2024-05-24_e63e7a91bf6835b6a3c0b3a7989c6200_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-24_e63e7a91bf6835b6a3c0b3a7989c6200_megazord
Size

5.6MB
MD5

e63e7a91bf6835b6a3c0b3a7989c6200
SHA1

c820fc77009284a4978d5a15e472e0406553c350
SHA256

85f9f0ac5f1c72ea15842d3d430d27c62fad8d31f11e66b9ead6fb439a51d951
SHA512

d8ff7c6cecf8fadff75277bcba0e5a26b9f821a76fdc64ce7e0377df42d508a34f21ffb66f51b366e9628c591adad2d0e9d539d62089464b850bb715f450175c
SSDEEP

49152:bhSbf9zn04JEAcLB04qYdNjzUu2TRvb0awBzEk2QB6+ZxWxkS4f7HN09XGAFDYfs:ERrCLBk5iok28WQf4WOcdwlsk7yy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_e63e7a91bf6835b6a3c0b3a7989c6200_megazord

Files

2024-05-24_e63e7a91bf6835b6a3c0b3a7989c6200_megazord
.exe windows:6 windows x64 arch:x64

5dc66adece9667dd86fbc256575edcee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtDeviceIoControlFile
RtlUnwindEx
NtCreateFile
NtWriteFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
NtReadFile
RtlVirtualUnwind

kernel32

CreateFileW
GetFileInformationByHandle
HeapReAlloc
GetFinalPathNameByHandleW
CreateIoCompletionPort
SetFileCompletionNotificationModes
WakeAllConditionVariable
GetModuleHandleA
GetCurrentThread
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
Sleep
QueryPerformanceFrequency
FormatMessageW
GetCurrentProcess
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
GetFullPathNameW
SetFileInformationByHandle
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
SetLastError
SwitchToThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
SleepConditionVariableSRW
CancelIo
ReadFile
ExitProcess
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
LoadLibraryExW
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
CopyFileExW
PostQueuedCompletionStatus
GetSystemInfo
GetQueuedCompletionStatusEx
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetProcAddress
GetModuleFileNameW
UnhandledExceptionFilter
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
GetExitCodeProcess
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WaitForSingleObject
IsProcessorFeaturePresent
InitializeSListHead
GetLastError
IsDebuggerPresent
GetModuleHandleW
WakeConditionVariable
CreateEventW
CloseHandle
FindClose
TryAcquireSRWLockExclusive
HeapFree
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FlushFileBuffers
GetCurrentDirectoryW

ws2_32

select
getsockopt
WSAGetLastError
ioctlsocket
getpeername
setsockopt
getaddrinfo
getsockname
freeaddrinfo
WSAStartup
WSAIoctl
socket
accept
closesocket
WSACleanup
recv
send
WSASend
shutdown
listen
connect
bind
WSASocketW

rstrtmgr

RmGetList
RmStartSession
RmRegisterResources

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket

user32

EnumDisplaySettingsExW
GetMonitorInfoW
EnumDisplayMonitors

gdi32

SetStretchBltMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateDCW
StretchBlt
GetDIBits
GetObjectW
DeleteObject

bcrypt

BCryptGenRandom

advapi32

RegOpenKeyExW
AllocateAndInitializeSid
CheckTokenMembership
RegQueryValueExW
SystemFunction036
RegCloseKey
FreeSid

crypt32

CertFreeCertificateContext
CertDuplicateCertificateChain
CertCloseStore
CertDuplicateCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateStore
CertEnumCertificatesInStore
CertOpenStore
CertAddCertificateContextToStore
CryptUnprotectData

secur32

DecryptMessage
QueryContextAttributesW
InitializeSecurityContextW
FreeCredentialsHandle
AcquireCredentialsHandleA
ApplyControlToken
EncryptMessage
FreeContextBuffer
DeleteSecurityContext
AcceptSecurityContext

oleaut32

SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysAllocStringLen
SafeArrayDestroy
SysFreeString
VariantClear

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
strlen
strncmp
strcspn
strcmp

api-ms-win-crt-math-l1-1-0

log
_dclass
pow
ceil
truncf
roundf
__setusermatherr
exp2f

api-ms-win-crt-heap-l1-1-0

malloc
realloc
_set_new_mode
free
calloc
_msize

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
__p___argc
_initialize_onexit_table
_set_app_type
_seh_filter_exe
_endthreadex
__p___argv
_cexit
_beginthreadex
_register_onexit_function
terminate
abort
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_exit
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dc66adece9667dd86fbc256575edcee

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

ws2_32

rstrtmgr

ole32

user32

gdi32

bcrypt

advapi32

crypt32

secur32

oleaut32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 1.5MB - Virtual size: 1.4MB

.data Size: 25KB - Virtual size: 28KB

.pdata Size: 83KB - Virtual size: 82KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.5MB - Virtual size: 1.4MB

.data
Size: 25KB - Virtual size: 28KB

.pdata
Size: 83KB - Virtual size: 82KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 36KB - Virtual size: 36KB