2024-07-05_b88bde3d79249dc0ce6f8cd4e57e4c1f_megazord

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-05_b88bde3d79249dc0ce6f8cd4e57e4c1f_megazord
Size

15.0MB
MD5

b88bde3d79249dc0ce6f8cd4e57e4c1f
SHA1

4fc51c5d70a34601ddc4c32df2b2902229f34f39
SHA256

908decda28bd3c9baac7948bf9bd34810c576d8a52055f0d6ff1ab57906decf3
SHA512

493128495293bd8c9a5d152d6c4b636ca89e8440617ae2b7d315d3a7b333d744214815deda09e1212097c0b977b57b9dc338f044759379d26bbe35b510ace2fa
SSDEEP

393216:t3pqCQXxi/eg3O20z9XdSAG6Z/jTtmskeA7:t3pqCQBi53O222AGC4sk5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-05_b88bde3d79249dc0ce6f8cd4e57e4c1f_megazord

Files

2024-07-05_b88bde3d79249dc0ce6f8cd4e57e4c1f_megazord
.exe windows:6 windows x64 arch:x64

075eebd6d4a8a67faffb1dc4befccf9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFileTime
FreeLibrary
LoadLibraryA
HeapFree
GetProcessHeap
GetUserDefaultUILanguage
LCIDToLocaleName
GetVersionExW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
Sleep
SleepConditionVariableSRW
WaitNamedPipeW
CreateFileW
GetSystemInfo
GetUserDefaultLocaleName
FormatMessageW
GetLastError
GetTempPathW
GetSystemTimeAsFileTime
CreateThread
WriteConsoleW
MultiByteToWideChar
lstrlenW
GetWindowsDirectoryW
GetSystemDirectoryW
WaitForMultipleObjects
GetFullPathNameW
ExitProcess
CancelIo
GetFinalPathNameByHandleW
CreateHardLinkW
CreateSymbolicLinkW
CreateEventW
FindFirstFileW
CreateDirectoryW
GetModuleHandleA
GetFileInformationByHandleEx
FindNextFileW
CreateMutexA
WaitForSingleObjectEx
HeapReAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
WakeConditionVariable
WakeAllConditionVariable
TerminateProcess
GetExitCodeProcess
ReadFileEx
SleepEx
WriteFileEx
HeapAlloc
CreateProcessW
GetNativeSystemInfo
GetCurrentProcessId
GetStdHandle
SetFilePointerEx
DuplicateHandle
SetFileInformationByHandle
GetCommandLineW
CreateNamedPipeW
SetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
GetFileAttributesW
OutputDebugStringA
OutputDebugStringW
WriteFile
ReadFile
GetNamedPipeServerProcessId
LoadLibraryExW
GetNamedPipeClientProcessId
GetEnvironmentVariableW
RtlLookupFunctionEntry
ConnectNamedPipe
RtlCaptureContext
GetCurrentThread
GetCurrentProcess
SwitchToThread
SetThreadStackGuarantee
TryAcquireSRWLockExclusive
DisconnectNamedPipe
AddVectoredExceptionHandler
FlushFileBuffers
LoadLibraryExA
CompareStringOrdinal
WaitForSingleObject
DeleteFileW
GetModuleHandleW
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
AcquireSRWLockExclusive
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
GetCurrentThreadId
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
LocalFree
TlsSetValue
ReleaseSRWLockExclusive
FindClose
ReleaseMutex
FreeEnvironmentStringsW
MoveFileExW
ReleaseSRWLockShared
AcquireSRWLockShared
SetFileAttributesW
GetConsoleMode
GetFileInformationByHandle
SetHandleInformation
GetOverlappedResult
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus
TlsFree

user32

GetMonitorInfoW
ClipCursor
GetClipCursor
SetWindowLongW
GetSystemMenu
SetForegroundWindow
SetWindowDisplayAffinity
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
MonitorFromPoint
EnumDisplayMonitors
ToUnicodeEx
VkKeyScanW
MapVirtualKeyExW
GetKeyState
GetAsyncKeyState
ValidateRect
GetKeyboardState
SendMessageW
GetRawInputData
SetCapture
MsgWaitForMultipleObjectsEx
IsProcessDPIAware
GetDC
GetUpdateRect
GetWindowLongPtrW
TrackMouseEvent
IsWindowVisible
MonitorFromRect
DefWindowProcW
AdjustWindowRectEx
MapVirtualKeyW
GetMenu
GetWindowRect
PostQuitMessage
ShowWindow
CreateAcceleratorTableW
AppendMenuW
CreateMenu
SetMenuItemInfoW
CheckMenuItem
EnableMenuItem
GetKeyboardLayout
PostThreadMessageW
ReleaseCapture
ChangeDisplaySettingsExW
CreateIcon
GetMessageA
ShowCursor
RegisterRawInputDevices
SetWindowPlacement
GetWindowPlacement
DispatchMessageA
PostMessageW
DestroyWindow
PeekMessageW
InvalidateRgn
DestroyIcon
DestroyAcceleratorTable
RegisterClassExW
RegisterWindowMessageA
EnumChildWindows
GetWindowLongW
SetCursor
DispatchMessageW
SetWindowPos
TranslateMessage
TranslateAcceleratorW
MonitorFromWindow
GetCursorPos
GetAncestor
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
SetWindowLongPtrW
LoadCursorW
SetCursorPos
GetActiveWindow
GetMessageW
IsIconic
SetMenu
GetClientRect
AllowSetForegroundWindow
SendInput
FlashWindowEx
ClientToScreen
GetForegroundWindow
RedrawWindow
SystemParametersInfoA
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW

ws2_32

getaddrinfo
freeaddrinfo
WSACleanup
WSAStartup
WSASocketW
bind
connect
ioctlsocket
getsockopt
listen
accept
WSAGetLastError
getsockname
getpeername
WSADuplicateSocketW
shutdown
recv
WSAIoctl
setsockopt
closesocket
WSASend
send

comctl32

SetWindowSubclass
RemoveWindowSubclass
TaskDialogIndirect
DefSubclassProc

ole32

CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
RegisterDragDrop
RevokeDragDrop
CoSetProxyBlanket
OleInitialize
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity

shell32

SHCreateItemFromParsingName
DragFinish
SHGetKnownFolderPath
DragQueryFileW
ShellExecuteW
SHAppBarMessage

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

dwmapi

DwmSetWindowAttribute
DwmEnableBlurBehindWindow

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
CryptImportKey
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
SystemFunction036
CryptDestroyKey
RegCloseKey

uxtheme

SetWindowThemeAttribute
SetWindowTheme

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

oleaut32

GetErrorInfo
SysStringLen
SetErrorInfo
SysAllocStringLen
SysFreeString

ntdll

NtReadFile
NtWriteFile
NtCreateFile
NtDeviceIoControlFile
NtCancelIoFileEx
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

secur32

EncryptMessage
ApplyControlToken
DeleteSecurityContext
AcquireCredentialsHandleA
QueryContextAttributesW
FreeCredentialsHandle
DecryptMessage
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext

crypt32

CertSetCertificateContextProperty
CertOpenStore
CertGetCertificateChain
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertAddCertificateContextToStore
CryptStringToBinaryA
CryptDecodeObjectEx
CertDuplicateCertificateChain
CertFreeCertificateChain
CryptAcquireCertificatePrivateKey
CertDuplicateStore
CertFreeCertificateContext
PFXImportCertStore
CertCreateCertificateContext
CertCloseStore

ncrypt

NCryptFreeObject

api-ms-win-crt-math-l1-1-0

__setusermatherr
round
trunc
pow
floor

api-ms-win-crt-string-l1-1-0

strcpy_s
_wcsicmp
wcsncmp
wcslen

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
terminate
_initialize_narrow_environment
_crt_atexit
_initterm_e
_register_onexit_function
_initialize_onexit_table
exit
_exit
__p___argc
_configure_narrow_argv
abort
_set_app_type
_seh_filter_exe
_c_exit
_register_thread_local_exe_atexit_callback
__p___argv
_cexit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_set_new_mode
_callnewh
free

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

075eebd6d4a8a67faffb1dc4befccf9e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

comctl32

ole32

shell32

gdi32

dwmapi

advapi32

uxtheme

version

oleaut32

ntdll

bcrypt

secur32

crypt32

ncrypt

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.rdata Size: 8.6MB - Virtual size: 8.6MB

.data Size: 13KB - Virtual size: 24KB

.pdata Size: 294KB - Virtual size: 293KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 41KB - Virtual size: 40KB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 6.1MB - Virtual size: 6.1MB

.rdata
Size: 8.6MB - Virtual size: 8.6MB

.data
Size: 13KB - Virtual size: 24KB

.pdata
Size: 294KB - Virtual size: 293KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 41KB - Virtual size: 40KB

.reloc
Size: 47KB - Virtual size: 47KB