2024-06-06_2d3259d3e0f29ed1510c0722e83db1ec_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-06_2d3259d3e0f29ed1510c0722e83db1ec_megazord
Size

9.5MB
MD5

2d3259d3e0f29ed1510c0722e83db1ec
SHA1

9deaef7b10e4f79ad195524e1ded302b8f6ed8eb
SHA256

6673f01cd15c5f6cb03cebae3d9eef69d0020232509434b58775feee82b7f49a
SHA512

ee317cc5e91e512f8145fa848e0341cbc036b40b7f98baf21c306c0c8e05bb2b72b8f80947877a30615915a894999b459cd9e983f2c7ec5e01f7ce5032fb0d05
SSDEEP

98304:/7CFB/gax/gt4LeHwX+3jjBvklGKdFKxRhZ+HZ23SB:+jXXXT

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-06_2d3259d3e0f29ed1510c0722e83db1ec_megazord

Files

2024-06-06_2d3259d3e0f29ed1510c0722e83db1ec_megazord
.exe windows:6 windows x64 arch:x64

df59a6b4e2f00d174b240db1135f0b2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\rojo\rojo\output\x86_64-pc-windows-msvc\release\deps\rojo.pdb

Imports

bcrypt

BCryptGenRandom

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SystemFunction036

ntdll

RtlLookupFunctionEntry
NtCreateFile
NtReadFile
NtWriteFile
NtDeviceIoControlFile
NtCancelIoFileEx
RtlVirtualUnwind
RtlCaptureContext
RtlNtStatusToDosError
RtlPcToFileHeader
RtlUnwindEx

kernel32

SetStdHandle
GetStringTypeW
TryAcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
FlsAlloc
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
GetOEMCP
LCMapStringW
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
HeapSize
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
SetHandleInformation
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
EncodePointer
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
SleepConditionVariableSRW
GetSystemInfo
InitializeSListHead
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx
GetCurrentThreadId
WriteFile
GetCPInfo
SetFileCompletionNotificationModes
GetSystemTimeAsFileTime
lstrlenW
WaitForSingleObjectEx
CancelIo
CreateFileW
CreateSemaphoreW
ReadDirectoryChangesW
ReleaseSemaphore
GetFileInformationByHandle
GetStdHandle
GetConsoleMode
GetFileInformationByHandleEx
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
GetCurrentProcess
GetCurrentThread
GetProcAddress
ReleaseMutex
LoadLibraryA
CreateMutexA
CreateThread
ReadConsoleW
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObject
Sleep
QueryPerformanceCounter
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
WideCharToMultiByte
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
DuplicateHandle
SetFilePointerEx
WriteConsoleW
WriteFileEx
SleepEx
GetExitCodeProcess
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
HeapReAlloc
GetModuleHandleA
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileType
UpdateProcThreadAttribute
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList

ws2_32

getpeername
getsockname
accept
listen
getsockopt
connect
bind
WSASocketW
shutdown
recv
send
WSASend
setsockopt
WSAIoctl
closesocket
WSAGetLastError
WSAStartup
WSACleanup
ioctlsocket
freeaddrinfo
getaddrinfo

shell32

ShellExecuteW
SHGetKnownFolderPath

secur32

FreeCredentialsHandle
FreeContextBuffer
AcquireCredentialsHandleA
ApplyControlToken
EncryptMessage
AcceptSecurityContext
QueryContextAttributesW
InitializeSecurityContextW
DecryptMessage
DeleteSecurityContext

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertFreeCertificateChain
CertDuplicateCertificateChain
CertDuplicateStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext

ole32

CoTaskMemFree

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df59a6b4e2f00d174b240db1135f0b2a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

advapi32

ntdll

kernel32

ws2_32

shell32

secur32

crypt32

ole32

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 4.3MB - Virtual size: 4.3MB

.data Size: 16KB - Virtual size: 22KB

.pdata Size: 92KB - Virtual size: 91KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 16KB - Virtual size: 22KB

.pdata
Size: 92KB - Virtual size: 91KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 43KB - Virtual size: 42KB