2024-07-10_a301e4a0100f5ed18e84d952f4688b14_megazord

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-10_a301e4a0100f5ed18e84d952f4688b14_megazord
Size

10.9MB
MD5

a301e4a0100f5ed18e84d952f4688b14
SHA1

dfa7b26f94ee2d2542355e1b38f07beb80535e75
SHA256

1728361f1dfca564e5252a1eec9b56e00d75a05e55743b368d700b5bc7fc002a
SHA512

fa5c29cbf66a19724128b20c19e330689935aa41bd39c71b4fb48426b87bd51beb5dc9d74ff27d2ddcc0bbe427e8f813143b2426a8729a4d95dd5055c7438deb
SSDEEP

98304:ZxfjEr1cKwPZST3zzoGQ5v90XI31LPzMK4WBFpYGGDful9Zdtk6+Eay:Zxb5Zx0cNQKjdGDfunZdPI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-10_a301e4a0100f5ed18e84d952f4688b14_megazord

Files

2024-07-10_a301e4a0100f5ed18e84d952f4688b14_megazord
.exe windows:6 windows x64 arch:x64

b5010dff27bbd5c109ca44022f55acd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

sas

SendSAS

wtsapi32

WTSEnumerateSessionsA
WTSQuerySessionInformationW
WTSFreeMemory

kernel32

GetFileInformationByHandleEx
UnmapViewOfFile
LocalFree
GetExitCodeProcess
ConnectNamedPipe
LocalAlloc
CreateFileW
FlushFileBuffers
OpenProcess
CreateDirectoryW
WTSGetActiveConsoleSessionId
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
QueueUserAPC
ResumeThread
GetModuleHandleExA
GetCurrentThreadId
GetLogicalProcessorInformation
GetSystemInfo
SetFilePointerEx
GlobalLock
GlobalSize
GlobalUnlock
WaitForSingleObject
MultiByteToWideChar
GlobalAlloc
GlobalFree
SetHandleInformation
GetUserDefaultLocaleName
TerminateProcess
SetConsoleMode
CreateSemaphoreA
SetConsoleCtrlHandler
GetModuleHandleW
GetQueuedCompletionStatusEx
SetLastError
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
PostQueuedCompletionStatus
ReadFile
GetOverlappedResult
WriteFile
CancelIoEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
CreateNamedPipeW
FreeLibrary
LoadLibraryExA
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
WriteConsoleW
GetCurrentDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
GetFileInformationByHandle
GetFullPathNameW
FindNextFileW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
CreateEventW
CancelIo
ExitProcess
GetSystemTimeAsFileTime
SetFileTime
CreateSymbolicLinkW
CopyFileExW
SetThreadErrorMode
LoadLibraryExW
GetComputerNameExW
VirtualQuery
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RtlVirtualUnwind
GetFileSize
GetFileTime
SetFilePointer
ResetEvent
GetStdHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WakeConditionVariable
SleepConditionVariableCS
InitializeConditionVariable
TryEnterCriticalSection
WakeAllConditionVariable
SetThreadPriority
InitializeCriticalSection
GetLogicalDrives
GetCurrentProcessId
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThread
FindFirstFileExW
GetFileSizeEx
GetConsoleOutputCP
ReadConsoleW
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FindClose
QueryPerformanceFrequency
DeleteFileW
FormatMessageW
lstrlenW
ReleaseSemaphore
WaitForMultipleObjectsEx
QueryPerformanceCounter
SetEvent
SwitchToThread
CreateEventA
ReleaseSRWLockExclusive
GetTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReleaseMutex
GetCurrentProcess
GetProcAddress
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
AcquireSRWLockExclusive
Sleep
HeapReAlloc
GetLastError
SetThreadStackGuarantee
AddVectoredExceptionHandler
CloseHandle
HeapFree
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
ReleaseSRWLockShared
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
WideCharToMultiByte
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
GetConsoleMode
InitializeCriticalSectionEx
RemoveDirectoryW
AcquireSRWLockShared
HeapAlloc
GetProcessHeap
IsValidCodePage
GetACP
GetOEMCP
SetStdHandle
HeapSize
MoveFileExW
SetEndOfFile

oleaut32

SysStringLen
GetErrorInfo
SysFreeString

ole32

OleUninitialize
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx
PropVariantClear
OleInitialize
OleSetClipboard
OleIsCurrentClipboard
ReleaseStgMedium
CoTaskMemAlloc
OleGetClipboard

advapi32

GetTokenInformation
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueExW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegCloseKey
CreateProcessWithTokenW
ImpersonateLoggedOnUser
DuplicateTokenEx
EqualSid
AdjustTokenPrivileges
LookupPrivilegeValueW
SystemFunction036
RegSetValueExW
RegCreateKeyExW
CreateProcessWithLogonW
CreateProcessAsUserW
GetUserNameW
OpenProcessToken
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegDeleteKeyExW
FreeSid

user32

PostMessageW
SetForegroundWindow
TrackPopupMenu
GetRawInputData
ValidateRect
PeekMessageW
PostThreadMessageW
GetUpdateRect
MsgWaitForMultipleObjectsEx
AttachThreadInput
GetKeyboardState
ToUnicodeEx
DestroyWindow
EnumDisplayDevicesW
EnumDisplaySettingsExW
ExitWindowsEx
MapVirtualKeyA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetThreadDesktop
GetUserObjectInformationA
PeekMessageA
SendMessageA
PostMessageA
GetAsyncKeyState
GetClipboardOwner
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatA
RegisterClipboardFormatW
CountClipboardFormats
EnumClipboardFormats
DefWindowProcW
GetWindowLongPtrW
SetWindowTextW
ShowWindow
GetMessageW
TranslateMessage
OpenClipboard
SendInput
GetForegroundWindow
InvalidateRgn
SetWindowPos
GetMenu
GetWindowLongW
AdjustWindowRectEx
RedrawWindow
GetWindowThreadProcessId
GetKeyboardLayout
MapVirtualKeyExW
VkKeyScanExW
RegisterClassW
CopyIcon
DestroyIcon
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
RegisterRawInputDevices
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
BlockInput
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
GetKeyState
LockWorkStation
RegisterWindowMessageA
DestroyMenu
AppendMenuW
CreatePopupMenu
GetClipboardFormatNameA
SendMessageW
GetSystemMetrics
GetCursorInfo
DispatchMessageW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
PostThreadMessageA
FindWindowA
DefWindowProcA
SetWindowsHookExA
GetMessageA
DispatchMessageA
UnhookWindowsHookEx
CallNextHookEx
LoadCursorA
RegisterClassExA
CreateWindowExA
FindWindowExA
GetCursorPos
GetIconInfo
GetDC
ReleaseDC
IsClipboardFormatAvailable

ntdll

NtCancelIoFileEx
NtCreateFile
RtlNtStatusToDosError
NtDeviceIoControlFile

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CertNameToStrA
CryptHashCertificate
CertOpenSystemStoreA
CertEnumCertificatesInStore

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory1

gdi32

CreateCompatibleBitmap
CreateDCW
CreateCompatibleDC
BitBlt
GetDIBits
GetBitmapBits
GetObjectA
DeleteObject
SelectObject
DeleteDC

iphlpapi

SendARP
GetAdaptersAddresses

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetKnownFolderPath
SHAddToRecentDocs
ShellExecuteExW

winmm

timeBeginPeriod
timeEndPeriod
timeGetDevCaps

ws2_32

send
recv
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
socket
getpeername
sendto
accept
listen
ioctlsocket
WSASocketW
getsockopt
shutdown
WSAGetLastError
connect
closesocket
bind
setsockopt
WSASend
recvfrom
WSAIoctl
getsockname

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5010dff27bbd5c109ca44022f55acd6

Headers

DLL Characteristics

File Characteristics

Imports

sas

wtsapi32

kernel32

oleaut32

ole32

advapi32

user32

ntdll

bcrypt

crypt32

d3d11

dxgi

gdi32

iphlpapi

api-ms-win-shcore-scaling-l1-1-1

shell32

winmm

ws2_32

userenv

Sections

.text Size: 7.8MB - Virtual size: 7.8MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 7KB - Virtual size: 30KB

.pdata Size: 131KB - Virtual size: 130KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 100KB - Virtual size: 100KB

.rsrc Size: 166KB - Virtual size: 165KB

.text
Size: 7.8MB - Virtual size: 7.8MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 7KB - Virtual size: 30KB

.pdata
Size: 131KB - Virtual size: 130KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 166KB - Virtual size: 165KB