2024-06-14_231f007d7468c410e7ad6c5360ab3c8f_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_231f007d7468c410e7ad6c5360ab3c8f_megazord
Size

6.8MB
MD5

231f007d7468c410e7ad6c5360ab3c8f
SHA1

0cc43aa97ddbd552fe377675bda5666c42df84f2
SHA256

b5b06f1254a33ca4df6cf8cfc01ed638ab163e40357573a130645ad3e99b3dc7
SHA512

d89f2a4140bc4ace52a51616c565b41d7dbce625a2882575a8602f8955d99727bad5c8a4b0523be2b9f4c01227904f7fd0a0ca052489c8cb59f4b5b237db3631
SSDEEP

98304:2nbS+PumUjDt/9M3D+w2I17eN7oAaJMOHNrfWb9H:uumUFouI17eB4Vg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-14_231f007d7468c410e7ad6c5360ab3c8f_megazord

Files

2024-06-14_231f007d7468c410e7ad6c5360ab3c8f_megazord
.exe windows:6 windows x64 arch:x64

b3c504c3468390ec0f908f97bfa1d1be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

bcryptprimitives

ProcessPrng

shell32

SHAppBarMessage
DragFinish
DragQueryFileW
SHGetKnownFolderPath
ShellExecuteW
SHCreateItemFromParsingName
CommandLineToArgvW

ole32

CoTaskMemAlloc
RevokeDragDrop
RegisterDragDrop
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

kernel32

GetNamedPipeClientProcessId
CreateNamedPipeW
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetLogicalProcessorInformation
GetSystemInfo
lstrlenW
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitNamedPipeW
MultiByteToWideChar
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateFileW
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryExA
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetNamedPipeServerProcessId
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
CancelIo
ExitProcess
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
DeleteFileW
MoveFileExW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetCurrentProcess
SetEvent
WaitForSingleObject
ReadProcessMemory
CreateEventW
HeapReAlloc
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
OpenProcess
SetEnvironmentVariableW
VirtualQueryEx
GetSystemTimePreciseAsFileTime
GetTickCount64
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetLogicalDrives
FindClose
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetModuleHandleW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
Sleep
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
TerminateProcess
RtlUnwindEx
DuplicateHandle
GetModuleHandleA
GetCurrentThreadId
CloseHandle
DisconnectNamedPipe
FlushFileBuffers
ReadFile
ConnectNamedPipe
GetLastError
SwitchToThread
LoadLibraryW
HeapFree
RtlPcToFileHeader
WideCharToMultiByte
RaiseException
LoadLibraryExW
EncodePointer
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WriteFile
PostQueuedCompletionStatus
TlsAlloc
TlsGetValue
TlsSetValue
SetHandleInformation
TlsFree

user32

PostQuitMessage
SendInput
ShowWindow
SetMenuItemInfoW
DefWindowProcW
RegisterClassExW
DestroyAcceleratorTable
DestroyIcon
AdjustWindowRectEx
GetMenu
GetWindowLongW
GetSystemMenu
SetWindowTextW
InvalidateRgn
SetCursor
SetWindowPos
GetWindowPlacement
RegisterWindowMessageA
CloseTouchInputHandle
GetWindowTextLengthW
GetTouchInputInfo
SetCapture
SystemParametersInfoA
LoadCursorW
ScreenToClient
TrackMouseEvent
GetKeyState
GetAsyncKeyState
GetWindowTextW
GetCursorPos
SetCursorPos
ToUnicodeEx
FlashWindowEx
CreateAcceleratorTableW
EnableMenuItem
SendMessageW
SetWindowLongW
GetDC
MonitorFromWindow
EnumChildWindows
RegisterTouchWindow
IsWindow
SetWindowDisplayAffinity
EnumDisplayMonitors
MonitorFromPoint
IsIconic
IsWindowVisible
GetWindowLongPtrW
MonitorFromRect
ReleaseCapture
SetForegroundWindow
SetMenu
CheckMenuItem
GetWindowRect
ClientToScreen
CreateMenu
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
AppendMenuW
VkKeyScanW
GetMonitorInfoW
IsProcessDPIAware
ChangeDisplaySettingsExW
GetKeyboardLayout
MsgWaitForMultipleObjectsEx
GetKeyboardState
MapVirtualKeyExW
DispatchMessageA
PostMessageW
ShowCursor
ClipCursor
GetSystemMetrics
GetClipCursor
GetAncestor
TranslateAcceleratorW
CreateWindowExW
GetMessageA
GetForegroundWindow
SetWindowPlacement
AllowSetForegroundWindow
CreateIcon
GetClientRect
DestroyWindow
GetActiveWindow
MapVirtualKeyW
GetUpdateRect
ValidateRect
GetRawInputData
RedrawWindow
RegisterRawInputDevices
SetWindowLongPtrW

comctl32

SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass
TaskDialogIndirect

oleaut32

SetErrorInfo
GetErrorInfo
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysFreeString
VariantClear
SysStringLen

advapi32

RegCreateKeyExW
CopySid
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SystemFunction036
RegEnumValueW
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
CredWriteW
CredReadW
CredDeleteW
CredFree
LookupAccountSidW
GetLengthSid
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
IsValidSid

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

dxgi

CreateDXGIFactory

bcrypt

BCryptGenRandom

ws2_32

WSAIoctl
closesocket
WSASend
WSASocketW
ioctlsocket
connect
WSAGetLastError
bind
setsockopt
getaddrinfo
WSAStartup
WSACleanup
getsockname
shutdown
getsockopt
getpeername
recv
send
freeaddrinfo

ntdll

NtQueryInformationProcess
NtReadFile
NtWriteFile
NtCreateFile
NtDeviceIoControlFile
RtlGetVersion
NtCancelIoFileEx
NtQuerySystemInformation
RtlNtStatusToDosError

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertCloseStore
CertDuplicateCertificateContext
CertDuplicateStore
CertFreeCertificateContext
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertOpenStore
CertGetCertificateChain
CertAddCertificateContextToStore

secur32

QueryContextAttributesW
LsaFreeReturnBuffer
FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
LsaEnumerateLogonSessions
DecryptMessage
ApplyControlToken
AcquireCredentialsHandleA
LsaGetLogonSessionData

psapi

GetModuleFileNameExW
GetPerformanceInfo

iphlpapi

GetAdaptersAddresses
FreeMibTable
GetIfTable2
GetIfEntry2

netapi32

NetApiBufferFree
NetUserGetLocalGroups
NetUserGetInfo
NetUserEnum

pdh

PdhGetFormattedCounterValue
PdhOpenQueryA
PdhAddEnglishCounterW
PdhCloseQuery
PdhRemoveCounter
PdhCollectQueryData

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcslen
strcpy_s
strlen
wcsncmp

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
free
_set_new_mode
realloc
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr
floor
trunc
pow
round

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_c_exit
_register_onexit_function
_wassert
_crt_atexit
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_cexit
__p___argv
terminate
abort
__p___argc
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_set_app_type
exit
_exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3c504c3468390ec0f908f97bfa1d1be

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

shell32

ole32

kernel32

user32

comctl32

oleaut32

advapi32

setupapi

dxgi

bcrypt

ws2_32

ntdll

crypt32

secur32

psapi

iphlpapi

netapi32

pdh

powrprof

uxtheme

gdi32

dwmapi

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

msvcp140

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 3.8MB - Virtual size: 3.8MB

.data Size: 1024B - Virtual size: 12KB

.pdata Size: 67KB - Virtual size: 66KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 1024B - Virtual size: 12KB

.pdata
Size: 67KB - Virtual size: 66KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 35KB - Virtual size: 35KB