0454bdb01d6c43650be8c78c7e0f094d58395b1eefc372b28dda4fc6bd754f40

Sharing

Copy URL Twitter E-mail

General

Target

0454bdb01d6c43650be8c78c7e0f094d58395b1eefc372b28dda4fc6bd754f40
Size

570KB
MD5

8f6dc6b011c28b639c42ba7044697101
SHA1

bf6a033d0d715cf3551bf51ea47d559d80f45062
SHA256

0454bdb01d6c43650be8c78c7e0f094d58395b1eefc372b28dda4fc6bd754f40
SHA512

b0417fee29e63d9e8400ac3ef0987046195323dc0a8aac52b103df2477db6bfe119f1c4c05dbdffc9a44c58f43e1c2d09a6112172a4d6de71a6d54ef54ec6e1f
SSDEEP

12288:fVDwIOWt58+a277UmdEKE6f2U65QFLRH:dw458+a+7UmD65cVH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0454bdb01d6c43650be8c78c7e0f094d58395b1eefc372b28dda4fc6bd754f40

Files

0454bdb01d6c43650be8c78c7e0f094d58395b1eefc372b28dda4fc6bd754f40
.dll windows x86

88553cb3b985286929a46c8cdb53f3dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentVariableA
InitializeCriticalSectionEx
OpenFile
GetFullPathNameA
FindNextFileA
GetCurrentDirectoryA
FindFirstFileA
GetFileAttributesExA
CompareFileTime
ReadFile
DebugBreak
FindClose
SetCurrentDirectoryA
HeapFree
lstrlenA
HeapAlloc
GetProcessHeap
MultiByteToWideChar
GetTempPathA
GetLastError
DecodePointer
DeleteCriticalSection
SetEnvironmentVariableA
GetLongPathNameA
GetDriveTypeA
FreeLibrary
GetModuleFileNameA
GetCurrentProcess
SetErrorMode
GetVolumeInformationA
OpenProcess
GetDiskFreeSpaceA
CompareStringA
LoadLibraryA
GetVersionExA
CloseHandle
GetLocalTime
GetProcAddress
VerSetConditionMask
VerifyVersionInfoW
WriteFile
SetFilePointer
CreateFileA
CreateDirectoryA
GetLocaleInfoA
GlobalLock
LocalFree
WideCharToMultiByte
FormatMessageA
GlobalUnlock
GlobalHandle
ExpandEnvironmentStringsA
GetTimeFormatA
GetFinalPathNameByHandleA
GetUserDefaultLCID
GetDateFormatA
GlobalFree
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileSectionA
GetCurrentThreadId
GetModuleHandleA
AddVectoredExceptionHandler
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentThread
GlobalAlloc
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RaiseException
GetTempFileNameA

python311

Py_VerboseFlag
_Py_Dealloc
_Py_NoneStruct
Py_InitializeZeusLoadLibrary
Py_InitializeZeusFatalHook
PyImport_AppendInittab
PySys_SetArgvEx
PySys_SetObject
Py_SetProgramName
Py_AtExit
Py_IsInitialized
Py_Finalize
Py_InitializeEx
PyRun_SimpleFileExFlags
PyModule_Create2
Py_BuildValue
PyArg_ParseTuple
PyErr_BadArgument
PyModule_GetDict
PyDict_GetItemString
PyTuple_GetItem
PyTuple_Size
PyTuple_New
PyLong_AsLong
PyLong_FromLong
PyUnicode_AsEncodedString
PyBytes_FromString
Py_DebugFlag

shlwapi

UrlCreateFromPathA

msvcp140

?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?bad@ios_base@std@@QBE_NXZ
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?gcount@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QBE_JXZ
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?eof@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

vcruntime140

_setjmp3
_seh_longjmp_unwind4
memmove
_purecall
memcpy
__current_exception_context
__current_exception
__std_type_info_destroy_list
_CxxThrowException
_except_handler4_common
__std_exception_copy
__std_exception_destroy
longjmp
strstr
strchr
__std_terminate
strrchr
memset
__CxxFrameHandler3

api-ms-win-crt-time-l1-1-0

_ctime64
_time64

api-ms-win-crt-stdio-l1-1-0

_getcwd
__stdio_common_vfprintf
fclose
__stdio_common_vsprintf_s
fopen
fwrite
__stdio_common_vsprintf
getc
fopen_s
_ftelli64
__stdio_common_vsnprintf_s
_wfopen_s
ferror
_get_stream_buffer_pointers
__acrt_iob_func
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fgetc
fflush
fputc
_write

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_seh_filter_dll
_errno
_invalid_parameter_noinfo
strerror
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_set_invalid_parameter_handler

api-ms-win-crt-convert-l1-1-0

mbstowcs
wcstombs
_ecvt_s
atoi
_itoa
strtol
atol
strtod
strtoul
atof

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

islower
isupper
strncpy
_memicmp
tolower
isalnum
isdigit
strncmp
isalpha
toupper
strpbrk
_strrev
isxdigit
_stricmp
_strdup
_strnicmp

api-ms-win-crt-filesystem-l1-1-0

_chdir
_lock_file
_unlock_file
_stat64i32
_chmod
_chdrive
remove

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_recalloc

api-ms-win-crt-utility-l1-1-0

srand
qsort

api-ms-win-crt-math-l1-1-0

_CIfmod
ceil
floor
_finite
_isnan
_except1

advapi32

GetUserNameA
DuplicateToken
OpenProcessToken
AccessCheck
GetFileSecurityA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyA
MapGenericMask

ole32

CoCreateInstance

shell32

SHBrowseForFolderA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderPathA

user32

IsCharAlphaNumericA
IsClipboardFormatAvailable
UnregisterClassA
CharLowerA
GetKeyboardLayout
CloseClipboard
OpenClipboard
SendMessageA
LoadStringA
GetClipboardData
PostQuitMessage
MessageBeep
PeekMessageA
MessageBoxA
CharUpperA
OemToCharA
GetAsyncKeyState
CharToOemA
CharUpperBuffA

Exports

Exports

execute
kill
version

Sections

.text
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88553cb3b985286929a46c8cdb53f3dc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

python311

shlwapi

msvcp140

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

advapi32

ole32

shell32

user32

Exports

Exports

Sections

.text Size: 432KB - Virtual size: 431KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 17KB - Virtual size: 26KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 432KB - Virtual size: 431KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 17KB - Virtual size: 26KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 23KB - Virtual size: 23KB