2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord
Size

20.8MB
MD5

40c2296bb73cc933207be149d1ad97b7
SHA1

7c2c9f91e6d21410a37603cdbe46a2fab34b76e7
SHA256

0f65ace9a1a0866f0b418e2b820aa183ba1e8efed6bc3eedf51be95c8fcd5818
SHA512

088c2898c84c5c71278c70671f4b91d9e0de2fb612f4e766f5ed66ee3fadbde9184361d55d863a18239f09f11a9a6e78d5d67b24336129080a5218afae0f296d
SSDEEP

196608:r2VVO0Oo8/QwvJffUGvOZPcYyLhBLAe/C06Lnwap63lj:oVO0OoavxvOZPjyzAea060ap63lj

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord

Files

2024-06-01_40c2296bb73cc933207be149d1ad97b7_megazord
.exe windows:6 windows x64 arch:x64

9616884fdb9822d47d74e0ead8135dea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

gale.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

kernel32

RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
GetCurrentThreadId
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetNamedPipeClientProcessId
ReadFile
TlsAlloc
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
CreateFileW
WaitNamedPipeW
LoadLibraryW
TlsGetValue
TlsSetValue
LCIDToLocaleName
lstrlenW
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetFullPathNameW
GetUserDefaultUILanguage
GetNamedPipeServerProcessId
EncodePointer
CreateThread
WriteConsoleW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
WideCharToMultiByte
GlobalFree
GetSystemDirectoryW
GetCurrentThread
LoadLibraryExW
WriteFile
GetEnvironmentVariableW
WaitForMultipleObjects
MultiByteToWideChar
ReadFileEx
GlobalAlloc
ExitProcess
GlobalUnlock
GlobalSize
GlobalLock
CancelIo
CreateEventW
FormatMessageW
CopyFileExW
WaitForSingleObject
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
FreeLibrary
GetProcAddress
LoadLibraryA
RemoveDirectoryW
HeapFree
HeapAlloc
GetLastError
GetProcessHeap
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
FindNextFileW
ReleaseMutex
HeapReAlloc
GetSystemTimePreciseAsFileTime
SetFileTime
QueryPerformanceFrequency
GetCurrentProcess
DuplicateHandle
GetSystemInfo
TerminateProcess
GetExitCodeProcess
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
SetHandleInformation
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
DeleteProcThreadAttributeList
CreateIoCompletionPort
FreeEnvironmentStringsW
GetQueuedCompletionStatusEx
MoveFileExW
PostQueuedCompletionStatus
GetOverlappedResult
SetFileAttributesW
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetFileInformationByHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleMode
SetConsoleMode
TlsFree

shell32

SHAppBarMessage
DragQueryFileW
SHGetKnownFolderPath
SHCreateItemFromParsingName
DragFinish
ShellExecuteW

user32

RegisterRawInputDevices
RegisterClassExW
RegisterWindowMessageA
OpenClipboard
IsClipboardFormatAvailable
SetWindowLongPtrW
DestroyWindow
GetClipboardData
EmptyClipboard
SetClipboardData
GetDC
PostMessageW
CloseClipboard
SetCapture
DispatchMessageA
GetMessageA
CreateIcon
ToUnicodeEx
GetKeyboardLayout
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
GetMessageW
MsgWaitForMultipleObjectsEx
GetAncestor
EnumDisplayMonitors
GetWindowRect
EnumChildWindows
DestroyIcon
DestroyAcceleratorTable
GetMenu
VkKeyScanW
RegisterClipboardFormatW
TranslateAcceleratorW
MapVirtualKeyExW
IsProcessDPIAware
TranslateMessage
DispatchMessageW
GetAsyncKeyState
AdjustWindowRectEx
GetClipCursor
ShowCursor
GetWindowLongPtrW
IsWindowVisible
ClipCursor
PeekMessageW
GetKeyboardState
SetWindowDisplayAffinity
SetWindowLongW
SendMessageW
GetSystemMenu
PostThreadMessageW
GetRawInputData
RedrawWindow
SystemParametersInfoA
PostQuitMessage
ShowWindow
CreateAcceleratorTableW
AppendMenuW
SendInput
AllowSetForegroundWindow
CreateMenu
CheckMenuItem
SetMenuItemInfoW
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW
EnableMenuItem
GetForegroundWindow
GetActiveWindow
SetCursorPos
ReleaseCapture
IsIconic
SetMenu
LoadCursorW
InvalidateRgn
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
MapVirtualKeyW
GetUpdateRect
ValidateRect
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
GetKeyState
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ClientToScreen
GetClientRect
GetWindowLongW
TrackMouseEvent
MonitorFromRect
SetCursor
FlashWindowEx
DefWindowProcW

advapi32

EventRegister
RegOpenKeyExW
RegCloseKey
EventSetInformation
RevertToSelf
EventWriteTransfer
ImpersonateAnonymousToken
RegSetValueExW
RegCreateKeyExW
EventUnregister
RegGetValueW
RegQueryValueExW
SystemFunction036

comctl32

SetWindowSubclass
DefSubclassProc
TaskDialogIndirect
RemoveWindowSubclass

ole32

RegisterDragDrop
OleInitialize
RevokeDragDrop
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

ws2_32

WSAGetLastError
WSAStartup
WSACleanup
WSAIoctl
getaddrinfo
getsockname
WSASocketW
bind
freeaddrinfo
connect
ioctlsocket
setsockopt
getsockopt
shutdown
recv
send
WSASend
getpeername
closesocket

secur32

FreeContextBuffer
ApplyControlToken
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
AcquireCredentialsHandleA
FreeCredentialsHandle
QueryContextAttributesW
DeleteSecurityContext

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy

oleaut32

SysStringLen
SetErrorInfo
SysFreeString
GetErrorInfo

uxtheme

SetWindowTheme

ntdll

NtCreateFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile
NtReadFile
NtDeviceIoControlFile

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

fma
fmaf
exp2f
trunc
floorf
truncf
sinf
expf
ceilf
round
__setusermatherr
ceil
exp
floor
roundf
pow
log2

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcpy_s
wcsncmp
strlen
wcslen

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
_set_new_mode
_callnewh

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

abort
terminate
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argc
strerror
_crt_atexit
_register_onexit_function
_initialize_onexit_table
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 13.3MB - Virtual size: 13.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 545KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9616884fdb9822d47d74e0ead8135dea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

shell32

user32

advapi32

comctl32

ole32

gdi32

dwmapi

ws2_32

secur32

crypt32

oleaut32

uxtheme

ntdll

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 13.3MB - Virtual size: 13.3MB

.rdata Size: 6.8MB - Virtual size: 6.8MB

.data Size: 31KB - Virtual size: 42KB

.pdata Size: 545KB - Virtual size: 545KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 87KB - Virtual size: 86KB

.text
Size: 13.3MB - Virtual size: 13.3MB

.rdata
Size: 6.8MB - Virtual size: 6.8MB

.data
Size: 31KB - Virtual size: 42KB

.pdata
Size: 545KB - Virtual size: 545KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 87KB - Virtual size: 86KB