2024-06-30_7812ca1f87d14a7a5835ca3b8af4d4a9_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-30_7812ca1f87d14a7a5835ca3b8af4d4a9_megazord
Size

9.4MB
MD5

7812ca1f87d14a7a5835ca3b8af4d4a9
SHA1

2843f1492f9bae0bc496d1d70bbfd6dbfda16e22
SHA256

2c497cd09bb4a108b4f29bb96e89d140ba7a04a9ff33f7cd642b9ac6598ecb09
SHA512

ff97d559db6c2a1e8b69de727d62060c87db7c7aad340dda40a1e3d78414e5a741d3d23510fbc28cb1a4f064a8fe18aa5dc6399941769e5a1be359931720ef50
SSDEEP

98304:MKuggmFI9hZTJE49bt/9l9wRR1l4B21tg2+QHXhiG0Hvo:9hIzo4Rl9wRLl20/7iTHvo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-30_7812ca1f87d14a7a5835ca3b8af4d4a9_megazord

Files

2024-06-30_7812ca1f87d14a7a5835ca3b8af4d4a9_megazord
.exe windows:6 windows x64 arch:x64

f21327977a91f6b30c29819b83c092a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\rustup\rustup\target\x86_64-pc-windows-msvc\release\deps\rustup_init.pdb

Imports

ntdll

NtDeviceIoControlFile
RtlLookupFunctionEntry
RtlCaptureContext
NtCancelIoFileEx
NtCreateFile
RtlVirtualUnwind
VerSetConditionMask
RtlNtStatusToDosError
RtlUnwind
RtlInitUnicodeString
RtlPcToFileHeader
RtlUnwindEx

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
IsProcessInJob
QueryInformationJobObject
SetFileInformationByHandle
SwitchToThread
LCMapStringW
CompareStringW
GetTimeFormatW
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetDateFormatW
GetFullPathNameW
FlsFree
GetModuleHandleW
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
GetSystemInfo
DeviceIoControl
GetConsoleScreenBufferInfo
GetStdHandle
FlsSetValue
FlsGetValue
FlsAlloc
OutputDebugStringW
GetConsoleOutputCP
GetCommandLineA
WriteFile
FreeLibraryAndExitThread
ExitThread
FindClose
FindNextFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetModuleHandleExW
AcquireSRWLockShared
GetFileType
ReleaseSRWLockShared
LoadLibraryExW
CreateFileA
SetConsoleCursorPosition
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
SetConsoleTextAttribute
SetInformationJobObject
CreateJobObjectW
AssignProcessToJobObject
SetConsoleCtrlHandler
FlushFileBuffers
DeleteFileW
GetModuleHandleA
CreateDirectoryW
CreateFileW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
SleepEx
GetFileAttributesExW
RemoveDirectoryW
Sleep
SetFilePointerEx
MoveFileExW
DuplicateHandle
GetFileInformationByHandleEx
GetConsoleMode
SetStdHandle
GetNativeSystemInfo
HeapReAlloc
TlsFree
GetFileInformationByHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetLastError
SetThreadStackGuarantee
AddVectoredExceptionHandler
TlsSetValue
GetCurrentThread
WriteConsoleW
SetLastError
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
FormatMessageW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
GetFinalPathNameByHandleW
FindFirstFileW
ReadConsoleW
HeapSize
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
CreateNamedPipeW
CreateThread
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
GetSystemTimeAsFileTime
CreateHardLinkW
CopyFileExW
SetHandleInformation
ReleaseSRWLockExclusive
EncodePointer
RaiseException
PostQueuedCompletionStatus
GlobalMemoryStatusEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcessId
GetProcAddress
GetSystemDirectoryA
FreeLibrary
AcquireSRWLockExclusive
CloseHandle
HeapFree
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
HeapAlloc
GetProcessHeap
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetEnvironmentVariableW
GetStringTypeW
GetTimeZoneInformation
GetEnvironmentVariableA
VirtualProtect
GetFileSizeEx
ReadFileEx

advapi32

SystemFunction036
RegDeleteTreeW
RegSetValueExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
OpenProcessToken

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysStringLen
SysFreeString

crypt32

CertGetEnhancedKeyUsage
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertFindCertificateInStore
CryptStringToBinaryA
CryptDecodeObjectEx
PFXImportCertStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertDuplicateStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore
CertOpenStore
CertDuplicateCertificateChain

ws2_32

bind
WSAIoctl
ioctlsocket
recv
send
WSASend
WSACloseEvent
WSACreateEvent
shutdown
connect
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
getsockopt
closesocket
getsockname
WSAGetLastError
getpeername
WSACleanup
WSASocketW
WSAWaitForMultipleEvents
WSASetLastError
freeaddrinfo
ntohs
setsockopt
WSAStartup
htons
__WSAFDIsSet
select
accept
htonl
socket
listen
getaddrinfo

shell32

SHGetFolderPathW
ShellExecuteW

bcrypt

BCryptGenRandom

secur32

FreeContextBuffer
DeleteSecurityContext
EncryptMessage
FreeCredentialsHandle
ApplyControlToken
AcceptSecurityContext
InitializeSecurityContextW
QueryContextAttributesW
DecryptMessage
AcquireCredentialsHandleA

user32

SendMessageTimeoutA

userenv

GetUserProfileDirectoryW

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f21327977a91f6b30c29819b83c092a5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

ole32

oleaut32

crypt32

ws2_32

shell32

bcrypt

secur32

user32

userenv

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 231KB - Virtual size: 231KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 46KB - Virtual size: 45KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 231KB - Virtual size: 231KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 46KB - Virtual size: 45KB