pyi-grab_version[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

pyi-grab_version.exe
Size

105KB
MD5

e8f8fe18fae71ff66f593bdbbbeecb6d
SHA1

08724ef7fbd68285bc6d2724dcc8ac18926a3641
SHA256

6081c9640b29b32eb2055db898e869c3e5ec9a3e7ca33987355c73fce3185804
SHA512

f5f046c8a081590eb8f9042da79dbeaae586d883ab891c1bd0e23e4490a5eea6facc1a68f780e660e9b8f768ecb08c83cd4e3375f3e50efd9cb00f961398a6e1
SSDEEP

1536:1966Spw1RSGXwStXQR1mTqZh52bAGXHnDtCdGgYluexaNSxFfHYTo+G45w:j8wDSRUT0kbAYn2GgYlBYN2fHYTo+p5w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pyi-grab_version.exe

Files

pyi-grab_version.exe
.exe windows x64

c51d659b4b1142d4af3795d09f1d63f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
GetCommandLineW
SearchPathW
SetInformationJobObject
CreateProcessW
SetHandleInformation
WaitForSingleObjectEx
AssignProcessToJobObject
FormatMessageW
GetExitCodeProcess
GetModuleFileNameW
QueryInformationJobObject
MultiByteToWideChar
GetStartupInfoW
GetTempPathW
CreateJobObjectA
GetStdHandle
GetLastError
SetStdHandle
GetFileType
SetConsoleCtrlHandler
SetCurrentDirectoryW
CloseHandle
HeapSize
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableW
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
GetCommandLineA
RtlUnwindEx
HeapSetInformation
GetVersion
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetProcAddress
GetModuleHandleW
WriteFile
SetHandleCount
DeleteCriticalSection
Sleep
LCMapStringW
ReadFile
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
LoadLibraryW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CompareStringW
WriteConsoleW

shlwapi

StrStrIW
PathRemoveFileSpecW
PathCombineW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c51d659b4b1142d4af3795d09f1d63f7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 16KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 16KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 1024B - Virtual size: 852B