2024-06-29_b57dbab5d60273a9e0d773ab2cdf0e71_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-29_b57dbab5d60273a9e0d773ab2cdf0e71_megazord
Size

16.5MB
MD5

b57dbab5d60273a9e0d773ab2cdf0e71
SHA1

863c47b7c7cd86f8234b88721a80998b15671f2a
SHA256

8b7964fc376881db6ab9d2aa729b3fdbb58a7d366333d21b072028406b274874
SHA512

00545698250eb6e50916ef6cdf4ae3b90555bff29f5b208dc8ffd0d1694d6b89f21a45308c0de80fcf277591974415590dd80b25da5dd28896b9a0f5ae111d41
SSDEEP

393216:pTIiYUOjyLTu5INzJNS70Q0IBXT/ac3TuAbyi3AlQ:2iYUOBGzC70Q0IdTicD+mA2

Score

1^/10

Malware Config

Signatures

Files

2024-06-29_b57dbab5d60273a9e0d773ab2cdf0e71_megazord
.exe windows:6 windows x64 arch:x64

a71e2a906ccd3b9e0dfa8b6fe835897f

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cd
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:20

Not After

29/12/2040, 23:59

Subject

CN=Entrust Code Signing CA - OVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:fd:d3:d7:a3:48:e3:20:67:c5:17:ef:57:0c:cc:e8
Certificate

Issuer

CN=Entrust Code Signing CA - OVCS2,O=Entrust\, Inc.,C=US

Not Before

08/04/2024, 14:30

Not After

21/09/2025, 14:30

Subject

CN=Dell Technologies Inc.,OU=DUP Client Creation Service,O=Dell Technologies Inc.,L=Round Rock,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:b3:be:d5:9f:74:5f:64:f3:a3:a0:00:e8:f5:63:de:53:ad:f5:52:2b:25:80:29:b6:d6:cb:c4:8f:0c:2c:69
Signer

Actual PE Digest

3d:b3:be:d5:9f:74:5f:64:f3:a3:a0:00:e8:f5:63:de:53:ad:f5:52:2b:25:80:29:b6:d6:cb:c4:8f:0c:2c:69

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

GetWindowLongW
GetKeyboardLayout
RegisterWindowMessageA
GetKeyboardState
ShowWindow
GetSystemMenu
SetClipboardData
EmptyClipboard
GetClipboardData
EnableMenuItem
SendMessageW
SetWindowLongW
ChangeDisplaySettingsExW
SetWindowPlacement
SetCapture
OpenClipboard
MessageBoxW
MapVirtualKeyW
SendInput
CreateIcon
SetForegroundWindow
CloseClipboard
GetClipCursor
GetClientRect
FlashWindowEx
InvalidateRgn
GetUpdateRect
GetRawInputData
GetKeyState
SetWindowPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
SetCursor
LoadCursorW
MonitorFromRect
GetWindowPlacement
GetMenu
ClipCursor
TrackMouseEvent
IsProcessDPIAware
MonitorFromWindow
ShowCursor
RegisterTouchWindow
GetSystemMetrics
SetWindowDisplayAffinity
DefWindowProcW
RedrawWindow
ToUnicodeEx
GetWindowLongPtrW
MapVirtualKeyA
DestroyIcon
DestroyWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostThreadMessageW
ClientToScreen
DispatchMessageW
TranslateMessage
MonitorFromPoint
AdjustWindowRectEx
RegisterRawInputDevices
GetWindowRect
GetMessageW
IsIconic
SetWindowLongPtrW
GetMonitorInfoW
CreateWindowExW
RegisterClassExW
ValidateRect
SetWindowTextW
GetDC
IsWindowVisible
PostMessageW
ReleaseCapture
GetCursorPos
GetForegroundWindow
SystemParametersInfoA
GetActiveWindow

kernel32

CompareStringOrdinal
SetLastError
RtlUnwindEx
OutputDebugStringW
GetCPInfo
FlsSetValue
IsValidCodePage
GetCurrentProcess
WriteFile
FlsGetValue
FreeLibraryAndExitThread
MoveFileExW
CreateMutexW
GetLocaleInfoW
FlsFree
ReleaseMutex
GetDiskFreeSpaceExA
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
RtlLookupFunctionEntry
GetProcAddress
GetCurrentThread
RtlCaptureContext
SystemTimeToFileTime
GlobalLock
GlobalUnlock
GlobalFree
IsValidLocale
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
GetModuleHandleA
GetSystemInfo
FindFirstFileExW
SetEndOfFile
GetFileAttributesExW
FlsAlloc
CreateDirectoryW
GetFileAttributesW
FindFirstFileW
FindClose
GetUserDefaultLCID
Sleep
RemoveDirectoryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetCurrentDirectoryW
GetACP
LCMapStringW
LocalFree
GetOEMCP
ResumeThread
SetEnvironmentVariableW
SwitchToThread
SystemTimeToTzSpecificLocalTime
ExitThread
CompareStringW
EncodePointer
QueryPerformanceCounter
LoadLibraryExW
CreateFileMappingW
MapViewOfFile
DuplicateHandle
VirtualProtect
UnmapViewOfFile
GetModuleHandleExW
EnumSystemLocalesW
WakeAllConditionVariable
FreeLibrary
SetThreadErrorMode
FlushFileBuffers
GetQueuedCompletionStatusEx
GetSystemDirectoryA
GetConsoleOutputCP
SleepConditionVariableSRW
WakeConditionVariable
TryAcquireSRWLockExclusive
GetStdHandle
ExitProcess
WriteConsoleW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
SetFilePointerEx
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
ReadConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
PeekNamedPipe
GetDriveTypeW
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
QueryPerformanceFrequency
GetSystemTimeAsFileTime
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
SetFileInformationByHandle
CopyFileExW
GetUserPreferredUILanguages
PostQueuedCompletionStatus
CreateIoCompletionPort
SetConsoleCtrlHandler
CreateEventA
GetFileType
RemoveVectoredExceptionHandler
TlsSetValue
GlobalSize
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
TlsGetValue
TlsAlloc
FormatMessageA
CloseHandle
LoadLibraryExA
GetSystemDefaultLangID
TlsFree
RtlVirtualUnwind
GetCurrentThreadId
GetTimeZoneInformation
UnhandledExceptionFilter
RtlPcToFileHeader
SetUnhandledExceptionFilter
GetLastError
IsProcessorFeaturePresent
SetEvent
GetFileSizeEx
SetStdHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapSize
GetCommandLineA
FileTimeToSystemTime
FileTimeToLocalFileTime
ResetEvent
InitializeSListHead
IsDebuggerPresent
FindVolumeClose
GetVolumeInformationA
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLogicalDriveStringsA
FindFirstVolumeA
GetStartupInfoW
CopyFileW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetSystemFirmwareTable
SetCurrentDirectoryA
GetCurrentDirectoryA
FindFirstFileA
FindNextFileA
CreateProcessA
GetModuleFileNameA
GetStartupInfoA
RtlUnwind
GetStringTypeW

gdi32

CreateRectRgn
StretchDIBits
GetDeviceCaps
DeleteObject

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod

dwmapi

DwmEnableBlurBehindWindow

imm32

ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmAssociateContextEx

ole32

CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
OleInitialize
RegisterDragDrop
RevokeDragDrop
CoCreateGuid
CoCreateInstance
CoUninitialize

advapi32

RegQueryValueExA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
GetUserNameW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
EqualSid
ConvertStringSidToSidW
LookupAccountSidW
GetLengthSid
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
RegDeleteValueW
InitiateSystemShutdownW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegDeleteKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegCreateKeyExW
RegOpenKeyExA

wintrust

WinVerifyTrust

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

DragQueryFileW
DragFinish
SHFileOperationW

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCancelIoFileEx

d3dcompiler_47

D3DCompile

oleaut32

SysAllocStringLen
SafeArrayGetElement
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SysAllocString
GetErrorInfo
SysStringLen
SysFreeString
VariantInit
SafeArrayPutElement

uxtheme

SetWindowTheme

ws2_32

getservbyport
gethostbyname
gethostbyaddr
socket
send
WSASetLastError
recv
ntohs
inet_ntoa
inet_addr
getservbyname
htonl
getsockopt
ioctlsocket
connect
closesocket
__WSAFDIsSet
WSAGetLastError
bind
getsockname
listen
WSAStartup
htons
select

Exports

Exports

??0DSMIPMIInterfaceImpl@@QEAA@XZ
??1DSMIPMIInterfaceImpl@@UEAA@XZ
??4DSMIPMIInterfaceImpl@@QEAAAEAV0@AEBV0@@Z
??_7DSMIPMIInterfaceImpl@@6B@
?IPMIRequest@DSMIPMIInterfaceImpl@@QEAAIPEAU_DSMIPMICommandData@@@Z
?Initialize@DSMIPMIInterfaceImpl@@QEAAIPEBU_DSMIPMIConfiguration@@@Z
?Initialize@DSMIPMIInterfaceImpl@@QEAAIVDSMString@@@Z
?InitializeDSMLogger@DSMIPMIInterfaceImpl@@AEAAXXZ
?Release@DSMIPMIInterfaceImpl@@QEAAIXZ
?freePMInfo@@YAHPEAUPMInfo@@@Z
?getPMInfo@@YAHHPEAPEAUPMInfo@@@Z
?getPMStatus@@YAHXZ
?getTestPMInfo@@YAHHPEAPEAUPMInfo@@@Z

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a71e2a906ccd3b9e0dfa8b6fe835897f

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cdCertificate

Extended Key Usages

Key Usages

26:fd:d3:d7:a3:48:e3:20:67:c5:17:ef:57:0c:cc:e8Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

3d:b3:be:d5:9f:74:5f:64:f3:a3:a0:00:e8:f5:63:de:53:ad:f5:52:2b:25:80:29:b6:d6:cb:c4:8f:0c:2c:69Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

gdi32

winmm

dwmapi

imm32

ole32

advapi32

wintrust

version

shell32

bcrypt

ntdll

d3dcompiler_47

oleaut32

uxtheme

ws2_32

Exports

Exports

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 2.5MB - Virtual size: 2.5MB

.data Size: 18KB - Virtual size: 30KB

.pdata Size: 318KB - Virtual size: 317KB

_RDATA Size: 512B - Virtual size: 148B

.gxfg Size: 13KB - Virtual size: 13KB

.gehcont Size: 512B - Virtual size: 36B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 49KB - Virtual size: 48KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cd
Certificate

26:fd:d3:d7:a3:48:e3:20:67:c5:17:ef:57:0c:cc:e8
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

3d:b3:be:d5:9f:74:5f:64:f3:a3:a0:00:e8:f5:63:de:53:ad:f5:52:2b:25:80:29:b6:d6:cb:c4:8f:0c:2c:69
Signer

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 18KB - Virtual size: 30KB

.pdata
Size: 318KB - Virtual size: 317KB

_RDATA
Size: 512B - Virtual size: 148B

.gxfg
Size: 13KB - Virtual size: 13KB

.gehcont
Size: 512B - Virtual size: 36B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 49KB - Virtual size: 48KB