2024-06-11_4eea70f97f9821dd76281a6a64ec1efc_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-11_4eea70f97f9821dd76281a6a64ec1efc_megazord
Size

14.2MB
MD5

4eea70f97f9821dd76281a6a64ec1efc
SHA1

ca161641c009e279f6df91a5df19d34803b46938
SHA256

a8f32d055416d25e8b67488b181526f79aac8cbbed7fdfcb7be2c7af8cc9d5d7
SHA512

e0e5f89893c3edd11a027d778515e2ba3173c2998165ee487c8d92db551e046aea10e07459f0e32c5581f5a7aeb709d7238271c00d0c2646c78b6a42a4a2d84a
SSDEEP

98304:CdMGSyfjC43PeqBiY7F9K/8iOug5F0QyP/BvU+cheA:Cd93PTi69W8iO+O

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-11_4eea70f97f9821dd76281a6a64ec1efc_megazord

Files

2024-06-11_4eea70f97f9821dd76281a6a64ec1efc_megazord
.exe windows:6 windows x64 arch:x64

a07f46a3ce6d14a998e7a52a5c661658

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

/home/werdox-wsl/Huginn/packages/huginn-app/src-tauri/target/x86_64-pc-windows-msvc/debug/deps/huginn.pdb

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CreateDirectoryW
CreateEventW
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSymbolicLinkW
CreateThread
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EncodePointer
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetUserDefaultUILanguage
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LCIDToLocaleName
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MoveFileExW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReadFileEx
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetFileAttributesW
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WriteConsoleW
WriteFileEx
lstrlenW

user32

AdjustWindowRectEx
AppendMenuW
ChangeDisplaySettingsExW
CheckMenuItem
ClientToScreen
ClipCursor
CloseTouchInputHandle
CreateAcceleratorTableW
CreateIcon
CreateMenu
CreateWindowExW
DefWindowProcW
DestroyAcceleratorTable
DestroyIcon
DestroyWindow
DispatchMessageA
DispatchMessageW
EnableMenuItem
EnumChildWindows
EnumDisplayMonitors
FlashWindowEx
GetActiveWindow
GetAncestor
GetAsyncKeyState
GetClientRect
GetClipCursor
GetCursorPos
GetDC
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetMenu
GetMessageA
GetMessageW
GetMonitorInfoW
GetRawInputData
GetSystemMenu
GetSystemMetrics
GetTouchInputInfo
GetUpdateRect
GetWindowLongPtrW
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
InvalidateRgn
IsIconic
IsProcessDPIAware
IsWindow
IsWindowVisible
LoadCursorW
MapVirtualKeyExW
MapVirtualKeyW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
RedrawWindow
RegisterClassExW
RegisterRawInputDevices
RegisterTouchWindow
RegisterWindowMessageA
ReleaseCapture
ScreenToClient
SendInput
SendMessageW
SetCapture
SetCursor
SetCursorPos
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetWindowDisplayAffinity
SetWindowLongPtrW
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextW
ShowCursor
ShowWindow
SystemParametersInfoA
ToUnicodeEx
TrackMouseEvent
TranslateAcceleratorW
TranslateMessage
ValidateRect
VkKeyScanW

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSAIoctl
WSASend
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
send
setsockopt
shutdown

api-ms-win-crt-math-l1-1-0

__setusermatherr
floor
pow
round
trunc

shell32

DragFinish
DragQueryFileW
SHAppBarMessage
SHGetKnownFolderPath

dwmapi

DwmEnableBlurBehindWindow

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
OleInitialize
RegisterDragDrop
RevokeDragDrop

uxtheme

SetWindowTheme

comctl32

DefSubclassProc
RemoveWindowSubclass
SetWindowSubclass
TaskDialogIndirect

oleaut32

GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcpy_s
wcslen
wcsncmp

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCertificatesInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertOpenStore
CertVerifyCertificateChainPolicy

secur32

AcceptSecurityContext
AcquireCredentialsHandleA
ApplyControlToken
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
QueryContextAttributesW

ntdll

NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile
NtReadFile
NtWriteFile
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

advapi32

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
abort
exit
terminate

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
calloc
free
malloc

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 10.1MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 758KB - Virtual size: 757KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 525B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a07f46a3ce6d14a998e7a52a5c661658

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ws2_32

api-ms-win-crt-math-l1-1-0

shell32

dwmapi

gdi32

ole32

uxtheme

comctl32

oleaut32

api-ms-win-crt-string-l1-1-0

crypt32

secur32

ntdll

bcrypt

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 10.1MB - Virtual size: 10.1MB

.rdata Size: 3.3MB - Virtual size: 3.3MB

.data Size: 13KB - Virtual size: 24KB

.pdata Size: 758KB - Virtual size: 757KB

.00cfg Size: 512B - Virtual size: 56B

.tls Size: 1024B - Virtual size: 525B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 47KB - Virtual size: 46KB

.text
Size: 10.1MB - Virtual size: 10.1MB

.rdata
Size: 3.3MB - Virtual size: 3.3MB

.data
Size: 13KB - Virtual size: 24KB

.pdata
Size: 758KB - Virtual size: 757KB

.00cfg
Size: 512B - Virtual size: 56B

.tls
Size: 1024B - Virtual size: 525B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 47KB - Virtual size: 46KB