pupyx86[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pupyx86.dll
Size

4.8MB
MD5

da83545a0af3332b4f9182d4cac869dc
SHA1

fe7de3196e9d8d8aaff3310e661e8f654f72767d
SHA256

7782477901a1690a7d372a87439af8599134958d691a99c8c29850052b2b1d95
SHA512

2739a841e438f5d3f11dd8acd2bb57f16295cfd92071e1afeb2ec0d2d5df7b8f85d0ae91836f852481faa5b50fcdf386e0508970e103fa44ec2fc0fcf40a7de9
SSDEEP

98304:Y/oMZqW8mHe+9js510BFM43xUt0b6S8PCCvBXxLxL8W7fvHVJ:wJkWfVM0BCWgS8Pz19B8Mv1

Score

1^/10

Malware Config

Signatures

Files

pupyx86.dll
.dll windows x86

5eb4e70bcf314082d30c9e6b60fae3c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DestroyWindow
RegisterClassExA
MsgWaitForMultipleObjects
TranslateMessage
UnregisterClassA
CreateWindowExA
PeekMessageA
DefWindowProcA
DispatchMessageA

advapi32

CreateProcessAsUserA

kernel32

HeapSize
GetNativeSystemInfo
Sleep
WaitForMultipleObjects
CreateThread
FreeLibrary
VirtualFree
VirtualQueryEx
OpenProcess
Thread32First
Thread32Next
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
LoadLibraryA
OpenThread
CreateToolhelp32Snapshot
GetVersionExA
CloseHandle
WriteProcessMemory
ResumeThread
GetCurrentThreadId
CreateRemoteThread
GetModuleHandleA
GetThreadContext
SetThreadContext
CreateProcessA
TerminateProcess
CreatePipe
FindResourceA
GetModuleHandleExA
FindResourceExW
FindResourceW
LoadResource
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
InitializeCriticalSection
FindResourceExA
WideCharToMultiByte
LoadLibraryW
SizeofResource
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
EnterCriticalSection
LocalAlloc
GetModuleFileNameA
LoadLibraryExA
LocalFree
CreateFileA
VirtualQuery
lstrlenA
MapViewOfFile
UnmapViewOfFile
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
GetThreadLocale
CreateFileMappingA
VirtualProtect
GetCommandLineW
SetErrorMode
GetCurrentProcess
ExitProcess
HeapReAlloc
SetConsoleCtrlHandler
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapCreate
HeapDestroy
DeleteCriticalSection
WriteFile
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Exports

Exports

_JNI_OnLoad@8
_Launch@0
_ReflectiveLoader@4

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 269KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xzdata
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5eb4e70bcf314082d30c9e6b60fae3c1

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 269KB - Virtual size: 272KB

.xzdata Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 269KB - Virtual size: 272KB

.xzdata
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 18KB - Virtual size: 17KB