2024-06-26_7634d680c0750e25ef512a9c30686e95_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-26_7634d680c0750e25ef512a9c30686e95_megazord
Size

5.3MB
MD5

7634d680c0750e25ef512a9c30686e95
SHA1

2e4ee8edc234585aa870f40dc82ebcaa13162474
SHA256

a10dab374952e625a4fe71e54fd05a08027e6be18c3c9e27a8869cffb032f081
SHA512

50cbdf1efcdbff7138ae908c924d9df507bc80796a28a17a8a19beee074bb973b5da16a287b58428a2c77bab9b0f920562381550edd53baae5698492bbb2f895
SSDEEP

49152:/7BfWO5540Fz8GPT2a4r6MGUjhaTcCryqOmRsOI0w0sIYDsmp3y1HvXy2+8qZngd:p57RqUk5y5+8yEgaogXi7PqME9Bnk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-26_7634d680c0750e25ef512a9c30686e95_megazord

Files

2024-06-26_7634d680c0750e25ef512a9c30686e95_megazord
.exe windows:6 windows x64 arch:x64

24f2e101f4a16dc70053590524e07d16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
SwitchToThread
ReleaseMutex
CloseHandle
GetCurrentThreadId
CreateMutexW
GetLastError
GetModuleHandleW
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
SetEnvironmentVariableW
GetUserDefaultLocaleName
RemoveDirectoryW
CompareStringOrdinal
WaitForSingleObject
GetExitCodeProcess
ReleaseSRWLockShared
GetProcessId
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
SleepConditionVariableSRW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetCurrentProcess
RtlLookupFunctionEntry
GetProcAddress
GetCurrentThread
RtlCaptureContext
WakeAllConditionVariable
WakeConditionVariable
SetUnhandledExceptionFilter
lstrlenW
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
OpenProcess
SetFileCompletionNotificationModes
GetModuleHandleA
GetSystemInfo
CreatePipe
Sleep
UnregisterWait
RegisterWaitForSingleObject
PostQueuedCompletionStatus
AcquireSRWLockShared
GetComputerNameExW
LoadLibraryExW
VirtualQuery
FreeLibrary
TerminateProcess
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
RtlVirtualUnwind
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
DeleteFileW
MoveFileExW
GetSystemTimes
GetProcessIoCounters
GetProcessTimes
ReadProcessMemory
VirtualQueryEx
LocalFree
GlobalMemoryStatusEx
K32GetPerformanceInfo
LocalAlloc
LoadLibraryW
LoadLibraryExA
GetUserDefaultUILanguage
LCIDToLocaleName
OutputDebugStringA
OutputDebugStringW
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
TlsFree

ws2_32

getsockopt
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
accept
WSASocketW
recv
WSAGetLastError
closesocket
sendto
recvfrom
connect
send
getpeername
getsockname
shutdown
WSARecv
WSASend
socket
bind
listen
ioctlsocket
WSAIoctl

dbghelp

MiniDumpWriteDump

user32

SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SendInput
GetKeyState
ShowWindow
MonitorFromRect
EnumChildWindows
GetDC
PostQuitMessage
RegisterRawInputDevices
IsProcessDPIAware
DispatchMessageA
ToUnicodeEx
GetMessageA
VkKeyScanW
GetWindowLongPtrW
GetKeyboardLayout
MapVirtualKeyExW
AppendMenuW
CreateMenu
SetCursor
DestroyIcon
DestroyAcceleratorTable
AdjustWindowRectEx
GetMenu
GetWindowLongW
InvalidateRgn
SetWindowPos
RegisterWindowMessageA
LoadCursorW
CloseTouchInputHandle
ScreenToClient
GetKeyboardState
GetTouchInputInfo
TrackMouseEvent
ReleaseCapture
GetAsyncKeyState
FlashWindowEx
SetCapture
SetWindowLongW
EnableMenuItem
IsIconic
CreateAcceleratorTableW
SetForegroundWindow
ClientToScreen
GetActiveWindow
RegisterTouchWindow
IsWindow
SetWindowDisplayAffinity
GetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
IsWindowVisible
SetMenu
SetCursorPos
MonitorFromWindow
GetSystemMetrics
GetSystemMenu
GetMonitorInfoW
SetWindowPlacement
ChangeDisplaySettingsExW
EnumDisplayMonitors
MonitorFromPoint
CheckMenuItem
GetClientRect
CreateIcon
SetMenuItemInfoW
ShowCursor
ClipCursor
GetClipCursor
SendMessageW
RegisterClassExW
FindWindowW
MapVirtualKeyW
GetUpdateRect
RedrawWindow
ValidateRect
GetRawInputData
SetWindowLongPtrW
CreateWindowExW
TranslateAcceleratorW
GetAncestor
PostMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
DestroyWindow
DefWindowProcW
GetCursorPos

comctl32

SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass
TaskDialogIndirect

ole32

CoCreateInstance
CoSetProxyBlanket
CreateStreamOnHGlobal
CoTaskMemAlloc
RevokeDragDrop
CoUninitialize
CoTaskMemFree
RegisterDragDrop
OleInitialize
CoInitializeEx

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhOpenQueryA
PdhAddEnglishCounterW
PdhCollectQueryData

shell32

SHCreateItemFromParsingName
DragQueryFileW
DragFinish
ShellExecuteW
CommandLineToArgvW
SHGetKnownFolderPath
SHAppBarMessage

bcrypt

BCryptGenRandom

advapi32

EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
GetTokenInformation
CopySid
GetLengthSid
IsValidSid
OpenProcessToken
EventRegister
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SystemFunction036

ntdll

NtQuerySystemInformation
NtWriteFile
NtReadFile
NtQueryInformationProcess
NtCreateFile
NtDeviceIoControlFile
NtCancelIoFileEx
RtlNtStatusToDosError
RtlGetVersion

secur32

ApplyControlToken
DecryptMessage
FreeContextBuffer
EncryptMessage
FreeCredentialsHandle
AcceptSecurityContext
InitializeSecurityContextW
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertOpenStore
CertDuplicateCertificateChain
CertDuplicateStore
CertFreeCertificateContext
CertCloseStore
CertFreeCertificateChain
CertAddCertificateContextToStore

psapi

GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
EnumProcessModules

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

oleaut32

SysAllocStringLen
SysStringLen
VariantClear
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
GetErrorInfo
SetErrorInfo
SysFreeString

api-ms-win-crt-string-l1-1-0

strlen
strcpy_s
wcsncmp
wcslen
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_invoke_watson
_set_invalid_parameter_handler
signal
_initialize_onexit_table
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_crt_atexit
abort
_seh_filter_exe
_set_app_type
__p___argv
__p___argc
_configure_narrow_argv
terminate
exit
_initterm_e
_initterm
_initialize_narrow_environment
_exit
_get_initial_narrow_environment

api-ms-win-crt-math-l1-1-0

round
__setusermatherr
floor
trunc
pow
ceil

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode
calloc

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24f2e101f4a16dc70053590524e07d16

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

dbghelp

user32

comctl32

ole32

pdh

shell32

bcrypt

advapi32

ntdll

secur32

crypt32

psapi

powrprof

uxtheme

gdi32

dwmapi

oleaut32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 1KB - Virtual size: 13KB

.pdata Size: 96KB - Virtual size: 96KB

.eh_fram Size: 512B - Virtual size: 88B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 128KB - Virtual size: 128KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 1KB - Virtual size: 13KB

.pdata
Size: 96KB - Virtual size: 96KB

.eh_fram
Size: 512B - Virtual size: 88B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 128KB - Virtual size: 128KB

.reloc
Size: 36KB - Virtual size: 35KB