2024-05-24_fb83f0698d19a34e256d092f8dc58e2d_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-24_fb83f0698d19a34e256d092f8dc58e2d_megazord
Size

13.6MB
MD5

fb83f0698d19a34e256d092f8dc58e2d
SHA1

fb1263cad8fd49623c8e4f944d5c4c02b32ad195
SHA256

f1f4986acba9302733e8ea641c7ec28f3eac874d27a92096e1d6967390128e84
SHA512

4380f9cbe26a518be056b1814b6a7ba4ee6e499172c285c26f73d090284b643678c986590b714d1495cb2c6b350482e38cab605555b9fe8a062accc188337b21
SSDEEP

393216:MDEilWzUs8NFw1p8bikPt8b+kP/0/TeS:MDEilkURNbnPCbjP0T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_fb83f0698d19a34e256d092f8dc58e2d_megazord

Files

2024-05-24_fb83f0698d19a34e256d092f8dc58e2d_megazord
.exe windows:6 windows x64 arch:x64

09882f8dd5fe057997b2e766550d4d5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

UnhandledExceptionFilter
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
GetProcAddress
RtlPcToFileHeader
RaiseException
LoadLibraryW
SetUnhandledExceptionFilter
GetCurrentThreadId
LCIDToLocaleName
GetUserDefaultUILanguage
lstrlenW
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetSystemTimeAsFileTime
GetCurrentThread
CreateThread
MultiByteToWideChar
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
LoadLibraryA
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
ReadFileEx
CreateNamedPipeW
GetFullPathNameW
ExitProcess
CancelIo
CopyFileExW
GetFinalPathNameByHandleW
AcquireSRWLockShared
ReleaseSRWLockShared
MoveFileExW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
GetFileAttributesW
GetModuleFileNameW
GetLastError
OutputDebugStringA
OutputDebugStringW
DeleteCriticalSection
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
GetSystemInfo
HeapReAlloc
QueryPerformanceFrequency
WakeConditionVariable
WakeAllConditionVariable
TerminateProcess
SleepEx
WriteFileEx
GetStdHandle
SetFilePointerEx
SetHandleInformation
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
CreateIoCompletionPort
SetThreadStackGuarantee
GetQueuedCompletionStatusEx
AddVectoredExceptionHandler
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
CompareStringOrdinal
SetFileCompletionNotificationModes
DeleteProcThreadAttributeList
GetProcessHeap
HeapFree
FreeEnvironmentStringsW
CreateEventW
HeapAlloc
LoadLibraryExA
SleepConditionVariableSRW
IsProcessorFeaturePresent
FormatMessageW
WaitForSingleObject
EncodePointer
LocalFree
TlsAlloc
Sleep
GetModuleHandleA
GetFileInformationByHandle
GetConsoleMode
GetModuleHandleW
TlsGetValue
WriteConsoleW
TlsSetValue
AcquireSRWLockExclusive
CloseHandle
DeviceIoControl
CreateFileW
OpenProcess
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetVolumePathNamesForVolumeNameW
GetVolumeInformationW
GetDriveTypeW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
FindVolumeClose
GetExitCodeProcess
FindNextVolumeW
VirtualQueryEx
ReadProcessMemory
GetDiskFreeSpaceExW
GetCurrentProcessId
GlobalMemoryStatusEx
K32GetPerformanceInfo
FindFirstVolumeW
TlsFree

user32

SetForegroundWindow
ToUnicodeEx
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetRawInputData
GetMessageA
DispatchMessageA
PostMessageW
IsProcessDPIAware
GetDC
RedrawWindow
SystemParametersInfoA
IsWindowVisible
AdjustWindowRectEx
GetWindowRect
MonitorFromPoint
EnumDisplayMonitors
PostQuitMessage
SendInput
CreateAcceleratorTableW
AppendMenuW
CreateMenu
CheckMenuItem
SetMenuItemInfoW
DestroyAcceleratorTable
VkKeyScanW
ValidateRect
PostThreadMessageW
MapVirtualKeyExW
PeekMessageW
GetKeyboardLayout
GetKeyState
GetAsyncKeyState
GetKeyboardState
GetUpdateRect
GetWindowLongPtrW
GetWindowLongW
GetClientRect
SetWindowDisplayAffinity
ClientToScreen
LoadCursorW
GetMenu
MonitorFromRect
TrackMouseEvent
DestroyWindow
ShowCursor
GetTouchInputInfo
ScreenToClient
ClipCursor
GetClipCursor
EnableMenuItem
GetSystemMenu
ShowWindow
SetWindowLongW
SendMessageW
DestroyIcon
CreateIcon
SetCapture
SetWindowLongPtrW
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
CloseTouchInputHandle
EnumChildWindows
SetCursor
GetCursorPos
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
ReleaseCapture
SetMenu
GetActiveWindow
FlashWindowEx
IsIconic
GetForegroundWindow
SetCursorPos
MapVirtualKeyW
GetMessageW
GetAncestor
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
DefWindowProcW

comctl32

DefSubclassProc
RemoveWindowSubclass
SetWindowSubclass

ole32

CreateStreamOnHGlobal
CoCreateInstance
RegisterDragDrop
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
OleInitialize
CoTaskMemFree
RevokeDragDrop

shell32

SHAppBarMessage
DragQueryFileW
DragFinish
SHGetKnownFolderPath
SHCreateItemFromParsingName
CommandLineToArgvW

dwmapi

DwmEnableBlurBehindWindow
DwmExtendFrameIntoClientArea

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

advapi32

GetTokenInformation
OpenProcessToken
IsValidSid
GetLengthSid
CopySid
SystemFunction036
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ws2_32

WSAIoctl
setsockopt
WSASend
send
WSAGetLastError
recv
shutdown
closesocket
getsockopt
freeaddrinfo
ioctlsocket
connect
bind
WSASocketW
getsockname
getpeername
getaddrinfo
WSAStartup
WSACleanup

secur32

AcceptSecurityContext
QueryContextAttributesW
FreeContextBuffer
InitializeSecurityContextW
DeleteSecurityContext
FreeCredentialsHandle
ApplyControlToken
EncryptMessage
AcquireCredentialsHandleA
DecryptMessage

crypt32

CertDuplicateCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain

uxtheme

SetWindowTheme

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
NtQueryInformationProcess
NtCancelIoFileEx
NtReadFile
NtQuerySystemInformation
RtlGetVersion

oleaut32

SetErrorInfo
GetErrorInfo
SysStringLen
SysFreeString

bcrypt

BCryptGenRandom

pdh

PdhRemoveCounter
PdhAddEnglishCounterW
PdhCollectQueryData
PdhCloseQuery
PdhOpenQueryA
PdhGetFormattedCounterValue

powrprof

CallNtPowerInformation

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow
trunc
floor
round

api-ms-win-crt-string-l1-1-0

wcslen
_wcsicmp
strcpy_s
strlen
wcsncmp

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
malloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initterm_e
_initialize_onexit_table
_seh_filter_exe
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
terminate
_register_thread_local_exe_atexit_callback
abort
_c_exit
_configure_narrow_argv
_cexit
__p___argv
__p___argc
_set_app_type
_exit
_crt_atexit
exit

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09882f8dd5fe057997b2e766550d4d5c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

ole32

shell32

dwmapi

gdi32

advapi32

ws2_32

secur32

crypt32

uxtheme

ntdll

oleaut32

bcrypt

pdh

powrprof

psapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 6.5MB - Virtual size: 6.5MB

.data Size: 14KB - Virtual size: 25KB

.pdata Size: 313KB - Virtual size: 312KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 54KB - Virtual size: 54KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 6.5MB - Virtual size: 6.5MB

.data
Size: 14KB - Virtual size: 25KB

.pdata
Size: 313KB - Virtual size: 312KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 54KB - Virtual size: 54KB