2024-06-27_d4526a34f63254a70e7ce36c8e5c14ab_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-27_d4526a34f63254a70e7ce36c8e5c14ab_megazord
Size

8.4MB
MD5

d4526a34f63254a70e7ce36c8e5c14ab
SHA1

cd4c0ab66b89c6794edce3a8e013987f7312fb86
SHA256

cb15b6543c1ccae2ff1869dd68bca617a23dabe8e6d4e7e01f6706d6e1bd6368
SHA512

f16bb2b03ca468e57f0e1b14c398fd29a88fae5cfc094aeb097dcbb2dd9340c85480c93dd890e332ac66c028c7c4ca5b15c83229633a10d7e80fbdb8e9d5176f
SSDEEP

49152:RYyLXSSVbJNlVeajaHwX7WmSt/wjdEv1UGbrliatNnoXAGZx22M3bXOP1AzPgUn0:RwETcitAg/T2c1qPOr3wvm5HJSWbz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-27_d4526a34f63254a70e7ce36c8e5c14ab_megazord

Files

2024-06-27_d4526a34f63254a70e7ce36c8e5c14ab_megazord
.exe windows:6 windows x64 arch:x64

b90b391b26d4c85e05a2e5c039d6902b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\qci_workspace\root-workspaces\__qci-pipeline-474563-1\target\release\deps\tat_agent.pdb

Imports

winpty

winpty_spawn
winpty_spawn_config_new
winpty_conout_name
winpty_conin_name
winpty_spawn_config_free
winpty_set_size
winpty_error_msg
winpty_config_free
winpty_open
winpty_config_set_initial_size
winpty_config_new
winpty_agent_process
winpty_free
winpty_error_free

kernel32

GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetLogicalDrives
GetDriveTypeW
CloseHandle
ReleaseSRWLockShared
OpenEventW
GetComputerNameExW
CreateEventW
GetLastError
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetProcessId
CreateFileW
GetOEMCP
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
AcquireSRWLockShared
GetCurrentProcess
GetProcessHandleCount
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
GetCurrentProcessId
CreateNamedPipeW
GetSystemFirmwareTable
DosDateTimeToFileTime
FileTimeToSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
Sleep
GetModuleHandleA
GetProcAddress
SetHandleInformation
RegisterWaitForSingleObject
UnregisterWaitEx
WaitForSingleObject
GetExitCodeProcess
GetSystemInfo
CancelIoEx
WriteFile
ReadFile
GetOverlappedResult
FlushFileBuffers
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
GetFileType
GetFileInformationByHandleEx
GetCurrentThreadId
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceFrequency
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
DuplicateHandle
SetFilePointerEx
WriteFileEx
SleepEx
ReadFileEx
WakeAllConditionVariable
WakeConditionVariable
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
GetFileInformationByHandle
CreateDirectoryW
FindFirstFileW
DeleteFileW
MoveFileExW
CopyFileExW
CancelIo
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
SetCurrentDirectoryW
ExitProcess
GetFullPathNameW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStringTypeW
GetStartupInfoW
RtlUnwindEx
SetStdHandle
GetCPInfo
GetACP
RtlPcToFileHeader
IsValidCodePage
FindFirstFileExW
RaiseException
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EncodePointer
EnterCriticalSection
RtlVirtualUnwind

advapi32

RegQueryValueExW
RegOpenKeyExW
SystemFunction036
DuplicateTokenEx
RegCloseKey
OpenProcessToken
RevertToSelf
ImpersonateLoggedOnUser
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
GetUserNameW
AllocateLocallyUniqueId

userenv

DestroyEnvironmentBlock
GetUserProfileDirectoryW
CreateEnvironmentBlock

ws2_32

WSAGetLastError
bind
listen
connect
ioctlsocket
getsockname
getpeername
getsockopt
shutdown
recv
closesocket
WSASocketW
setsockopt
WSAIoctl
WSARecv
WSASend
WSACleanup
WSAGetOverlappedResult
getaddrinfo
freeaddrinfo
WSAStartup

secur32

DecryptMessage
AcquireCredentialsHandleA
FreeCredentialsHandle
FreeContextBuffer
AcceptSecurityContext
DeleteSecurityContext
EncryptMessage
LsaFreeReturnBuffer
LsaDeregisterLogonProcess
LsaLogonUser
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
InitializeSecurityContextW
QueryContextAttributesW
ApplyControlToken

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateContext
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertOpenStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateStore

bcrypt

BCryptGenRandom

ntdll

NtWriteFile
RtlAdjustPrivilege
NtSetInformationProcess
NtResumeProcess
RtlNtStatusToDosError
NtReadFile

psapi

GetProcessMemoryInfo

Sections

.text
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b90b391b26d4c85e05a2e5c039d6902b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winpty

kernel32

advapi32

userenv

ws2_32

secur32

crypt32

bcrypt

ntdll

psapi

Sections

.text Size: 5.9MB - Virtual size: 5.9MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 17KB - Virtual size: 24KB

.pdata Size: 307KB - Virtual size: 307KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 5.9MB - Virtual size: 5.9MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 17KB - Virtual size: 24KB

.pdata
Size: 307KB - Virtual size: 307KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 35KB - Virtual size: 35KB