2024-07-04_61c891cb8bf86bf2ae61473fd55731d7_megazord

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-04_61c891cb8bf86bf2ae61473fd55731d7_megazord
Size

5.2MB
MD5

61c891cb8bf86bf2ae61473fd55731d7
SHA1

49807eee8ae52a225ef640610af0b3fbee0754d8
SHA256

0075a150c9bd30c80e799bac367bf30a88ef3be22fafea5fbb5c2a990f4b62db
SHA512

af9c900eb4a0f3e662061d54f8399bafd78b6364f9ee728274eab618b5812887e35619e9c12c6fe273569bb2084d72c4856ab7ea69156f7ff0b3f92d21a862aa
SSDEEP

98304:M3TUshJuAY7Gafhq/ZPdBmd90khieSnk:afWf0/ZHmPP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-04_61c891cb8bf86bf2ae61473fd55731d7_megazord

Files

2024-07-04_61c891cb8bf86bf2ae61473fd55731d7_megazord
.exe windows:6 windows x64 arch:x64

e81c548a47d12a92799b3748d303cb5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
SwitchToThread
ReleaseMutex
CloseHandle
GetCurrentThreadId
CreateMutexW
GetLastError
GetModuleHandleW
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
SetEnvironmentVariableW
GetUserDefaultLocaleName
RemoveDirectoryW
CompareStringOrdinal
GetProcessId
GetCurrentProcessId
WaitForSingleObject
GetExitCodeProcess
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapReAlloc
SleepConditionVariableSRW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
RtlLookupFunctionEntry
GetProcAddress
GetCurrentThread
RtlCaptureContext
WakeAllConditionVariable
WakeConditionVariable
SetUnhandledExceptionFilter
lstrlenW
SetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
OpenProcess
SetFileCompletionNotificationModes
GetModuleHandleA
GetSystemInfo
CreatePipe
Sleep
UnregisterWait
RegisterWaitForSingleObject
PostQueuedCompletionStatus
AcquireSRWLockShared
GetComputerNameExW
LoadLibraryExW
VirtualQuery
FreeLibrary
TerminateProcess
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
RtlVirtualUnwind
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
DeleteFileW
MoveFileExW
HeapAlloc
GetSystemTimes
GetProcessIoCounters
GetProcessTimes
ReadProcessMemory
VirtualQueryEx
LocalFree
GetProcessHeap
HeapFree
GlobalMemoryStatusEx
K32GetPerformanceInfo
LocalAlloc
LoadLibraryW
LoadLibraryExA
GetUserDefaultUILanguage
LCIDToLocaleName
OutputDebugStringA
OutputDebugStringW
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
TlsFree

ws2_32

getsockopt
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
accept
WSASocketW
recv
WSAGetLastError
closesocket
sendto
recvfrom
connect
send
getpeername
getsockname
shutdown
WSARecv
WSASend
socket
bind
listen
ioctlsocket
WSAIoctl

dbghelp

MiniDumpWriteDump

user32

SetWindowDisplayAffinity
IsProcessDPIAware
GetForegroundWindow
SetCapture
IsWindow
GetWindowTextLengthW
RegisterTouchWindow
SetWindowTextW
IsWindowVisible
SetMenu
SetCursorPos
GetCursorPos
ChangeDisplaySettingsExW
SetWindowPlacement
GetMonitorInfoW
ReleaseCapture
EnumDisplayMonitors
GetSystemMenu
MonitorFromPoint
EnableMenuItem
CreateAcceleratorTableW
GetWindowLongPtrW
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SendInput
ShowWindow
PostQuitMessage
RegisterRawInputDevices
EnumChildWindows
SetWindowLongW
DestroyAcceleratorTable
DestroyIcon
AdjustWindowRectEx
GetMenu
GetWindowLongW
InvalidateRgn
SetWindowPos
RegisterWindowMessageA
CheckMenuItem
SetMenuItemInfoW
IsIconic
ShowCursor
ClipCursor
GetClipCursor
FlashWindowEx
GetActiveWindow
GetAsyncKeyState
TrackMouseEvent
ClientToScreen
SetForegroundWindow
DispatchMessageA
MonitorFromRect
GetMessageA
VkKeyScanW
AppendMenuW
CreateMenu
SetCursor
LoadCursorW
CloseTouchInputHandle
ScreenToClient
GetSystemMetrics
GetKeyState
ToUnicodeEx
GetKeyboardLayout
MapVirtualKeyExW
GetDC
GetTouchInputInfo
GetClientRect
CreateIcon
GetKeyboardState
MonitorFromWindow
SendMessageW
RegisterClassExW
FindWindowW
MapVirtualKeyW
GetUpdateRect
RedrawWindow
ValidateRect
GetRawInputData
SetWindowLongPtrW
CreateWindowExW
TranslateAcceleratorW
GetAncestor
PostMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
DestroyWindow
DefWindowProcW
GetWindowTextW

comctl32

SetWindowSubclass
DefSubclassProc
TaskDialogIndirect
RemoveWindowSubclass

pdh

PdhOpenQueryA
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddEnglishCounterW

shell32

DragQueryFileW
CommandLineToArgvW
SHCreateItemFromParsingName
SHAppBarMessage
DragFinish
SHGetKnownFolderPath
ShellExecuteW

ole32

RegisterDragDrop
OleInitialize
CreateStreamOnHGlobal
RevokeDragDrop
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoUninitialize

bcrypt

BCryptGenRandom

advapi32

EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
GetTokenInformation
CopySid
GetLengthSid
IsValidSid
OpenProcessToken
EventRegister
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SystemFunction036

ntdll

RtlNtStatusToDosError
NtQueryInformationProcess
NtDeviceIoControlFile
NtQuerySystemInformation
NtWriteFile
NtCreateFile
RtlGetVersion
NtReadFile
NtCancelIoFileEx

secur32

DecryptMessage
InitializeSecurityContextW
AcceptSecurityContext
AcquireCredentialsHandleA
QueryContextAttributesW
EncryptMessage
FreeCredentialsHandle
DeleteSecurityContext
FreeContextBuffer
ApplyControlToken

crypt32

CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertOpenStore
CertDuplicateCertificateContext
CertCloseStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertAddCertificateContextToStore
CertFreeCertificateChain
CertDuplicateStore

powrprof

CallNtPowerInformation

uxtheme

SetWindowTheme

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

oleaut32

SysStringLen
SysFreeString
GetErrorInfo
SetErrorInfo

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleInformation
GetProcessMemoryInfo

api-ms-win-crt-string-l1-1-0

wcslen
wcsncmp
strcpy_s
strlen
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

terminate
_invoke_watson
_set_invalid_parameter_handler
signal
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_register_onexit_function
_seh_filter_exe
_set_app_type
_crt_atexit
_configure_narrow_argv
_c_exit
_cexit
_initialize_narrow_environment
_get_initial_narrow_environment
abort
__p___argv
__p___argc
_initterm
_initterm_e
_exit
exit

api-ms-win-crt-math-l1-1-0

trunc
floor
pow
__setusermatherr
round
ceil

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
calloc
_callnewh
free

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e81c548a47d12a92799b3748d303cb5d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

dbghelp

user32

comctl32

pdh

shell32

ole32

bcrypt

advapi32

ntdll

secur32

crypt32

powrprof

uxtheme

gdi32

dwmapi

oleaut32

psapi

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 1KB - Virtual size: 13KB

.pdata Size: 94KB - Virtual size: 94KB

.eh_fram Size: 512B - Virtual size: 88B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 128KB - Virtual size: 128KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 1KB - Virtual size: 13KB

.pdata
Size: 94KB - Virtual size: 94KB

.eh_fram
Size: 512B - Virtual size: 88B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 128KB - Virtual size: 128KB

.reloc
Size: 35KB - Virtual size: 35KB