2024-06-01_efd11bf7fe933ab57423d48a07a774b4_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-01_efd11bf7fe933ab57423d48a07a774b4_megazord
Size

11.6MB
MD5

efd11bf7fe933ab57423d48a07a774b4
SHA1

1aa3219fc21e6937b240c03e092d1d245769f55c
SHA256

915e7aa2f1ddee5703ca64470d575e66d2b693692330a684e4651979cf4f7ec0
SHA512

45bfef2dfd51f3037bcbba044cacdfbbe096fb202f40d22b6211ab6de3c63563bbf73f20f179cbdcbb700f42df59b9f41d4e24688649dd0df6f4308d493294a6
SSDEEP

98304:hO/N5CIAWsStW1kpauMuVk/ayUfKvWPbtcW0H8PUBifHtf9Gqedy97H8OMIwh:E/bhBh3PbWWd2ievA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-01_efd11bf7fe933ab57423d48a07a774b4_megazord

Files

2024-06-01_efd11bf7fe933ab57423d48a07a774b4_megazord
.exe windows:6 windows x64 arch:x64

79d23885fb163529451b9c34ea852bbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

bcryptprimitives

ProcessPrng

shell32

DragFinish
DragQueryFileW
ShellExecuteExW
SHAppBarMessage
SHGetKnownFolderPath

kernel32

InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
PostQueuedCompletionStatus
RtlUnwindEx
RtlPcToFileHeader
SetFileCompletionNotificationModes
LoadLibraryW
SleepConditionVariableSRW
CreateIoCompletionPort
RaiseException
EncodePointer
GetQueuedCompletionStatusEx
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
SwitchToThread
WakeAllConditionVariable
lstrlenW
TlsSetValue
WaitForSingleObject
CloseHandle
GetModuleHandleW
SetWaitableTimer
Sleep
CreateWaitableTimerExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
GetProcAddress
GetSystemTimeAsFileTime
GetFileType
FreeLibrary
GetConsoleMode
LoadLibraryExW
GetStdHandle
HeapReAlloc
HeapFree
GetLastError
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
LoadLibraryExA
GetSystemInfo
GetCommandLineW
LoadLibraryA
TerminateProcess
GetProcessHeap
HeapAlloc
QueryPerformanceCounter
ExitProcess
ReadFile
CancelIo
CreateEventW
WriteFileEx
SleepEx
ReadFileEx
CreateThread
CreatePipe
GetProcessId
SetLastError
FindClose
FindNextFileW
CreateNamedPipeW
SetFilePointerEx
DeleteProcThreadAttributeList
CompareStringOrdinal
GetSystemTimePreciseAsFileTime
GetTimeZoneInformationForYear
SetEnvironmentVariableW
GetExitCodeProcess
WaitForMultipleObjects
GetOverlappedResult
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetCurrentProcessId
GetModuleHandleA
TlsFree
GetCurrentThread
DuplicateHandle
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
GetCurrentProcess
CreateMutexA
ReleaseMutex
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileAttributesW
GetFullPathNameW
GetFinalPathNameByHandleW
CreateDirectoryW
FindFirstFileW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
FreeEnvironmentStringsW
SetHandleInformation
GetEnvironmentStringsW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
RegisterDragDrop
OleInitialize
RevokeDragDrop
CoCreateInstance
CoInitializeEx

ws2_32

WSAGetLastError
shutdown
getsockopt
connect
getpeername
WSASend
WSADuplicateSocketW
accept
recv
send
listen
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
closesocket
bind
WSAIoctl
setsockopt
ioctlsocket
WSASocketW
getsockname

ntdll

RtlGetVersion
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCreateFile
NtReadFile
NtWriteFile

user32

ToUnicodeEx
GetSystemMenu
SetWindowLongW
GetClipCursor
ClipCursor
ShowCursor
GetMenu
AdjustWindowRectEx
SetPropW
CreateIcon
GetUpdateRect
PostThreadMessageW
ValidateRect
DrawMenuBar
RemoveMenu
DestroyMenu
SystemParametersInfoA
GetRawInputData
CheckMenuItem
SystemParametersInfoW
RegisterClassExW
GetMessageA
DispatchMessageA
RegisterWindowMessageA
MapVirtualKeyExW
GetKeyboardLayout
EnumChildWindows
SetWindowTextW
RegisterRawInputDevices
GetMessageW
SetParent
AdjustWindowRect
EnumDisplayMonitors
EnableMenuItem
GetWindowPlacement
SetWindowPlacement
PeekMessageW
ChangeDisplaySettingsExW
GetMonitorInfoW
DefWindowProcW
GetKeyState
GetAsyncKeyState
ShowWindow
GetKeyboardState
SendMessageW
SetWindowLongPtrW
TranslateMessage
DispatchMessageW
GetWindowTextLengthW
SetWindowDisplayAffinity
RegisterTouchWindow
GetWindowLongW
GetSystemMetrics
DestroyWindow
IsWindow
CreateWindowExW
SetCapture
SetCursor
LoadCursorW
TrackMouseEvent
SetCursorPos
MapVirtualKeyW
GetForegroundWindow
InvalidateRgn
SetWindowPos
FlashWindowEx
GetActiveWindow
MonitorFromPoint
GetWindowLongPtrW
IsIconic
IsWindowVisible
RedrawWindow
PostMessageW
ReleaseCapture
PostQuitMessage
GetTouchInputInfo
ScreenToClient
CloseTouchInputHandle
MonitorFromRect
SetMenu
DestroyIcon
MsgWaitForMultipleObjectsEx
TranslateAcceleratorW
GetWindowTextW
SendInput
CreateMenu
CreatePopupMenu
DrawIconEx
ReleaseDC
GetWindowDC
OffsetRect
GetWindowRect
MapWindowPoints
GetClientRect
GetMenuBarInfo
DrawTextW
FillRect
GetMenuItemInfoW
IsProcessDPIAware
GetDC
MonitorFromWindow
TrackPopupMenu
SetForegroundWindow
ClientToScreen
GetCursorPos
CreateAcceleratorTableW
DestroyAcceleratorTable
SetMenuItemInfoW
AppendMenuW
InsertMenuW

comctl32

SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass
TaskDialogIndirect

gdi32

SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
BitBlt
DeleteDC
GetDeviceCaps
CreateRectRgn
SelectObject
CreateDIBSection
CreateCompatibleDC

crypt32

CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertOpenStore
CertCloseStore
CertFreeCertificateContext
CertDuplicateStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateChain

secur32

ApplyControlToken
InitializeSecurityContextW
AcquireCredentialsHandleA
QueryContextAttributesW
DecryptMessage
AcceptSecurityContext
FreeCredentialsHandle
DeleteSecurityContext
EncryptMessage
FreeContextBuffer

advapi32

EventUnregister
RegGetValueW
RegQueryValueExW
EventSetInformation
EventWriteTransfer
RegOpenKeyExW
SystemFunction036
RegCloseKey
EventRegister

dwmapi

DwmGetWindowAttribute
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

oleaut32

SetErrorInfo
SysFreeString
GetErrorInfo
SysStringLen

bcrypt

BCryptGenRandom

shlwapi

SHCreateMemStream

api-ms-win-crt-math-l1-1-0

trunc
floor
round
pow
__setusermatherr

api-ms-win-crt-string-l1-1-0

wcslen
strlen
wcsncmp
_wcsicmp
wcscmp
strcpy_s

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode
malloc
_callnewh

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_seh_filter_exe
_initterm
_initialize_onexit_table
abort
exit
_set_app_type
terminate
_exit
_register_onexit_function
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79d23885fb163529451b9c34ea852bbc

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

shell32

kernel32

ole32

ws2_32

ntdll

user32

comctl32

gdi32

crypt32

secur32

advapi32

dwmapi

oleaut32

bcrypt

shlwapi

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 8.3MB - Virtual size: 8.3MB

.rdata Size: 2.9MB - Virtual size: 2.9MB

.data Size: 5KB - Virtual size: 16KB

.pdata Size: 353KB - Virtual size: 352KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 44KB - Virtual size: 44KB

.text
Size: 8.3MB - Virtual size: 8.3MB

.rdata
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 5KB - Virtual size: 16KB

.pdata
Size: 353KB - Virtual size: 352KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 44KB - Virtual size: 44KB