2024-07-01_c39bc17713800b2d61d9f0c762257d8a_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-01_c39bc17713800b2d61d9f0c762257d8a_megazord
Size

18.1MB
MD5

c39bc17713800b2d61d9f0c762257d8a
SHA1

022cc2c3119e3f60b488aa03f444ef9f43c69a58
SHA256

87bb968352b0c80f18c2a736fa12b67fdd4df0700e1dfa5983e0e3aeb9932ddb
SHA512

8adb19a855bb721bfdbc1f8dee9bf447b24a045369e17044a5ca2261aaf0817e34ab14fc4a9580db9608beaff4046f75f2cde16dd8f8e46289ca8acd824009f5
SSDEEP

98304:rufHwbcHIWRQNoLKWKHVP1UTu22RYXAzgiBknVZKMlDxJzJS9X+REp+S+L9jJatZ:KU1AXYyS9SgZYZE2qj6w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-01_c39bc17713800b2d61d9f0c762257d8a_megazord

Files

2024-07-01_c39bc17713800b2d61d9f0c762257d8a_megazord
.exe windows:6 windows x64 arch:x64

937b1a6d3e7bb66de1eda75ea82e531a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\EasyTier\EasyTier\target\x86_64-pc-windows-msvc\release\deps\easytier_core.pdb

Imports

kernel32

VirtualUnlock
FreeLibrary
GetProcAddress
LoadLibraryA
GetProcessTimes
GetNumaHighestNodeNumber
QueryPerformanceFrequency
GetNumaNodeProcessorMask
WriteConsoleA
GetConsoleScreenBufferInfo
QueryPerformanceCounter
FlsFree
FlsSetValue
FlsAlloc
GetLastError
WriteFile
GetEnvironmentVariableA
GetStdHandle
GetComputerNameExW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetTimeZoneInformationForYear
SetStdHandle
GetStringTypeW
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
GetConsoleOutputCP
GetFileSizeEx
LCMapStringW
CompareStringW
RtlVirtualUnwind
CloseHandle
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
CreateFileW
GetConsoleMode
SetConsoleMode
CreateEventA
WaitForMultipleObjects
SetEvent
LoadLibraryExW
VirtualQuery
VirtualFree
GetCurrentProcess
FormatMessageW
VirtualAlloc
FlsGetValue
GetCommandLineA
TlsFree
GetProcessHeap
HeapFree
HeapAlloc
LoadLibraryExA
TlsSetValue
TlsGetValue
CreateEventW
WaitForSingleObject
TlsAlloc
GetModuleHandleExW
GetModuleFileNameW
SetThreadErrorMode
Sleep
AcquireSRWLockExclusive
GetSystemInfo
RegisterWaitForSingleObject
UnregisterWaitEx
DuplicateHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetHandleInformation
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
HeapSize
ReadFile
GetOverlappedResult
GetLargePageMinimum
GetCurrentProcessorNumber
SetFileCompletionNotificationModes
GetModuleHandleA
SetConsoleTextAttribute
ReleaseSRWLockExclusive
CreateMutexA
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
WaitForSingleObjectEx
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetCurrentProcessId
WriteFileEx
SleepEx
GetExitCodeProcess
TerminateProcess
HeapReAlloc
ReleaseMutex
FindNextFileW
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
DeleteFileW
GetFinalPathNameByHandleW
CancelIo
GetSystemTimeAsFileTime
GetFileType
GetCurrentThread
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread

ws2_32

recv
shutdown
WSADuplicateSocketW
listen
ioctlsocket
connect
bind
WSASocketW
WSASend
sendto
send
socket
WSAStartup
closesocket
WSACleanup
getsockopt
getsockname
accept
getpeername
WSARecvFrom
recvfrom
getaddrinfo
freeaddrinfo
htonl
setsockopt
WSAGetLastError
WSAIoctl

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
SystemFunction036
OpenProcessToken

ole32

StringFromGUID2
CoCreateGuid
CLSIDFromString

iphlpapi

ConvertLengthToIpv4Mask
GetAdaptersInfo
ConvertInterfaceLuidToIndex
GetAdaptersAddresses

oleaut32

SysStringLen
SysFreeString
GetErrorInfo

bcrypt

BCryptGenRandom

ntdll

NtWriteFile
NtReadFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile

packet

PacketGetAdapterNames

Sections

.text
Size: 12.4MB - Virtual size: 12.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 662KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

937b1a6d3e7bb66de1eda75ea82e531a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

advapi32

ole32

iphlpapi

oleaut32

bcrypt

ntdll

packet

Sections

.text Size: 12.4MB - Virtual size: 12.4MB

.rdata Size: 4.9MB - Virtual size: 4.9MB

.data Size: 34KB - Virtual size: 145KB

.pdata Size: 662KB - Virtual size: 661KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 97KB - Virtual size: 97KB

.text
Size: 12.4MB - Virtual size: 12.4MB

.rdata
Size: 4.9MB - Virtual size: 4.9MB

.data
Size: 34KB - Virtual size: 145KB

.pdata
Size: 662KB - Virtual size: 661KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 97KB - Virtual size: 97KB