2024-06-24_4d6ed071f0bacc38f051e37070be6628_megazord

Sharing

Copy URL

Twitter E-mail

General

Target

2024-06-24_4d6ed071f0bacc38f051e37070be6628_megazord
Size

5.0MB
MD5

4d6ed071f0bacc38f051e37070be6628
SHA1

a8c50fb52cac4f3f29604c104937384b1e1721d6
SHA256

1c2fc75093d8c305e7dbea6c9a2c1abbbbac6babdb2678f7830da30c1f92cce5
SHA512

fd4d2b0fa950e39147d4c566eab69e361a4bc560155aefd002e577e2954644f2f33062cacd67af17f37967ff566a69be0a116716bc1be7f87a0164dec77427bf
SSDEEP

98304:RhylOrKoqbTJcr5DTqC78ciwKSgB/BAUwI:zjFqQ7VTm/1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-24_4d6ed071f0bacc38f051e37070be6628_megazord

Files

2024-06-24_4d6ed071f0bacc38f051e37070be6628_megazord
.exe windows:6 windows x64 arch:x64

8fb4df4624b21a5627a068ba01c79c57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

PostQueuedCompletionStatus
TryAcquireSRWLockExclusive
GetLastError
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetProcAddress
WakeAllConditionVariable
SetUnhandledExceptionFilter
GetCurrentThreadId
lstrlenW
SetEnvironmentVariableW
FindClose
OpenProcess
IsWow64Process
GetModuleHandleA
VirtualAllocEx
WriteProcessMemory
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetFileInformationByHandleEx
MoveFileExW
RemoveDirectoryW
CopyFileExW
WakeConditionVariable
Sleep
SetHandleInformation
GetProcessId
SetFilePointerEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
SleepConditionVariableSRW
GetModuleHandleW
GetComputerNameExW
LoadLibraryExW
VirtualQuery
FreeLibrary
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFullPathNameW
GetSystemInfo
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
RtlVirtualUnwind
DeleteFileW
GetProcessTimes
LocalFree
GetSystemTimes
GetProcessIoCounters
VirtualQueryEx
ReadProcessMemory
GetTickCount64
LoadLibraryW
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryExA
GetUserDefaultUILanguage
LCIDToLocaleName
OutputDebugStringA
OutputDebugStringW
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
TerminateProcess
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
TlsFree
CloseHandle
AcquireSRWLockShared
SwitchToThread
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseMutex
RtlCaptureContext
GetCurrentThread
GetCurrentProcess
ReleaseSRWLockExclusive
HeapReAlloc
HeapFree
GetProcessHeap
GetFinalPathNameByHandleW
HeapAlloc

ws2_32

WSAStartup
WSACleanup
select
getsockname
send
WSAIoctl
ioctlsocket
getaddrinfo
getsockopt
listen
connect
bind
WSASend
WSARecv
recv
WSASocketW
freeaddrinfo
closesocket
setsockopt
WSAGetLastError
accept
shutdown
socket
getpeername

dbghelp

MiniDumpWriteDump

ntdll

NtWriteFile
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtQuerySystemInformation
NtQueryInformationProcess
NtReadFile
RtlGetVersion

advapi32

SystemFunction036
RegQueryValueExW
OpenProcessToken
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
RegCloseKey
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
RegOpenKeyExW

user32

EnumChildWindows
MonitorFromWindow
DispatchMessageA
GetMessageA
VkKeyScanW
AppendMenuW
CreateMenu
MessageBoxW
SetWindowTextW
IsWindowVisible
GetForegroundWindow
SetCursorPos
EnumDisplayMonitors
MonitorFromPoint
CheckMenuItem
SetMenuItemInfoW
CloseClipboard
DestroyWindow
RedrawWindow
GetClientRect
PostMessageW
CreateIcon
CreateWindowExW
SetWindowLongPtrW
GetMessageW
RegisterRawInputDevices
GetRawInputData
ValidateRect
PostThreadMessageW
PeekMessageW
GetUpdateRect
MapVirtualKeyW
GetAncestor
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjectsEx
EnumWindows
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetSystemMetrics
GetKeyboardState
MapVirtualKeyExW
RegisterWindowMessageA
RegisterClassExW
ChangeDisplaySettingsExW
SetWindowPlacement
GetWindowPlacement
SetWindowPos
InvalidateRgn
SetCapture
ReleaseCapture
PostQuitMessage
ShowWindow
SendInput
GetDC
SetClipboardData
IsProcessDPIAware
DestroyAcceleratorTable
DestroyIcon
GetSystemMenu
EnableMenuItem
SendMessageW
SetWindowLongW
ClientToScreen
GetActiveWindow
GetClipCursor
ClipCursor
GetWindowLongPtrW
DefWindowProcW
SetForegroundWindow
GetWindowRect
GetWindowLongW
GetMenu
AdjustWindowRectEx
ShowCursor
SystemParametersInfoA
GetKeyboardLayout
ToUnicodeEx
GetKeyState
GetMonitorInfoW
GetAsyncKeyState
TrackMouseEvent
MonitorFromRect
GetTouchInputInfo
ScreenToClient
CloseTouchInputHandle
GetCursorPos
LoadCursorW
SetCursor
FlashWindowEx
IsWindow
RegisterTouchWindow
SetWindowDisplayAffinity
SetMenu
CreateAcceleratorTableW
OpenClipboard
GetClipboardData
EmptyClipboard
RegisterClipboardFormatW

secur32

QueryContextAttributesW
AcquireCredentialsHandleA
InitializeSecurityContextW
DecryptMessage
EncryptMessage
FreeContextBuffer
ApplyControlToken
DeleteSecurityContext
FreeCredentialsHandle
AcceptSecurityContext

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertCloseStore
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertDuplicateStore

shell32

ShellExecuteW
DragFinish
SHCreateItemFromParsingName
DragQueryFileW
CommandLineToArgvW
SHGetKnownFolderPath

ole32

CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoCreateInstance
RegisterDragDrop
CoInitializeEx
RevokeDragDrop
OleInitialize
CoTaskMemAlloc

bcrypt

BCryptGenRandom

pdh

PdhRemoveCounter
PdhCloseQuery

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass

psapi

EnumProcessModules
GetModuleInformation
GetModuleFileNameExW

powrprof

CallNtPowerInformation

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

uxtheme

SetWindowTheme

dwmapi

DwmEnableBlurBehindWindow

oleaut32

SysStringLen
SetErrorInfo
SysFreeString
GetErrorInfo

api-ms-win-crt-runtime-l1-1-0

_c_exit
__p___argv
__p___argc
terminate
_register_thread_local_exe_atexit_callback
_invoke_watson
_exit
exit
_initterm_e
_set_invalid_parameter_handler
_initterm
signal
_cexit
_configure_narrow_argv
_get_initial_narrow_environment
_initialize_onexit_table
_register_onexit_function
_seh_filter_exe
_set_app_type
abort
_initialize_narrow_environment
_crt_atexit

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr
trunc
ceil
round
floor

api-ms-win-crt-string-l1-1-0

strcpy_s
_wcsicmp
wcslen
strlen
wcsncmp

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_set_new_mode
_callnewh
free

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fb4df4624b21a5627a068ba01c79c57

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

dbghelp

ntdll

advapi32

user32

secur32

crypt32

shell32

ole32

bcrypt

pdh

comctl32

psapi

powrprof

gdi32

uxtheme

dwmapi

oleaut32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 100KB - Virtual size: 100KB

.eh_fram Size: 512B - Virtual size: 88B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 100KB - Virtual size: 100KB

.eh_fram
Size: 512B - Virtual size: 88B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 37KB - Virtual size: 37KB