2024-06-29_713dd693dfbd29d833ff268ff09c7753_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-29_713dd693dfbd29d833ff268ff09c7753_megazord
Size

16.0MB
MD5

713dd693dfbd29d833ff268ff09c7753
SHA1

450213e018ecbd214227ac6bf90e760124c00686
SHA256

419092f401d41ebee3f892450911adac38796fcb0dd6183c02b1eadf5f15f1b6
SHA512

78e7010b1766f4019e2477d09b630934ae251a2be5179b14d933c457a9e47e96a665f0bec44aa46d881e6b3e77fec44a000cc5dcb8efb08ffc27a9521bda1645
SSDEEP

98304:sUbgEP5cQN3GEhf/NmpfD2poqu2afAx47eGn+uEIndMpGroIt+kz4i8ClKucrEC9:jsDUvtmN2npjIndtcUFz4ww/9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-29_713dd693dfbd29d833ff268ff09c7753_megazord

Files

2024-06-29_713dd693dfbd29d833ff268ff09c7753_megazord
.exe windows:6 windows x64 arch:x64

986af28ebe490c5aaff8bdea5949c0e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\项目包\发布系统\ds_idts\src-tauri\target\release\deps\app.pdb

Imports

bcrypt

BCryptGenerateKeyPair
BCryptEncrypt
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptDeriveKey
BCryptGetProperty
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptExportKey
BCryptCreateHash
BCryptHashData
BCryptVerifySignature
BCryptFinishHash
BCryptImportKey
BCryptImportKeyPair
BCryptFinalizeKeyPair
BCryptDestroyHash
BCryptDestroyKey
BCryptGenRandom
BCryptSecretAgreement
BCryptDestroySecret
BCryptSignHash

crypt32

CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore
CryptDecodeObjectEx
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext

user32

RegisterClipboardFormatW
SetClipboardData
RegisterWindowMessageA
GetMessageA
DispatchMessageA
AppendMenuW
PostQuitMessage
AdjustWindowRectEx
IsWindowVisible
DestroyIcon
SystemParametersInfoA
GetDC
GetKeyboardState
GetAsyncKeyState
VkKeyScanW
RegisterHotKey
UnregisterHotKey
OpenClipboard
GetClipboardData
CloseClipboard
IsProcessDPIAware
RedrawWindow
GetClientRect
PostMessageW
LoadCursorW
GetForegroundWindow
SetMenu
IsIconic
ClientToScreen
GetActiveWindow
GetCursorPos
ReleaseCapture
SetWindowPos
InvalidateRgn
SetCursorPos
SetCursor
DestroyWindow
PeekMessageW
TranslateMessage
DispatchMessageW
MapVirtualKeyW
GetMessageW
GetAncestor
TranslateAcceleratorW
PostThreadMessageW
DefWindowProcW
FlashWindowEx
ChangeDisplaySettingsExW
SetWindowPlacement
GetWindowPlacement
CreateWindowExW
IsWindow
GetSystemMetrics
RegisterTouchWindow
ValidateRect
GetUpdateRect
MonitorFromRect
TrackMouseEvent
GetWindowLongW
GetTouchInputInfo
ScreenToClient
CloseTouchInputHandle
MonitorFromWindow
GetMonitorInfoW
SendMessageA
FindWindowA
EnumChildWindows
RegisterRawInputDevices
MsgWaitForMultipleObjectsEx
SetWindowLongPtrW
SetCapture
GetKeyboardLayout
MapVirtualKeyExW
GetKeyState
ToUnicodeEx
CreateIcon
DestroyAcceleratorTable
EnableMenuItem
CheckMenuItem
CreateAcceleratorTableW
GetRawInputData
GetMenu
SetWindowDisplayAffinity
GetWindowLongPtrW
EnumDisplayMonitors
MonitorFromPoint
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
RegisterClassExW
SetForegroundWindow
SendInput
GetWindowRect
ShowWindow
GetSystemMenu
SendMessageW
SetWindowLongW
GetClipCursor
ClipCursor
ShowCursor
SetMenuItemInfoW
CreateMenu
EmptyClipboard

ntdll

RtlVirtualUnwind
RtlUnwindEx
NtDeviceIoControlFile
RtlGetNtVersionNumbers
NtWriteFile
NtReadFile
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtCancelIoFileEx
RtlPcToFileHeader
RtlNtStatusToDosError

kernel32

TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreatePipe
SleepConditionVariableSRW
EncodePointer
GetEnvironmentVariableW
RaiseException
LoadLibraryExW
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReleaseSRWLockExclusive
CloseHandle
GetCurrentProcessId
AcquireSRWLockExclusive
GetCurrentThreadId
GetModuleHandleW
Sleep
GetModuleHandleA
GetProcAddress
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetSystemTimeAsFileTime
CreateFileA
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx
ReadFile
SetFileCompletionNotificationModes
GetFileInformationByHandle
GetConsoleMode
WriteFile
SetHandleInformation
GetLastError
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetModuleFileNameW
GetOverlappedResult
GetCommandLineW
SetFileInformationByHandle
SetFilePointerEx
WriteFileEx
ReadFileEx
GetExitCodeProcess
TerminateProcess
GetProcessId
WakeAllConditionVariable
WakeConditionVariable
CancelIo
HeapReAlloc
WaitForSingleObjectEx
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
MoveFileExW
RemoveDirectoryW
DeviceIoControl
CreateSymbolicLinkW
CreateHardLinkW
SetFileAttributesW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
MultiByteToWideChar
WriteConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetTempPathW
SleepEx
CreateEventA
GetFileAttributesW
WaitNamedPipeA
GlobalAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
TlsFree
GlobalUnlock
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GlobalLock
GetSystemInfo
CreateFileMappingW
LoadLibraryW
GetCurrentProcess
LCIDToLocaleName
GetUserDefaultUILanguage
DuplicateHandle
VirtualProtect
FreeLibrary
LoadLibraryA
WaitForSingleObject
FormatMessageW
HeapFree
HeapAlloc
GetProcessHeap
GetStdHandle
SetFileTime
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
GetUserDefaultLocaleName
lstrlenW

ws2_32

closesocket
setsockopt
WSAIoctl
recv
send
WSAGetLastError
select
shutdown
WSACleanup
freeaddrinfo
getaddrinfo
connect
bind
WSASocketW
getpeername
getsockname
WSAStartup
WSASend
getsockopt
ioctlsocket

comctl32

SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass
TaskDialogIndirect

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

ole32

CreateStreamOnHGlobal
CoCreateInstance
OleInitialize
CoUninitialize
RevokeDragDrop
CoInitializeEx
RegisterDragDrop
CoTaskMemAlloc
CoTaskMemFree

shell32

DragQueryFileW
DragFinish
ShellExecuteW
SHGetKnownFolderPath
SHAppBarMessage
SHCreateItemFromParsingName

advapi32

RegOpenKeyExW
RegQueryValueExW
EventRegister
SystemFunction036
EventWriteTransfer
EventUnregister
RegCloseKey
RegGetValueW
EventSetInformation

oleaut32

SysFreeString
GetErrorInfo
SysStringLen
SetErrorInfo

uxtheme

SetWindowTheme

secur32

EncryptMessage
DeleteSecurityContext
QueryContextAttributesW
FreeCredentialsHandle
AcquireCredentialsHandleA
DecryptMessage
FreeContextBuffer
AcceptSecurityContext
ApplyControlToken
InitializeSecurityContextW

api-ms-win-crt-math-l1-1-0

pow
trunc
ceil
cosf
sinf
roundf
fmaf
log2
sin
floorf
truncf
round
atan2
fmod
tan
cos
_hypot
floor
ceilf
__setusermatherr

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
realloc
_callnewh
calloc
malloc

api-ms-win-crt-string-l1-1-0

strncmp
strcpy_s
_wcsicmp
wcsncmp
strlen
wcslen

api-ms-win-crt-time-l1-1-0

_difftime64
_time64

api-ms-win-crt-stdio-l1-1-0

fclose
__p__commode
fopen
_set_fmode
__stdio_common_vsprintf
fgets

api-ms-win-crt-runtime-l1-1-0

terminate
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
_set_app_type
_seh_filter_exe
__p___argc
_cexit
_c_exit
_crt_atexit
_register_thread_local_exe_atexit_callback
abort
_wassert
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol
strtol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 503KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

986af28ebe490c5aaff8bdea5949c0e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

crypt32

user32

ntdll

kernel32

ws2_32

comctl32

gdi32

dwmapi

ole32

shell32

advapi32

oleaut32

uxtheme

secur32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 10.2MB - Virtual size: 10.2MB

.rdata Size: 5.2MB - Virtual size: 5.2MB

.data Size: 19KB - Virtual size: 23KB

.pdata Size: 503KB - Virtual size: 502KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 54KB - Virtual size: 54KB

.text
Size: 10.2MB - Virtual size: 10.2MB

.rdata
Size: 5.2MB - Virtual size: 5.2MB

.data
Size: 19KB - Virtual size: 23KB

.pdata
Size: 503KB - Virtual size: 502KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 54KB - Virtual size: 54KB