2024-06-13_4e44991ad3b6a775759a73760ac1ce9b_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-13_4e44991ad3b6a775759a73760ac1ce9b_megazord
Size

18.7MB
MD5

4e44991ad3b6a775759a73760ac1ce9b
SHA1

bcf6ff39e32e22e3baf02358274a68bf3b2119e6
SHA256

fad6a9fbc650e7459ffebdc1ea426d744fedc554ef3439a0e5730f5f5015d31f
SHA512

50b3ea36777d417320ecbba9b6ee569ba43e8a32e117f30815b92b650e9cbf4edb2ccf0540020193d7b978b6bb869b1397d90d56833f05a7ee5935abfa73391b
SSDEEP

196608:cGN40MAmiyp//ny6p/l2nRK1WeGr9JShDkKXolasDAI/:RgAapnnjlqRemJ6DkKYlash/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-13_4e44991ad3b6a775759a73760ac1ce9b_megazord

Files

2024-06-13_4e44991ad3b6a775759a73760ac1ce9b_megazord
.exe windows:6 windows x64 arch:x64

404428be97c32954fab1979119060e54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

shiva_app.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

kernel32

SetNamedPipeHandleState
CreateNamedPipeW
GetTimeZoneInformationForYear
lstrlenW
LoadLibraryA
GetUserDefaultUILanguage
LCIDToLocaleName
LoadLibraryW
GetFileAttributesW
OutputDebugStringA
OutputDebugStringW
GetModuleFileNameW
GetProcessHeap
HeapFree
LoadLibraryExW
FreeLibrary
GetEnvironmentVariableW
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx
CancelIoEx
ReadFile
GetOverlappedResult
WriteFile
LoadLibraryExA
CreateEventW
HeapAlloc
GetFileInformationByHandle
GetConsoleMode
Sleep
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineW
SetFileInformationByHandle
GetNativeSystemInfo
GetStdHandle
GetCurrentProcessId
WriteFileEx
SleepEx
GetExitCodeProcess
TerminateProcess
GetProcessId
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
HeapReAlloc
FindClose
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
MoveFileExW
GetFinalPathNameByHandleW
CancelIo
ExitProcess
ReadFileEx
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
WriteConsoleW
CreateThread
GetFullPathNameW
GetTempPathW
WaitForSingleObjectEx
CreateMutexA
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetUserPreferredUILanguages
GetComputerNameExW
CreatePipe
ReleaseSRWLockExclusive
DuplicateHandle
GetCurrentProcess
WaitForSingleObject
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GetCurrentThread
GlobalAlloc
GlobalUnlock
GlobalSize
CreateFileW
GlobalLock
GetCurrentThreadId
GetLastError
CreateMutexW
CloseHandle
ReleaseMutex
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

EnumChildWindows
ShowWindow
RegisterWindowMessageA
MapWindowPoints
SetParent
IsProcessDPIAware
RegisterRawInputDevices
MsgWaitForMultipleObjectsEx
SetCapture
ReleaseCapture
SystemParametersInfoW
GetKeyboardState
GetAsyncKeyState
GetKeyState
MapVirtualKeyExW
GetRawInputData
DestroyIcon
GetMenu
AdjustWindowRectEx
ShowCursor
GetClipCursor
ClipCursor
IsWindowVisible
SystemParametersInfoA
SetPropW
GetSystemMenu
EnableMenuItem
SetWindowLongW
SetWindowDisplayAffinity
EnumDisplayMonitors
GetWindowLongPtrW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
SetForegroundWindow
SendInput
GetKeyboardLayout
ToUnicodeEx
CreateIcon
GetMessageA
DispatchMessageA
RegisterClassW
TrackPopupMenu
DrawIconEx
GetMenuItemInfoW
SetMenu
DrawMenuBar
FillRect
DrawTextW
GetMenuBarInfo
OffsetRect
GetWindowDC
CheckMenuItem
RemoveMenu
DestroyMenu
CreateMenu
CreatePopupMenu
InsertMenuW
AppendMenuW
SetMenuItemInfoW
DestroyAcceleratorTable
CreateAcceleratorTableW
PostQuitMessage
EmptyClipboard
SetWindowLongPtrW
RegisterClipboardFormatW
ReleaseDC
CloseClipboard
MonitorFromPoint
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
FlashWindowEx
DispatchMessageW
TranslateMessage
GetMessageW
MapVirtualKeyW
FindWindowW
SendMessageW
TranslateAcceleratorW
GetDC
GetForegroundWindow
GetActiveWindow
SetCursorPos
IsIconic
AdjustWindowRect
InvalidateRgn
RegisterTouchWindow
IsWindow
DefWindowProcW
CreateWindowExW
RegisterClassExW
GetMonitorInfoW
SetWindowPos
MonitorFromWindow
GetCursorPos
GetWindowRect
MonitorFromRect
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
DestroyWindow
TrackMouseEvent
PostMessageW
GetSystemMetrics
SetCursor
ClientToScreen
GetClientRect
GetWindowLongW
GetUpdateRect
PeekMessageW
PostThreadMessageW
ValidateRect
RedrawWindow
SetClipboardData
LoadCursorW

shell32

DragFinish
SHGetKnownFolderPath
ShellExecuteExW
DragQueryFileW
Shell_NotifyIconW
SHAppBarMessage
Shell_NotifyIconGetRect

gdi32

SetTextColor
SetBkMode
CreateSolidBrush
GetDeviceCaps
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
BitBlt
GetDIBits
CreateDIBitmap
CreateRectRgn
DeleteObject

advapi32

RegOpenKeyExW
RegGetValueW
RegCloseKey
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
SystemFunction036
ImpersonateAnonymousToken
RevertToSelf
RegQueryValueExW

comctl32

RemoveWindowSubclass
SetWindowSubclass
TaskDialogIndirect
DefSubclassProc

ole32

RegisterDragDrop
CoIncrementMTAUsage
CoTaskMemFree
RevokeDragDrop
CoInitializeEx
CoUninitialize
OleInitialize
CoTaskMemAlloc
CoCreateInstance

dwmapi

DwmSetWindowAttribute
DwmGetWindowAttribute
DwmEnableBlurBehindWindow

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

bcrypt

BCryptGenRandom

shlwapi

SHCreateMemStream

ntdll

RtlGetVersion
NtCancelIoFileEx
NtDeviceIoControlFile
NtReadFile
NtWriteFile
RtlNtStatusToDosError

oleaut32

SysStringLen
SysFreeString
SetErrorInfo
GetErrorInfo

api-ms-win-crt-math-l1-1-0

fmod
round
exp2f
powf
ceil
pow
truncf
trunc
roundf
floor
__setusermatherr

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
strlen
wcscmp
_wcsicmp
wcslen

api-ms-win-crt-runtime-l1-1-0

__p___argv
__p___argc
_c_exit
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
abort
strerror
_cexit

api-ms-win-crt-convert-l1-1-0

_wtoi
_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_callnewh
_set_new_mode

Sections

.text
Size: 10.7MB - Virtual size: 10.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

404428be97c32954fab1979119060e54

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

user32

shell32

gdi32

advapi32

comctl32

ole32

dwmapi

api-ms-win-core-winrt-l1-1-0

bcrypt

shlwapi

ntdll

oleaut32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 10.7MB - Virtual size: 10.7MB

.rdata Size: 7.3MB - Virtual size: 7.3MB

.data Size: 13KB - Virtual size: 25KB

.pdata Size: 548KB - Virtual size: 548KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 67KB - Virtual size: 66KB

.text
Size: 10.7MB - Virtual size: 10.7MB

.rdata
Size: 7.3MB - Virtual size: 7.3MB

.data
Size: 13KB - Virtual size: 25KB

.pdata
Size: 548KB - Virtual size: 548KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 67KB - Virtual size: 66KB