2024-06-08_379f71303d04f05f0642da2ded333cff_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-08_379f71303d04f05f0642da2ded333cff_megazord
Size

15.2MB
MD5

379f71303d04f05f0642da2ded333cff
SHA1

b34c3d38c2a61b44a77d9c992e17a76fc3eb8631
SHA256

eca236aacdacc2ca3f2e0fa6caeb20cc1e4dd6dcbb2eebac0f3645b133e4590d
SHA512

d835d8900c2a1ad3ba315ba269f84ddb8cfacace3789825b0b601bb8ade5f3a7a0a0785de78f138644be1a7c57c4bb14e9467f9d9c8044e5abda5c5233046c0e
SSDEEP

98304:9SBywikHSwgWLR747Q8QqpLowYhUwm0+WyDSE3qZIZmn5HCqvYzfjOesX+z5s4Nk:Sik6ZX6klIEtOHCqvQCeTNbZNYH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-08_379f71303d04f05f0642da2ded333cff_megazord

Files

2024-06-08_379f71303d04f05f0642da2ded333cff_megazord
.exe windows:6 windows x64 arch:x64

caca6bc3bdd81187a088a2bb5003769d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

ntdll

NtWriteFile
RtlGetNtVersionNumbers
NtCreateFile
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlVirtualUnwind
RtlGetVersion
NtReadFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtQueryInformationProcess
NtQuerySystemInformation

kernel32

GetSystemTimePreciseAsFileTime
CloseHandle
GetCommandLineW
GetUserDefaultLocaleName
FindClose
RaiseException
LoadLibraryExW
GlobalLock
GlobalSize
HeapFree
MultiByteToWideChar
GlobalAlloc
EncodePointer
GlobalFree
RemoveDirectoryW
RegisterWaitForSingleObject
GetExitCodeProcess
SetFileInformationByHandle
SetFilePointerEx
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
CreateWaitableTimerExW
Sleep
SetWaitableTimer
OutputDebugStringW
OutputDebugStringA
SetFileTime
LCIDToLocaleName
GetUserDefaultUILanguage
DeleteCriticalSection
GetQueuedCompletionStatusEx
CreateIoCompletionPort
IsDebuggerPresent
LoadLibraryExA
GetProcAddress
FreeLibrary
GetProcessHeap
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
TlsAlloc
GetSystemInfo
GetNativeSystemInfo
HeapReAlloc
SwitchToThread
GetSystemTimeAsFileTime
SleepConditionVariableSRW
PostQueuedCompletionStatus
UnregisterWaitEx
CreatePipe
WakeAllConditionVariable
LoadLibraryW
LocalFree
GetProcessIoCounters
GetSystemTimes
TlsGetValue
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
TlsSetValue
VirtualQueryEx
ReadProcessMemory
OpenProcess
GetProcessTimes
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
UnhandledExceptionFilter
GetDiskFreeSpaceExW
GetLogicalDrives
GetCurrentThreadId
lstrlenW
SetEnvironmentVariableW
GetLastError
GetModuleHandleW
GetProcessId
GetStdHandle
GetConsoleMode
WriteConsoleW
SetLastError
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
SetFileCompletionNotificationModes
GlobalMemoryStatusEx
GetTickCount64
GlobalUnlock
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
TerminateProcess
QueryPerformanceCounter
HeapAlloc
DeleteFileW
MoveFileExW
CreateSymbolicLinkW
CreateHardLinkW
SetFileAttributesW
CopyFileExW
SetHandleInformation
InitializeSListHead
WaitForSingleObject
TlsFree

user32

CreateMenu
AppendMenuW
GetWindowTextW
GetWindowTextLengthW
UnregisterHotKey
SetWindowTextW
EnumDisplayMonitors
GetMessageA
DispatchMessageA
ToUnicodeEx
GetKeyboardLayout
GetSystemMenu
MapVirtualKeyExW
EnumChildWindows
GetKeyState
GetAsyncKeyState
GetKeyboardState
IsProcessDPIAware
ShowCursor
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetClipboardData
GetDC
GetClientRect
EnableMenuItem
ClipCursor
CheckMenuItem
RegisterHotKey
DestroyAcceleratorTable
SystemParametersInfoA
PostQuitMessage
ShowWindow
CreateAcceleratorTableW
SetMenuItemInfoW
RedrawWindow
GetClipCursor
DestroyIcon
CreateIcon
VkKeyScanW
SetMenu
AdjustWindowRectEx
GetActiveWindow
RegisterTouchWindow
GetSystemMetrics
IsWindow
SendInput
SetForegroundWindow
GetForegroundWindow
SetCursorPos
SendMessageW
SetWindowPlacement
ChangeDisplaySettingsExW
InvalidateRgn
MapVirtualKeyW
GetUpdateRect
ValidateRect
GetRawInputData
SetWindowPos
GetMonitorInfoW
GetCursorPos
SetWindowLongW
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
ClientToScreen
GetWindowLongW
DestroyWindow
TrackMouseEvent
SetCapture
ReleaseCapture
MonitorFromRect
SetCursor
LoadCursorW
GetWindowPlacement
GetWindowRect
GetWindowLongPtrW
FlashWindowEx
DefWindowProcW
TranslateAcceleratorW
GetAncestor
RegisterRawInputDevices
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
MsgWaitForMultipleObjectsEx
RegisterWindowMessageA
DispatchMessageW
TranslateMessage
PeekMessageW
GetMessageW
PostMessageW
PostThreadMessageW
SetWindowDisplayAffinity
MonitorFromPoint
IsIconic
IsWindowVisible
MonitorFromWindow
GetMenu
IsClipboardFormatAvailable

comctl32

DefSubclassProc
SetWindowSubclass
TaskDialogIndirect
RemoveWindowSubclass

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
RevokeDragDrop
CoInitializeSecurity
OleInitialize
RegisterDragDrop
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree

shell32

ShellExecuteW
SHAppBarMessage
SHGetKnownFolderPath
DragQueryFileW
DragFinish
CommandLineToArgvW
SHCreateItemFromParsingName

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

dwmapi

DwmSetWindowAttribute
DwmEnableBlurBehindWindow

crypt32

CertFreeCertificateContext
CertDuplicateCertificateChain
CertCloseStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateStore
CertAddCertificateContextToStore
CertOpenStore

pdh

PdhOpenQueryA
PdhCollectQueryData
PdhCloseQuery
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter

bcrypt

BCryptGenRandom

advapi32

IsValidSid
SystemFunction036
RegGetValueW
GetLengthSid
CopySid
LookupAccountSidW
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

ws2_32

WSASocketW
WSACleanup
shutdown
ioctlsocket
setsockopt
connect
WSAIoctl
WSAGetLastError
getsockname
getsockopt
WSASend
send
getaddrinfo
recv
closesocket
getpeername
freeaddrinfo
WSAStartup
bind

secur32

InitializeSecurityContextW
ApplyControlToken
LsaFreeReturnBuffer
LsaGetLogonSessionData
AcceptSecurityContext
LsaEnumerateLogonSessions
EncryptMessage
DecryptMessage
FreeContextBuffer
DeleteSecurityContext
AcquireCredentialsHandleA
QueryContextAttributesW
FreeCredentialsHandle

oleaut32

SysFreeString
SysStringLen
GetErrorInfo
SetErrorInfo
SysAllocString
VariantClear

psapi

GetModuleFileNameExW
GetPerformanceInfo

iphlpapi

GetIfEntry2
GetIfTable2
GetAdaptersAddresses
FreeMibTable

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetUserGetInfo
NetUserEnum

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

api-ms-win-crt-string-l1-1-0

wcslen
_wcsicmp
wcsncmp
strcpy_s
strlen

api-ms-win-crt-math-l1-1-0

trunc
floor
__setusermatherr
pow
round

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_wassert
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argc
__p___argv
_cexit
abort
_set_app_type
terminate
_c_exit
_crt_atexit
_register_onexit_function
_seh_filter_exe
_initialize_onexit_table
_register_thread_local_exe_atexit_callback

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caca6bc3bdd81187a088a2bb5003769d

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

ntdll

kernel32

user32

comctl32

ole32

shell32

gdi32

dwmapi

crypt32

pdh

bcrypt

advapi32

ws2_32

secur32

oleaut32

psapi

iphlpapi

netapi32

powrprof

uxtheme

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 9.6MB - Virtual size: 9.6MB

.rdata Size: 5.1MB - Virtual size: 5.1MB

.data Size: 17KB - Virtual size: 28KB

.pdata Size: 396KB - Virtual size: 396KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 9.6MB - Virtual size: 9.6MB

.rdata
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 17KB - Virtual size: 28KB

.pdata
Size: 396KB - Virtual size: 396KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 54KB - Virtual size: 53KB