e1dc62170e15f6debab1fa630a6edb12eed7435c4eb9f3d7979e01c29fa0402c

Sharing

Copy URL Twitter E-mail

General

Target

e1dc62170e15f6debab1fa630a6edb12eed7435c4eb9f3d7979e01c29fa0402c
Size

457KB
MD5

6a384b3a3ee7c26a4f69260d23d4a37b
SHA1

72c5c0249f1f66061751f55f3f71795ec1ad5b6c
SHA256

e1dc62170e15f6debab1fa630a6edb12eed7435c4eb9f3d7979e01c29fa0402c
SHA512

ecbd0d4d61a509176dd3308ec7aec34181c35b2527b74751cef1cbf8cf9b77c50263fc0899b113e4d593e457096938b6bc505b9d4e97aea9515bd5011f23652c
SSDEEP

6144:sC+RVSRVMBI68B5jnF+1ao5UcmR6VNDMbf6PxwDSD9/GoxpGfQo9Qx9OuscoKl4:sCMY4t8BL9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1dc62170e15f6debab1fa630a6edb12eed7435c4eb9f3d7979e01c29fa0402c

Files

e1dc62170e15f6debab1fa630a6edb12eed7435c4eb9f3d7979e01c29fa0402c
.dll windows x86

4656bd9f0c121259848af7e783fbcbca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcp140

?_Xlength_error@std@@YAXPBD@Z

tsp-tags

?HandleWarning@BasePainter@tsTags@@UAEXABVNode@2@AAVContext@2@@Z
?HandleError@BasePainter@tsTags@@UAEXABVNode@2@AAVContext@2@@Z
??1BasePainter@tsTags@@MAE@XZ
?SanityCheck@BasePainter@tsTags@@MAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVTreeCursor@2@ABVNode@2@AAVContext@2@@Z
?Crawl@Context@tsTags@@QAEXAAVTreeCursor@2@PAVbase_item@2@ABVNode@2@_N@Z
?skip_item@BaseMapper@tsTags@@IAEXABVNode@2@AAVContext@2@@Z
?Process@BaseMapper@tsTags@@MAEXABVNode@2@AAVContext@2@@Z
?IsValid@BasePainter@tsTags@@UAE_NXZ
??1BaseMapper@tsTags@@MAE@XZ
??0BaseMapper@tsTags@@QAE@XZ
??0base_item@tsTags@@QAE@XZ
??1base_item@tsTags@@UAE@XZ
?add_child@base_item@tsTags@@UAEXPAVbase_item_ex@2@@Z
?clone@base_item@tsTags@@UAEPAVbase_item_ex@2@AAVContext@2@@Z
?to_string@base_item@tsTags@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Extensions@BaseLanguage_@tsTags@@UAEABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?error@BaseMapper@tsTags@@MAEXABVNode@2@AAVContext@2@@Z
?Postfix@BasePainter@tsTags@@UAEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Error@BasePainter@tsTags@@MAEXABVNode@2@AAVContext@2@@Z
?Process@BasePainter@tsTags@@MAEXABVNode@2@AAVContext@2@@Z
??0BasePainter@tsTags@@QAE@ABU_Terms@1@ABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@11@Z
?FoldedText@BasePainter@tsTags@@UAEPBDPBD@Z
?IsCodeBegin@BasePainter@tsTags@@UAE_NPBD@Z
?IsCodeEnd@BasePainter@tsTags@@UAE_NPBD@Z
?set_details@base_item@tsTags@@UAEXAAVContext@2@@Z
?set_line_number@base_item@tsTags@@UAEXXZ
?is_error@base_item@tsTags@@UAE_NXZ
?load@base_item@tsTags@@UAE_NAAVTreeCursor@2@AAVContext@2@@Z
?Error@BaseMapper@tsTags@@MAEXABVNode@2@AAVContext@2@@Z
?Warning@BaseMapper@tsTags@@MAEXABVNode@2@AAVContext@2@@Z
?Reset@BaseMapper@tsTags@@UAEXXZ
??0BaseLanguage_@tsTags@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1BaseLanguage_@tsTags@@UAE@XZ
?Destroy@BaseLanguage_@tsTags@@UAEXXZ
?Key@BaseLanguage_@tsTags@@UAEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?LoadItem@BaseMapper@tsTags@@IAEXPAVbase_item@2@ABVNode@2@AAVContext@2@@Z
?LoadItems@BaseMapper@tsTags@@1V?$map@PBD_NU?$less@PBD@std@@V?$allocator@U?$pair@QBD_N@std@@@2@@std@@A
??1NodeItem@tsTags@@QAE@XZ
?haveScope@Context@tsTags@@QAE_NXZ
?text@Context@tsTags@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVNode@2@@Z
??0Node@tsTags@@QAE@ABUTSNode@@@Z
??0TreeCursor@tsTags@@QAE@ABUTSNode@@@Z
??1TreeCursor@tsTags@@UAE@XZ
?find_child_text@TreeCursor@tsTags@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDPBVTree@2@@Z
?find_child@TreeCursor@tsTags@@QAE?AVNodeItem@2@PBD@Z
?Prefix@BasePainter@tsTags@@UAEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

vcruntime140

memcpy
__std_type_info_destroy_list
memset
_except_handler4_common
_CxxThrowException
__current_exception_context
__current_exception
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memmove

api-ms-win-crt-heap-l1-1-0

realloc
free
_callnewh
malloc
calloc

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
terminate
_cexit
_initterm
_invalid_parameter_noinfo_noreturn
_initterm_e
_crt_atexit
_initialize_narrow_environment

kernel32

GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
UnhandledExceptionFilter

Exports

Exports

CreateLanguage
DllMain
tree_sitter_python

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4656bd9f0c121259848af7e783fbcbca

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

tsp-tags

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 356KB - Virtual size: 356KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 356KB - Virtual size: 356KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB