3216dfa3016d31c8cb7dbf9f3197feca02965674160010ee332a40cad41723f5

Sharing

Copy URL Twitter E-mail

General

Target

3216dfa3016d31c8cb7dbf9f3197feca02965674160010ee332a40cad41723f5
Size

210KB
MD5

36e10aff6d27472b81a252295b3b6d3f
SHA1

3f8190bf4832f72863ad425c427d2cfcfd1bd591
SHA256

3216dfa3016d31c8cb7dbf9f3197feca02965674160010ee332a40cad41723f5
SHA512

ffcb587db66c29c49935c13e8cc84e3fb25afa2b2f3833718a0110c22f22af7fdf166ebc268f9bfa860bc1ab9b00e34e477d958b12fe03cf5f7e2ab2385d68ac
SSDEEP

3072:6F8SkvXYQm7gIoKiIyW08es3fsdN8km3f29EuftfF/J/DtfjfdfffgFnf2fspQfO:6F8DvdlbMk05Qf5176HAQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3216dfa3016d31c8cb7dbf9f3197feca02965674160010ee332a40cad41723f5

Files

3216dfa3016d31c8cb7dbf9f3197feca02965674160010ee332a40cad41723f5
.dll windows x86

a261ee8884c0c403582e9016f02eb8f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libffi-8

ffi_type_void
ffi_prep_cif
ffi_prep_closure
ffi_call
ffi_type_sint64
ffi_type_uint8
ffi_type_sint8
ffi_type_uint16
ffi_type_sint16
ffi_type_uint32
ffi_type_uint64
ffi_type_float
ffi_type_double
ffi_type_sint32
ffi_type_pointer

ole32

ProgIDFromCLSID

oleaut32

SysAllocStringLen
GetErrorInfo
SysFreeString
SysStringLen

kernel32

GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
VirtualAlloc
GetSystemInfo
FormatMessageW
LocalFree
LoadLibraryExW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
FreeLibrary
DisableThreadLibraryCalls
SetLastError
GetLastError
GetProcAddress

python311_d

PyUnicode_FromWideChar
PyUnicode_AsWideChar
PyUnicode_AsUTF8AndSize
PyUnicode_Concat
PyUnicode_New
PyUnicode_AsUTF8
_PyUnicode_EqualToASCIIString
_PyUnicode_FromId
PyLong_FromLong
PyLong_FromSsize_t
PyLong_AsSsize_t
PyLong_AsUnsignedLongMask
PyLong_FromVoidPtr
PyLong_AsVoidPtr
_PyLong_Sign
PyMemoryView_FromObject
PyTuple_New
PyTuple_GetItem
PyTuple_GetSlice
PyTuple_Pack
PyList_New
PyDict_New
PyDict_GetItemWithError
PyDict_SetItem
PyDict_DelItem
PyDict_Next
PyDict_Contains
PyDict_Update
PyDict_SetItemString
_PyDict_GetItemIdWithError
_PyDict_ContainsId
_PyDict_SetItemId
PySlice_Unpack
PySlice_AdjustIndices
PyDescr_NewClassMethod
PyDescr_NewGetSet
PyWeakref_NewProxy
PyErr_SetString
PyErr_Occurred
PyErr_Clear
PyErr_ExceptionMatches
PyErr_NoMemory
PyErr_Format
PyErr_NewException
_PyErr_WriteUnraisableMsg
_PyArg_ParseTuple_SizeT
PyArg_UnpackTuple
_Py_BuildValue_SizeT
PyModule_AddObjectRef
PyModule_AddType
PyModule_Create2
_PyArg_NoKeywords
PyEval_SaveThread
PyEval_RestoreThread
PySys_Audit
PyObject_CallObject
_PyObject_CallFunction_SizeT
PyObject_CallFunctionObjArgs
PyIndex_Check
PyNumber_AsSsize_t
PySequence_Size
PySequence_GetItem
PySequence_GetSlice
PySequence_SetItem
PySequence_Tuple
PyObject_IsInstance
PyObject_IsSubclass
_Py_CheckFunctionResult
_PyObject_MakeTpCall
PyUnicode_FromStringAndSize
_Py_CheckRecursiveCall
PyType_Type
_Py_RefTotal
_Py_NoneStruct
PyDict_Type
PySlice_Type
_PyWeakref_RefType
_PyWeakref_ProxyType
_PyWeakref_CallableProxyType
PyExc_Exception
PyExc_AttributeError
PyExc_IndexError
PyUnicode_InternFromString
PyExc_RuntimeError
PyExc_TypeError
PyExc_ValueError
_PyRuntime
_PyObject_GC_NewVar
PyObject_GC_Track
PyObject_GC_UnTrack
PyObject_GC_Del
PyLong_AsLong
PyFile_WriteString
PyGILState_Ensure
PyGILState_Release
PyErr_WarnEx
PyErr_WriteUnraisable
PyOS_vsnprintf
PyErr_Print
Py_Initialize
Py_IsInitialized
PySys_GetObject
PyImport_ImportModule
PyObject_Vectorcall
PyExc_RuntimeWarning
PyMem_Calloc
PyMem_Realloc
PyType_GetName
PyObject_Str
_PyObject_GetAttrId
PyObject_Free
_PyObject_New
PyBytes_AsString
PyUnicode_FromFormatV
PyUnicode_AsWideCharString
PyUnicode_AppendAndDel
_PyUnicode_IsPrintable
PyLong_AsUnsignedLong
PyFloat_FromDouble
PyCapsule_New
PyCapsule_GetPointer
PyCapsule_IsValid
_PyTraceback_Add
PyThreadState_GetDict
PyErr_SetObject
PyErr_Fetch
PyErr_NormalizeException
PyErr_SetFromWindowsErr
PyArg_ParseTuple
Py_BuildValue
PyObject_Call
PyObject_CallFunction
PyObject_CallOneArg
PyUnicode_Type
PyTuple_Type
PyExc_FileNotFoundError
PyObject_IsTrue
PyLong_FromUnsignedLong
PyLong_FromLongLong
PyLong_FromUnsignedLongLong
PyLong_AsUnsignedLongLongMask
PyBool_FromLong
PyFloat_AsDouble
PyFloat_Pack4
PyFloat_Pack8
PyFloat_Unpack4
PyFloat_Unpack8
_Py_FatalErrorFunc
PyByteArray_Type
_PyByteArray_empty_string
PyObject_GetAttr
_PyLong_AsInt
PyTuple_Size
_PyDict_SizeOf
PySequence_Fast
PyUnicode_FromFormat
PyBytes_FromStringAndSize
_PyObject_LookupAttrId
_PyObject_SetAttrId
_Py_Dealloc
_Py_NegativeRefcount
PyCallable_Check
PyObject_GenericSetAttr
PyObject_SetAttr
PyObject_SetAttrString
PyObject_GetAttrString
PyExc_OverflowError
PyUnicode_FromString
Py_GenericAlias
PyMem_Malloc
PyMem_Free
PyObject_GetBuffer
PyBuffer_IsContiguous
PyBuffer_Release
PyType_IsSubtype
PyType_Ready
PyType_GenericNew
PyObject_VectorcallMethod

vcruntime140d

memcmp
memcpy
__std_type_info_destroy_list
memset
strchr
__current_exception
__current_exception_context
_except_handler4_common
memmove

ucrtbased

_cexit
terminate
_crt_at_quick_exit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
iswctype
_errno
_wassert
__stdio_common_vsprintf
_execute_onexit_table

Exports

Exports

DllCanUnloadNow
DllGetClassObject
PyInit__ctypes

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a261ee8884c0c403582e9016f02eb8f5

Headers

DLL Characteristics

File Characteristics

Imports

libffi-8

ole32

oleaut32

kernel32

python311_d

vcruntime140d

ucrtbased

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 9KB

.idata Size: 9KB - Virtual size: 8KB

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 9KB

.idata
Size: 9KB - Virtual size: 8KB

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 11KB - Virtual size: 11KB