471c71c19edd44af9483f62bad05ac98837f15f5671d949cac366d6a3d2f453b

Sharing

Copy URL Twitter E-mail

General

Target

471c71c19edd44af9483f62bad05ac98837f15f5671d949cac366d6a3d2f453b
Size

250KB
MD5

548b6f62d4aaffee9abd991833dfab70
SHA1

c3b78ee338337422f6acbf09ff0df9d79508caa3
SHA256

471c71c19edd44af9483f62bad05ac98837f15f5671d949cac366d6a3d2f453b
SHA512

eb54fd85ecb181f5ebd14a43079eae750c51a74f1bc864f9f132f7afc24982509c9c2e3e16da3f972cca080f7154afc156cc5b9a25ecf0f3b387eac45f16f374
SSDEEP

6144:9GPDrbQRSwsY35Zskl/RI7OMhkAXLg9uP1+74/LgHmPr9qvZqhLanLTLzLfqeqwW:9Gbrb4SpcChhkAXLg9uP1+74/LgHmPrj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
471c71c19edd44af9483f62bad05ac98837f15f5671d949cac366d6a3d2f453b

Files

471c71c19edd44af9483f62bad05ac98837f15f5671d949cac366d6a3d2f453b
.dll windows x64

8a24a9538620ab5c3d1150c5600c473e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

GetDC
ReleaseDC

gdi32

GetICMProfileA

python38

PyLong_FromLong
PyLong_FromUnsignedLongLong
_Py_NoneStruct
PyDict_SetItemString
PyFloat_FromDouble
PyEval_SaveThread
PyErr_SetString
PyExc_ValueError
_Py_BuildValue_SizeT
_Py_Dealloc
PyModule_GetDict
PyType_GenericNew
PyBool_FromLong
PyObject_Free
PyUnicode_FromWideChar
PyModule_AddObject
_PyArg_ParseTuple_SizeT
PyUnicode_FromFormat
PyList_New
PyModule_Create2
PyType_Ready
PyDict_SetItem
PyDict_New
PyCapsule_Import
_Py_FalseStruct
PyUnicode_FromStringAndSize
PyEval_RestoreThread
PyUnicode_FromString
PyUnicode_DecodeASCII
_Py_TrueStruct
_PyObject_New
PyBytes_FromStringAndSize
PyExc_OSError

kernel32

InitializeCriticalSection
LeaveCriticalSection
IsDebuggerPresent
DeleteCriticalSection
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
EnterCriticalSection

vcruntime140

memcpy
__C_specific_handler
__std_type_info_destroy_list
memset
memcmp
memmove

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc

api-ms-win-crt-string-l1-1-0

strncpy
strcmp

api-ms-win-crt-stdio-l1-1-0

ftell
fopen
fclose
fread
__stdio_common_vsprintf
fseek
fwrite

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_cexit
_execute_onexit_table

api-ms-win-crt-math-l1-1-0

ceil
_dclass
exp
_fdclass
floor
log
log10
sqrtf
pow
sqrt

Exports

Exports

PyInit__imagingcms

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a24a9538620ab5c3d1150c5600c473e

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

python38

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 179KB - Virtual size: 179KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 14KB - Virtual size: 15KB

.pdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 179KB - Virtual size: 179KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 14KB - Virtual size: 15KB

.pdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1KB - Virtual size: 1KB