InsertMenuW
AdjustWindowRect
RegisterTouchWindow
CreatePopupMenu
GetSystemMetrics
DrawIconEx
CreateMenu
IsWindow
CreateWindowExW
FlashWindowEx
DestroyMenu
TranslateAcceleratorW
RemoveMenu
CheckMenuItem
DrawMenuBar
SetMenu
GetMenuItemInfoW
DispatchMessageA
GetMessageA
GetClientRect
GetActiveWindow
CreateIcon
GetAsyncKeyState
GetKeyboardState
SetCursorPos
GetKeyState
MapVirtualKeyExW
GetKeyboardLayout
SendInput
SetForegroundWindow
SetWindowDisplayAffinity
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetRawInputData
MonitorFromPoint
EnumDisplayMonitors
DestroyAcceleratorTable
EnableMenuItem
GetSystemMenu
DestroyIcon
SetPropW
SystemParametersInfoA
IsWindowVisible
ClipCursor
GetClipCursor
ShowCursor
AdjustWindowRectEx
GetMenu
SystemParametersInfoW
ReleaseCapture
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RedrawWindow
IsProcessDPIAware
SetParent
MapWindowPoints
SendMessageW
RegisterWindowMessageA
ShowWindow
DrawTextW
EnumChildWindows
ReleaseDC
GetDC
GetWindowLongPtrW
GetParent
SetWindowRgn
RegisterClassExW
FindWindowExW
IsIconic
SetCursor
LoadCursorW
InvalidateRgn
SetWindowPos
GetWindowPlacement
SetWindowPlacement
PeekMessageW
ChangeDisplaySettingsExW
ClientToScreen
DefWindowProcW
PostThreadMessageW
ValidateRect
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
ToUnicodeEx
DestroyWindow
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
MapVirtualKeyW
GetWindowRect
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
GetWindowLongW
SetWindowLongW
GetUpdateRect

comctl32

SetWindowSubclass
DefSubclassProc
TaskDialogIndirect
RemoveWindowSubclass

ole32

RevokeDragDrop
RegisterDragDrop
OleInitialize
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

gdi32

CreateSolidBrush
SetBkMode
CreateRectRgn
SetTextColor
GetDeviceCaps
CreateCompatibleDC
DeleteDC
SelectObject
CreateDIBSection
BitBlt
CombineRgn
DeleteObject

dwmapi

DwmSetWindowAttribute
DwmGetWindowAttribute
DwmEnableBlurBehindWindow

shell32

SHGetKnownFolderPath
ShellExecuteW
ShellExecuteExW
DragFinish
SHCreateItemFromParsingName
DragQueryFileW
SHAppBarMessage

advapi32

SystemFunction036
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

ws2_32

WSAStartup
getsockname
getpeername
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
send
WSASend
setsockopt
getaddrinfo
WSAIoctl
WSAGetLastError
freeaddrinfo
closesocket
WSACleanup

secur32

DecryptMessage
DeleteSecurityContext
FreeContextBuffer
AcquireCredentialsHandleA
ApplyControlToken
InitializeSecurityContextW
AcceptSecurityContext
FreeCredentialsHandle
QueryContextAttributesW
EncryptMessage

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain

shlwapi

SHCreateMemStream

ntdll

NtReadFile
NtCreateFile
NtWriteFile
NtCancelIoFileEx
NtDeviceIoControlFile
RtlGetVersion
RtlNtStatusToDosError

oleaut32

GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

pow
_fdopen
round
floor
trunc
__setusermatherr
log

api-ms-win-crt-string-l1-1-0

isspace
strcpy_s
_stricmp
strlen
wcscmp
strpbrk
strcspn
strncmp
wcsncmp
isupper
strspn
isdigit
isalnum
tolower
strcmp
isxdigit
strncpy
wcslen
_wcsicmp

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_msize
realloc
_set_new_mode
calloc
free

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-time-l1-1-0

strftime
_gmtime64
_localtime64_s
clock
_time64

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
abort
_exit
exit
_errno
_initterm_e
strerror
_beginthreadex
_seh_filter_exe
_set_app_type
_register_onexit_function
_wassert
_endthreadex
_configure_narrow_argv
_initterm
_initialize_narrow_environment
_get_initial_narrow_environment

api-ms-win-crt-stdio-l1-1-0

_wfopen
fflush
_ftelli64
_fseeki64
fopen
_open
__acrt_iob_func
fclose
fread
fseek
_set_fmode
ftell
__p__commode
__stdio_common_vsprintf
__stdio_common_vfprintf
fwrite
rewind
ferror

api-ms-win-crt-convert-l1-1-0

_wtoi
_ultow_s
atoi
wcstol

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 13.0MB - Virtual size: 13.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 664KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22a28a9dd16d4a12d4dfb23df1b1ef9a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

ole32

gdi32

dwmapi

shell32

advapi32

ws2_32

secur32

crypt32

shlwapi

ntdll

oleaut32

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 13.0MB - Virtual size: 13.0MB

.rdata Size: 5.8MB - Virtual size: 5.8MB

.data Size: 28KB - Virtual size: 40KB

.pdata Size: 664KB - Virtual size: 663KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 63KB - Virtual size: 62KB

.text
Size: 13.0MB - Virtual size: 13.0MB

.rdata
Size: 5.8MB - Virtual size: 5.8MB

.data
Size: 28KB - Virtual size: 40KB

.pdata
Size: 664KB - Virtual size: 663KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 63KB - Virtual size: 62KB