2024-06-03_cf6584142a6139499fc8e8b6336ca1b6_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-03_cf6584142a6139499fc8e8b6336ca1b6_megazord
Size

18.9MB
MD5

cf6584142a6139499fc8e8b6336ca1b6
SHA1

8016863c0414edd356f566706dee3c25ca8ddbde
SHA256

ad852b1d48b0fddca1b2072255ebe6aa2f39824f95ecf8bae60bdbaa74d384ac
SHA512

10fcb3b6346d9aaf01a6c93464cf3a2319bc872131c34923211e8a2dc4c7c5fd457ab50e6dcefeea46699f7057b1ddb757b2127362e36986d28939e723ef8ed6
SSDEEP

98304:h7R7UfofR+/OaJuDvF119UPqSjxqQc0gWNagYc8zxpI9olF1b7wNSptBPT8GoGXg:JlkPox08Q8P4GoGXmlZ/VEZhMk

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-03_cf6584142a6139499fc8e8b6336ca1b6_megazord

Files

2024-06-03_cf6584142a6139499fc8e8b6336ca1b6_megazord
.exe windows:6 windows x64 arch:x64

cb2706b7576c8f5b3a7ac8ea1650a216

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

app.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

kernel32

GetCurrentThread
ReleaseMutex
EncodePointer
WideCharToMultiByte
GetLastError
IsProcessorFeaturePresent
RtlUnwindEx
Sleep
MultiByteToWideChar
GetModuleHandleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
FormatMessageW
GetSystemTimeAsFileTime
InitializeSListHead
QueryPerformanceFrequency
QueryPerformanceCounter
SetFileTime
GetProcessId
TerminateProcess
GetCurrentProcess
GetUserDefaultLocaleName
GetCurrentThreadId
GlobalAlloc
FindClose
CreateMutexW
GetModuleFileNameW
GlobalUnlock
GetUserDefaultUILanguage
LCIDToLocaleName
lstrlenW
LoadLibraryW
CreateMutexA
WaitForSingleObjectEx
GetTempPathW
GetFullPathNameW
CreateThread
WriteConsoleW
RtlPcToFileHeader
InitializeProcThreadAttributeList
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
ReadFileEx
ExitProcess
CancelIo
CopyFileExW
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
HeapReAlloc
GetSystemTimePreciseAsFileTime
GetExitCodeProcess
SleepEx
WriteFileEx
GetCurrentProcessId
GetStdHandle
GlobalSize
GlobalLock
SetFilePointerEx
SetFileInformationByHandle
GetCommandLineW
SetEnvironmentVariableW
FindNextFileW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
GetFileAttributesW
OutputDebugStringA
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
TlsAlloc
TlsGetValue
GetEnvironmentVariableW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
SetWaitableTimer
DuplicateHandle
CreateWaitableTimerExW
SwitchToThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
TlsFree
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
CompareStringOrdinal
DeleteProcThreadAttributeList
TlsSetValue
CloseHandle
IsDebuggerPresent
CreatePipe
HeapAlloc
HeapFree
GetProcessHeap
ReadFile
WriteFile
WaitForSingleObject
CreateEventW
FreeLibrary
LoadLibraryExA
FlushFileBuffers
DisconnectNamedPipe
GetNativeSystemInfo
GetSystemInfo
RaiseException
GetModuleHandleA
GlobalFree
GetProcAddress
LoadLibraryA
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MoveFileExW
SetFileAttributesW
CreateFileW
UpdateProcThreadAttribute
GetConsoleMode
GetFileInformationByHandle
SetFileCompletionNotificationModes
GetOverlappedResult
SetHandleInformation
GetQueuedCompletionStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus

user32

AdjustWindowRectEx
GetWindowRect
SetForegroundWindow
FlashWindowEx
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
DestroyIcon
GetForegroundWindow
GetRawInputData
IsProcessDPIAware
SystemParametersInfoA
CreateAcceleratorTableW
CreateMenu
SetMenuItemInfoW
DestroyAcceleratorTable
VkKeyScanW
MapVirtualKeyExW
GetKeyState
CreateIcon
GetKeyboardLayout
GetAsyncKeyState
CreateWindowExW
GetKeyboardState
SetWindowDisplayAffinity
GetMenu
ShowCursor
ClipCursor
GetClipCursor
ToUnicodeEx
GetSystemMenu
UnregisterHotKey
RegisterHotKey
CheckMenuItem
EnableMenuItem
SetCapture
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterWindowMessageA
GetMessageA
DispatchMessageA
GetActiveWindow
SetCursorPos
SetCursor
RegisterTouchWindow
ShowWindow
LoadCursorW
InvalidateRgn
SetWindowPos
EnumChildWindows
GetWindowPlacement
SetWindowPlacement
IsWindow
PeekMessageW
GetWindowLongW
GetWindowTextW
IsWindowVisible
ReleaseDC
ChangeDisplaySettingsExW
CloseClipboard
GetClipboardData
ClientToScreen
ReleaseCapture
GetCursorPos
DefWindowProcW
PostThreadMessageW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
GetMessageW
MapVirtualKeyW
IsIconic
SetMenu
RedrawWindow
GetClientRect
DestroyWindow
SendInput
AllowSetForegroundWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetDC
SetMenuItemBitmaps
AppendMenuW
SetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
RegisterClipboardFormatW
OpenClipboard
SendMessageW
RegisterClassExW
FindWindowW
PostQuitMessage
DestroyMenu
TrackPopupMenu
CreatePopupMenu
RemoveClipboardFormatListener
AddClipboardFormatListener
PostMessageW
GetUpdateRect
ValidateRect
GetMonitorInfoW
MonitorFromWindow
SetWindowLongW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
MonitorFromRect
GetSystemMetrics

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass
TaskDialogIndirect

gdi32

CreateCompatibleDC
CreateRectRgn
GetDeviceCaps
CreateDIBSection
DeleteObject
GetObjectW
GetDIBits

dwmapi

DwmEnableBlurBehindWindow
DwmSetWindowAttribute

ole32

RegisterDragDrop
CoTaskMemAlloc
RevokeDragDrop
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoIncrementMTAUsage
OleInitialize
CreateStreamOnHGlobal

shell32

SHCreateItemFromParsingName
SHAppBarMessage
SHGetKnownFolderPath
ShellExecuteW
DragQueryFileW
DragFinish

advapi32

ImpersonateAnonymousToken
SystemFunction036
RegGetValueW
RegCloseKey
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RevertToSelf
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

SysFreeString
SetErrorInfo
GetErrorInfo
SysStringLen

uxtheme

SetWindowTheme

ntdll

NtDeviceIoControlFile
NtWriteFile
NtCreateFile
NtReadFile
RtlNtStatusToDosError
RtlGetVersion
NtCancelIoFileEx

secur32

FreeCredentialsHandle
DeleteSecurityContext
QueryContextAttributesW
InitializeSecurityContextW
DecryptMessage
AcceptSecurityContext
FreeContextBuffer
AcquireCredentialsHandleA
EncryptMessage
ApplyControlToken

ws2_32

ioctlsocket
getaddrinfo
freeaddrinfo
closesocket
WSACleanup
WSAStartup
getsockname
getpeername
WSASocketW
bind
connect
WSAGetLastError
getsockopt
shutdown
recv
WSAIoctl
setsockopt
WSASend
send

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateStore

bcrypt

BCryptGenRandom

api-ms-win-crt-math-l1-1-0

__setusermatherr
exp2f
roundf
fma
round
truncf
ceilf
pow
floorf
sinf
exp
floor
expf
powf
ceil
log2
fmaf
trunc

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
_wcsicmp
wcslen
strlen

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
terminate
_cexit
__p___argv
__p___argc
abort
strerror
_seh_filter_exe
_set_app_type
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_set_new_mode
calloc

Sections

.text
Size: 11.4MB - Virtual size: 11.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 503KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb2706b7576c8f5b3a7ac8ea1650a216

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

comctl32

gdi32

dwmapi

ole32

shell32

advapi32

api-ms-win-core-winrt-l1-1-0

oleaut32

uxtheme

ntdll

secur32

ws2_32

crypt32

bcrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 11.4MB - Virtual size: 11.4MB

.rdata Size: 6.9MB - Virtual size: 6.9MB

.data Size: 13KB - Virtual size: 25KB

.pdata Size: 503KB - Virtual size: 503KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 83KB - Virtual size: 83KB

.reloc Size: 57KB - Virtual size: 56KB

.text
Size: 11.4MB - Virtual size: 11.4MB

.rdata
Size: 6.9MB - Virtual size: 6.9MB

.data
Size: 13KB - Virtual size: 25KB

.pdata
Size: 503KB - Virtual size: 503KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 83KB - Virtual size: 83KB

.reloc
Size: 57KB - Virtual size: 56KB