bd2af6c9b0db009e36183104cbc0da38f50851a18cd8dc0e5978cf4768745efe

Sharing

Copy URL Twitter E-mail

General

Target

bd2af6c9b0db009e36183104cbc0da38f50851a18cd8dc0e5978cf4768745efe
Size

340KB
MD5

9979c82ae4a8856b669172a215bc67d0
SHA1

a405553d5d5de957d7dbbc28d073f6bba5b4f3c4
SHA256

bd2af6c9b0db009e36183104cbc0da38f50851a18cd8dc0e5978cf4768745efe
SHA512

c8fe11b48cb57e9a00b52934741405bf76510dfae414e1c06e13642c5e0575b2e94906b0212a2e6d00ea3cea7facb71df85eaad95f6fde24285598160db4aba9
SSDEEP

6144:HKuDVSF4ss6iPC/L4zFgxHzxkAVMek0EAnDP:HHoCLP3FgxHtJUM7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd2af6c9b0db009e36183104cbc0da38f50851a18cd8dc0e5978cf4768745efe

Files

bd2af6c9b0db009e36183104cbc0da38f50851a18cd8dc0e5978cf4768745efe
.dll windows x86

419c4eba081360a9cd6809d79994cfcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

python311_d

_Py_NegativeRefcount
_Py_Dealloc
_PyObject_GetAttrId
_PyObject_SetAttrId
_PyObject_LookupAttrId
_PyTrash_begin
_PyTrash_end
_PyTrash_cond
_PyObject_GC_New
PyObject_GC_Track
PyObject_GC_UnTrack
PyObject_GC_Del
PyBytes_FromStringAndSize
_PyBytes_Resize
PyUnicode_FromStringAndSize
PyUnicode_FromString
PyUnicode_FromFormat
PyUnicode_AsEncodedString
PyUnicode_DecodeUTF8
PyUnicode_AsUTF8AndSize
PyUnicode_Join
PyUnicode_New
_PyUnicode_Ready
PyUnicode_AsUTF8
_PyUnicode_FromId
PyLong_FromLong
PyLong_FromSsize_t
PyLong_AsSsize_t
PyTuple_New
PyTuple_Pack
PyList_New
PyList_SetItem
PyList_Append
PyList_SetSlice
PyDict_New
PyDict_GetItemWithError
PyDict_SetItem
PyDict_DelItem
PyDict_Next
PyDict_Keys
PyDict_Items
PyDict_Copy
PyDict_Update
PyModule_GetState
PyCapsule_Import
PySlice_Unpack
PySlice_AdjustIndices
PyState_FindModule
PyThreadState_Get
Py_ReprLeave
PyErr_SetNone
PyErr_SetObject
PyErr_SetString
PyErr_Occurred
PyErr_Clear
PyErr_ExceptionMatches
PyErr_NoMemory
PyErr_Format
PyErr_NewException
_PyArg_ParseTuple_SizeT
_PyArg_ParseTupleAndKeywords_SizeT
PyBuffer_Release
PyModule_AddObject
PyModule_AddType
PyModule_Create2
_PyArg_BadArgument
_PyArg_CheckPositional
_PyArg_UnpackKeywords
PyImport_ImportModule
PyObject_CallNoArgs
_PyObject_CallFunction_SizeT
PyObject_CallFunctionObjArgs
PyNumber_Add
PyIndex_Check
PyNumber_AsSsize_t
PySequence_Fast
_PyObject_FastCall
PyObject_CallOneArg
PyObject_VectorcallMethod
_PyObject_CallMethodIdObjArgs
_PyNumber_Index
_Py_RefTotal
_Py_NoneStruct
_Py_HashSecret
PyBytes_Type
PyUnicode_Type
PyList_Type
PyDict_Type
PySlice_Type
PyExc_StopIteration
PyExc_AttributeError
PyExc_ImportError
PyExc_IndexError
PyExc_OverflowError
PyExc_RuntimeError
PyExc_SyntaxError
PyExc_TypeError
PyExc_ValueError
PyExc_RuntimeWarning
Py_ReprEnter
PyObject_ClearWeakRefs
PyCallable_Check
PyObject_IsTrue
PyObject_SetAttrString
PyObject_GetAttrString
PyObject_RichCompareBool
PyType_Ready
PyErr_WarnEx
PyType_IsSubtype
PyObject_Realloc
PyType_GenericAlloc
PyObject_Free
PyObject_GenericGetAttr
PyObject_SelfIter
PyObject_Malloc
PyMem_Malloc
PyMem_Realloc
PyMem_Free
PyObject_GetBuffer
_Py_BuildValue_SizeT

vcruntime140d

__current_exception_context
__current_exception
__std_type_info_destroy_list
memcmp
memset
memmove
memcpy
_except_handler4_common

ucrtbased

_except1
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_fdclass
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initialize_onexit_table
strtoul
rand_s
realloc
malloc
free
_errno
__stdio_common_vfprintf
__acrt_iob_func
_wassert
strncat
getenv

Exports

Exports

PyInit__elementtree

Sections

.text
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

419c4eba081360a9cd6809d79994cfcf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

python311_d

vcruntime140d

ucrtbased

Exports

Exports

Sections

.text Size: 284KB - Virtual size: 283KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 3KB - Virtual size: 3KB

.idata Size: 6KB - Virtual size: 5KB

.00cfg Size: 512B - Virtual size: 270B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 284KB - Virtual size: 283KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 3KB

.idata
Size: 6KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 270B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 14KB - Virtual size: 13KB