2024-06-05_15b44fd331ad17374d10be2a03ad794e_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-05_15b44fd331ad17374d10be2a03ad794e_megazord
Size

8.6MB
MD5

15b44fd331ad17374d10be2a03ad794e
SHA1

1c00e120379fee0f06de0fa3e638c68496bfb77e
SHA256

e99b4fe6af5e96cfed634cb7fbc5c728ea2a1cb103730cb55c2f21ef3118e659
SHA512

abfc4a972078ed484a22a0eada199cd177eebd66574cea496939bf32de52af5c440b6afe4e694af4a1e2fe044a386b3c9ae45550c15759fcde71fdb454ca9b49
SSDEEP

49152:nL+RfvdLxQGtncD3qIc+b2gkt13/bH9Z/ceA+ewPXjykVv/zw0oYfXRlzTYzR4Ii:yZzHQCsq49Jcj7CfVymg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-05_15b44fd331ad17374d10be2a03ad794e_megazord

Files

2024-06-05_15b44fd331ad17374d10be2a03ad794e_megazord
.exe windows:6 windows x64 arch:x64

b51127645e797bc717b447bd4f94e54d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

X:\rust\uptimeiq-agent\target\debug\deps\uptimeiq_agent.pdb

Imports

advapi32

RegisterServiceCtrlHandlerExW
OpenServiceW
OpenSCManagerW
SystemFunction036
StartServiceCtrlDispatcherW
ChangeServiceConfig2W
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
SetServiceStatus
CreateServiceW
QueryServiceStatusEx
DeleteService
ControlService

kernel32

FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
HeapSize
GetConsoleOutputCP
GetComputerNameExW
SetConsoleMode
GetConsoleMode
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetCurrentProcessId
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
SetHandleInformation
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
GetCurrentProcess
DuplicateHandle
GetSystemInfo
EnterCriticalSection
CloseHandle
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
WriteFile
EncodePointer
RaiseException
SetFileCompletionNotificationModes
RtlPcToFileHeader
RtlUnwindEx
Sleep
GetLastError
GetModuleHandleA
GetProcAddress
IsProcessorFeaturePresent
GetStartupInfoW
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObject
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
SystemTimeToFileTime
SetUnhandledExceptionFilter
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
UnhandledExceptionFilter
GetStdHandle
WriteFileEx
SleepEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
IsDebuggerPresent
HeapReAlloc
ReleaseMutex
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
MoveFileExW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
CancelIo
InitializeSListHead
GetCurrentThreadId
GetFileType
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
TzSpecificLocalTimeToSystemTime
CreateNamedPipeW
ReadFileEx
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
ReleaseSRWLockExclusive
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
GetCurrentThread
GetSystemTimeAsFileTime
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
AcquireSRWLockExclusive
CreateIoCompletionPort

secur32

FreeContextBuffer
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext
AcceptSecurityContext
ApplyControlToken
DecryptMessage
InitializeSecurityContextW
EncryptMessage
QueryContextAttributesW

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertDuplicateStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateContext

ws2_32

getsockopt
WSAIoctl
closesocket
send
recv
shutdown
setsockopt
getsockname
connect
bind
WSASocketW
WSAGetLastError
WSAStartup
WSACleanup
getpeername
freeaddrinfo
getaddrinfo
ioctlsocket
WSASend

ntdll

NtCreateFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtWriteFile
NtReadFile
NtDeviceIoControlFile

bcrypt

BCryptGenRandom

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b51127645e797bc717b447bd4f94e54d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

secur32

crypt32

ws2_32

ntdll

bcrypt

Sections

.text Size: 6.2MB - Virtual size: 6.2MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 15KB - Virtual size: 19KB

.pdata Size: 443KB - Virtual size: 442KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 6.2MB - Virtual size: 6.2MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 15KB - Virtual size: 19KB

.pdata
Size: 443KB - Virtual size: 442KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 33KB - Virtual size: 32KB