lilowerre[.]nls[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

lilowerre.nls.zip
Size

18.2MB
MD5

4f9bf1598f7027295764b8a3f464280f
SHA1

972f6660db28398bfd671e18bdf21517501738dc
SHA256

b23928c2499322360a606bebaac5ece0b7ffafa43007210894a8e0c9547722f6
SHA512

d5334533f078d6ebfd2dec0e6af5b864bdf31a32688244d163212a58e4e0368e1e37f8bd33cecbcd4ccd08c4f8e657754e8cf8e701f01c0ca53d6a4c29cf47e7
SSDEEP

393216:t6K9HtW4dpnOQ9rX6F3YHO10PMjj4GK/Ikfb5qZtdPZNOur:wktWY1OsriyU3Pk8tpnOur

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/libpython3.8.dll
unpack001/libpython3.8.pdf
unpack001/libwinpthread-1.dll

Files

lilowerre.nls.zip
.zip
libpython3.8.dll
.dll windows x86

399d92a4cbb3d85527fbfb2801f41230

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SafeArrayPtrOfIndex
GetErrorInfo

advapi32

RegQueryValueExW
RegUnLoadKeyW

user32

CharNextW
SetClassLongW
EnumDisplayMonitors
CharUpperBuffW

kernel32

GetVersion
GetProcAddress
GetVersionExW
GetVersion
Sleep
GetConsoleWindow
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

gdi32

UnrealizeObject

version

VerQueryValueW

mpr

WNetOpenEnumW

netapi32

NetApiBufferFree

ole32

OleUninitialize

shell32

Shell_NotifyIconW
SHGetFolderPathW

msvcrt

memset

comctl32

InitializeFlatSB

winspool.drv

OpenPrinterW
GetDefaultPrinterW

wsock32

WSACleanup

magnification

MagSetImageScalingCallback

Exports

Exports

Address: 0x00001530
Address: 0x00001650
Address: 0x000016A0
Address: 0x000017E0
Address: 0x00001890
Address: 0x000018F0
Address: 0x00001920
Address: 0x000019B0
Address: 0x000019E0
Address: 0x00001A30
Address: 0x00001A70
Address: 0x00001B20
Address: 0x00001FF0
Address: 0x00002020
Address: 0x00002040
Address: 0x00002050
Address: 0x000020C0
Address: 0x00002160
Address: 0x000021A0
Address: 0x000024C0
Address: 0x000024F0
Address: 0x00002560
Address: 0x00002600
Address: 0x00002630
Address: 0x00002660
Address: 0x00002730
Address: 0x000027E0
Address: 0x000028B0
Address: 0x00002950
Address: 0x000029A0
Address: 0x00003290
Address: 0x00003470
Address: 0x000034F0
Address: 0x000044C0
Address: 0x00004EE0
Address: 0x00004F50
Address: 0x00004F90
Address: 0x00004FD0
Address: 0x00005570
Address: 0x000060A0
Address: 0x00006300
Address: 0x00006360
Address: 0x000067E0
Address: 0x00006BA0
Address: 0x00006BE0
Address: 0x00006D00
Address: 0x00006F00
Address: 0x00006F20
Address: 0x00006F90
Address: 0x00006FC0
Address: 0x00007000
Address: 0x00007030
Address: 0x00007080
Address: 0x00007640
Address: 0x00008F80
Address: 0x00009010
Address: 0x00009050
Address: 0x000090E0
Address: 0x00009110
Address: 0x000095B0
Address: 0x00009700
Address: 0x00009860
Address: 0x00009BC0
Address: 0x00009E10
Address: 0x0000BB30
Address: 0x0000BC10
Address: 0x0000BC90
Address: 0x0000BCD0
Address: 0x0000BE30
Address: 0x0000BE70
Address: 0x0000BF30
Address: 0x0000C060
Address: 0x0000C0C0
Address: 0x0000C170
Address: 0x0000C1D0
Address: 0x0000C220
Address: 0x0000C270
Address: 0x0000C280
Address: 0x0000C2D0
Address: 0x0000C2E0
Address: 0x0000C2F0
Address: 0x0000C310
Address: 0x0000C320
Address: 0x0000C330
Address: 0x0000C420
Address: 0x0000C470
Address: 0x0000C480
Address: 0x0000C530
Address: 0x0000C5D0
Address: 0x0000C740
Address: 0x0000C7C0
Address: 0x0000C810
Address: 0x0000C940
Address: 0x0000C960
Address: 0x0000C9F0
Address: 0x0000CA30
Address: 0x0000DBE0
Address: 0x0000DC20
Address: 0x0000DDC0
Address: 0x0000DDF0
Address: 0x0000DE10
Address: 0x0000DEB0
Address: 0x0000E030
Address: 0x0000E070
Address: 0x0000E160
Address: 0x0000E390
Address: 0x0000E3B0
Address: 0x0000E440
Address: 0x0000E4C0
Address: 0x0000E530
Address: 0x0000E5C0
Address: 0x0000EB20
Address: 0x0000ED40
Address: 0x0000ED90
Address: 0x0000EEA0
Address: 0x0000F1E0
Address: 0x0000F560
Address: 0x0000F740
Address: 0x0000F780
Address: 0x0000F8D0
Address: 0x0000F900
Address: 0x0000F950
Address: 0x0000F9C0
Address: 0x0000FCB0
Address: 0x00010250
Address: 0x00010280
Address: 0x00010390
Address: 0x00010590
Address: 0x00010690
Address: 0x00010730
Address: 0x000107A0
Address: 0x000109F0
Address: 0x00010C00
Address: 0x000112B0
Address: 0x00011340
Address: 0x000113F0
Address: 0x00011440
Address: 0x000114E0
Address: 0x00011750
Address: 0x00011960
Address: 0x00011A60
Address: 0x00011DA0
Address: 0x00012410
Address: 0x00012440
Address: 0x000126C0
Address: 0x00012710
Address: 0x00012FB0
Address: 0x00012FF0
Address: 0x00013020
Address: 0x000130F0
Address: 0x000132E0
Address: 0x00013A90
Address: 0x00013C30
Address: 0x00013F70
Address: 0x00014230
Address: 0x00014880
Address: 0x000148C0
Address: 0x00014980
Address: 0x00014B70
Address: 0x00014F20
Address: 0x00014FF0
Address: 0x00015260
Address: 0x00015380
Address: 0x000153B0
Address: 0x00015650
Address: 0x00015BF0
Address: 0x00015C20
Address: 0x000162D0
Address: 0x000171E0
Address: 0x000176D0
Address: 0x00017710
Address: 0x00017CB0
Address: 0x00018160
Address: 0x00018330
Address: 0x000183B0
Address: 0x00018E10
Address: 0x00018F10
Address: 0x00019010
Address: 0x000195B0
Address: 0x000195D0
Address: 0x00019600
Address: 0x000196C0
Address: 0x00019E50
Address: 0x0001A6E0
Address: 0x0001AB10
Address: 0x0001B2C0
Address: 0x0001CF80
Address: 0x0001D000
Address: 0x0001D260
Address: 0x0001DC70
Address: 0x0001DC90
Address: 0x0001E1E0
Address: 0x0001E210
Address: 0x0001E240
Address: 0x0001E260
Address: 0x0001E290
Address: 0x0001E370
Address: 0x0001E410
Address: 0x0001E490
Address: 0x0001E550
Address: 0x0001F1B0
Address: 0x0001F880
Address: 0x0001FB20
Address: 0x0001FB60
Address: 0x00020070
Address: 0x000209D0
Address: 0x00020A60
Address: 0x00021470
Address: 0x00021530
Address: 0x00021E50
Address: 0x00022940
Address: 0x00022C40
Address: 0x00022CB0
Address: 0x00022D40
Address: 0x00022DF0
Address: 0x00023BC0
Address: 0x00023CB0
Address: 0x00024050
Address: 0x00024130
Address: 0x00024800
Address: 0x00024C00
Address: 0x00024E60
Address: 0x00024E80
Address: 0x000250B0
Address: 0x00025230
Address: 0x000268B0
Address: 0x00026E40
Address: 0x00026E90
Address: 0x00026F70
Address: 0x00027480
Address: 0x000274A0
Address: 0x000274F0
Address: 0x00027550
Address: 0x000275B0
Address: 0x00027800
Address: 0x00028B10
Address: 0x00028BC0
Address: 0x00029FA0
Address: 0x0002AF10
Address: 0x0002C9A0
Address: 0x0002CAF0
Address: 0x0002CB30
Address: 0x0002CCC0
Address: 0x0002CE20
Address: 0x0002D4E0
Address: 0x0002D8B0
Address: 0x0002DF10
Address: 0x0002E000
Address: 0x0002E4B0
Address: 0x0002E500
Address: 0x0002E830
Address: 0x0002E8C0
Address: 0x0002E910
Address: 0x0002E9E0
Address: 0x0002EEB0
Address: 0x0002F2D0
Address: 0x0002F360
Address: 0x0002F6B0
Address: 0x0002F6F0
Address: 0x0002F7C0
Address: 0x00030530
Address: 0x00030540
Address: 0x00030570
Address: 0x00030970
Address: 0x00030C70
Address: 0x00030D60
Address: 0x00031100
Address: 0x00031220
Address: 0x000315D0
Address: 0x00031C00
Address: 0x00033230
Address: 0x00033370
Address: 0x00033460
Address: 0x00033F50
Address: 0x000342C0
Address: 0x00034560
Address: 0x00034D40
Address: 0x00034D70
Address: 0x00034DA0
Address: 0x00035070
Address: 0x00035160
Address: 0x00035390
Address: 0x000354D0
Address: 0x00035630
Address: 0x00035AB0
Address: 0x00035CF0
Address: 0x00035FF0
Address: 0x00036230
Address: 0x00036510
Address: 0x000367E0
Address: 0x00036A90
Address: 0x00036AE0
Address: 0x00037290
Address: 0x00037B20
Address: 0x00037C10
Address: 0x00037C90
Address: 0x00038330
Address: 0x00038370
Address: 0x000383D0
Address: 0x00038440
Address: 0x00038730
Address: 0x000387E0
Address: 0x000387F0
Address: 0x00038830
Address: 0x000388A0
Address: 0x000389A0
Address: 0x00038C20
Address: 0x00039120
Address: 0x000391C0
Address: 0x00039DA0
Address: 0x00039F30
Address: 0x0003A6C0
Address: 0x0003ABC0
Address: 0x0003AF40
Address: 0x0003B130
Address: 0x0003BC50
Address: 0x0003BD30
Address: 0x0003C020
Address: 0x0003C0B0
Address: 0x0003C260
Address: 0x0003C4A0
Address: 0x0003CAF0
Address: 0x0003CD90
Address: 0x0003CDD0
Address: 0x0003D430
Address: 0x0003D5C0
Address: 0x0003D790
Address: 0x0003DA70
Address: 0x0003DFC0
Address: 0x0003F0B0
Address: 0x0003F420
Address: 0x0003F460
Address: 0x0003F710
Address: 0x0003F750
Address: 0x0003F8A0
Address: 0x00040620
Address: 0x00041270
Address: 0x000417A0
Address: 0x00042010
Address: 0x00042170
Address: 0x00042240
Address: 0x00042270
Address: 0x00042380
Address: 0x00043060
Address: 0x00043080
Address: 0x000430A0
Address: 0x000430C0
Address: 0x000431D0
Address: 0x00044150
Address: 0x000441C0
Address: 0x000442A0
Address: 0x000443B0
Address: 0x000445A0
Address: 0x00044690
Address: 0x000446F0
Address: 0x00044AA0
Address: 0x000450E0
Address: 0x00045170
Address: 0x000452D0
Address: 0x00045540
Address: 0x00045E80
Address: 0x00046E20
Address: 0x000471C0
Address: 0x000472B0
Address: 0x00047850
Address: 0x00047880
Address: 0x00047890
Address: 0x00047EA0
Address: 0x00047FB0
Address: 0x00047FE0
Address: 0x000483D0
Address: 0x00048B50
Address: 0x00048EC0
Address: 0x000496D0
Address: 0x00049830
Address: 0x00049970
Address: 0x00049AD0
Address: 0x00049AE0
Address: 0x00049CD0
Address: 0x00049CF0
Address: 0x0004A410
Address: 0x0004A600
Address: 0x0004A670
Address: 0x0004A680
Address: 0x0004A710
Address: 0x0004A9A0
Address: 0x0004B310
Address: 0x0004B3B0
Address: 0x0004B400
Address: 0x0004B450
Address: 0x0004B5A0
Address: 0x0004B5D0
Address: 0x0004B700
Address: 0x0004B7B0
Address: 0x0004B7D0
Address: 0x0004B870
Address: 0x0004BC40
Address: 0x0004BF60
Address: 0x0004C050
Address: 0x0004C120
Address: 0x0004C490
Address: 0x0004CB30
Address: 0x0004CC20
Address: 0x0004D7E0
Address: 0x0004DE40
Address: 0x0004DF70
Address: 0x0004E160
Address: 0x0004E390
Address: 0x0004E3E0
Address: 0x0004E420
Address: 0x0004F310
Address: 0x0004F480
Address: 0x0004F570
Address: 0x0004F790
Address: 0x0004F840
Address: 0x00050080
Address: 0x000505C0
Address: 0x00050830
Address: 0x00050F70
Address: 0x000515A0
Address: 0x00051A10
Address: 0x00052800
Address: 0x000529D0
Address: 0x00053060
Address: 0x00053110
Address: 0x00053130
Address: 0x000531D0
Address: 0x00053750
Address: 0x000538F0
Address: 0x00053A90
Address: 0x00053AC0
Address: 0x00053BC0
Address: 0x00053BE0
Address: 0x00053CC0
Address: 0x00054810
Address: 0x00054960
Address: 0x000549C0
Address: 0x00057880
Address: 0x00057C80
Address: 0x000582B0
Address: 0x00058470
Address: 0x00058500
Address: 0x000586A0
Address: 0x00058740
Address: 0x00058BD0
Address: 0x00058FA0
Address: 0x00059130
Address: 0x0005A130
Address: 0x0005A150
Address: 0x0005A3F0
Address: 0x0005AB80
Address: 0x0005B600
Address: 0x0005C640
Address: 0x0005C710
Address: 0x0005C8E0
Address: 0x0005C910
Address: 0x0005C950
Address: 0x0005D060
Address: 0x0005D170
Address: 0x0005D480
Address: 0x0005D500
Address: 0x0005D550
Address: 0x0005D560
Address: 0x0005D570
Address: 0x0005D580
Address: 0x0005D590
Address: 0x0005D5A0
Address: 0x0005D5B0
Address: 0x0005DB70
Address: 0x0005DC00
Address: 0x0005DC60
Address: 0x0005ECC0
Address: 0x0005EDB0
Address: 0x0005EF70
Address: 0x0005F210
Address: 0x0005F460
Address: 0x0005F470
Address: 0x0005FB60
Address: 0x0005FB80
Address: 0x0005FBD0
Address: 0x00060660
Address: 0x000607A0
Address: 0x00060CE0
Address: 0x00061130
Address: 0x000612F0
Address: 0x00061580
Address: 0x000617F0
Address: 0x00061CE0
Address: 0x00062850
Address: 0x00062890
Address: 0x00062B30
Address: 0x00062D30
Address: 0x00064230
Address: 0x000642B0
Address: 0x00064550
Address: 0x00064780
Address: 0x000648E0
Address: 0x00064A80
Address: 0x00064B00
Address: 0x00065EA0

Sections

.text
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 17.7MB - Virtual size: 17.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 820KB - Virtual size: 30.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
libpython3.8.pdf
.exe windows x86

edd908e5ea55b42a22ce82eb5a299d4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__argc
__lconv_init
__mb_cur_max
__p__commode
__p__fmode
__p__wcmdln
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_errno
_initterm
_iob
_onexit
abort
atoi
calloc
exit
fprintf
fputwc
free
fwprintf
fwrite
localeconv
malloc
memcpy
memset
setlocale
signal
strchr
strerror
strlen
strncmp
vfprintf
wcslen

shlwapi

PathRemoveFileSpecW

user32

MessageBoxA
MessageBoxW

libpython3.8

PyErr_Clear
PyErr_ExceptionMatches
PyErr_Fetch
PyErr_NormalizeException
PyExc_SystemExit
PyImport_Import
PyImport_ImportModule
PyLong_AsLong
PyMem_Malloc
PyObject_CallObject
PyObject_GetAttrString
PyObject_Str
PySys_GetObject
PySys_SetArgv
PyTuple_New
PyUnicode_AsUnicode
PyUnicode_DecodeASCII
PyUnicode_Format
PyUnicode_FromString
PyUnicode_Join
Py_Exit
Py_Finalize
Py_FrozenFlag
Py_IgnoreEnvironmentFlag
Py_Initialize
Py_NoSiteFlag
Py_SetPath
Py_SetProgramName
_Py_Dealloc
_Py_NoneStruct

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libwinpthread-1.dll
.dll windows x64

dc636c22184d3aa18115942984ec15d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetProcessAffinityMask
GetProcessTimes
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount64
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

__C_specific_handler
__iob_func
_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_lock
_setjmp
_strdup
_ultoa
_unlock
abort
calloc
exit
fprintf
free
fwrite
longjmp
malloc
memmove
memset
printf
realloc
signal
strlen
strncmp
vfprintf

Exports

Exports

__pth_gpointer_locked
__pthread_clock_nanosleep
_pthread_cleanup_dest
_pthread_get_state
_pthread_invoke_cancel
_pthread_key_dest
_pthread_rel_time_in_ms
_pthread_set_state
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
_pthread_tryjoin
clock_getres
clock_gettime
clock_nanosleep
clock_settime
nanosleep
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstack
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstack
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_timedwait_relative_np
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getclock
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setclock
pthread_condattr_setpshared
pthread_create
pthread_create_wrapper
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_get_concurrency
pthread_getclean
pthread_getconcurrency
pthread_getevent
pthread_gethandle
pthread_getname_np
pthread_getschedparam
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_set_concurrency
pthread_set_num_processors_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setname_np
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_tls_init
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 400B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

399d92a4cbb3d85527fbfb2801f41230

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

mpr

netapi32

ole32

shell32

msvcrt

comctl32

winspool.drv

wsock32

magnification

Exports

Exports

Sections

.text Size: - Virtual size: 3.2MB

.itext Size: - Virtual size: 9KB

.data Size: - Virtual size: 64KB

.bss Size: - Virtual size: 28KB

.idata Size: - Virtual size: 16KB

.didata Size: - Virtual size: 2KB

.edata Size: - Virtual size: 139KB

.rdata Size: - Virtual size: 68B

Size: - Virtual size: 5.3MB

Size: 3KB - Virtual size: 3KB

Size: 17.7MB - Virtual size: 17.7MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 820KB - Virtual size: 30.8MB

edd908e5ea55b42a22ce82eb5a299d4d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

shlwapi

user32

libpython3.8

Sections

.text Size: 31KB - Virtual size: 30KB

.data Size: 512B - Virtual size: 84B

.rdata Size: 4KB - Virtual size: 4KB

.eh_fram Size: 6KB - Virtual size: 5KB

.bss Size: - Virtual size: 6KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 273KB - Virtual size: 273KB

.reloc Size: 1KB - Virtual size: 1KB

dc636c22184d3aa18115942984ec15d9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 192B

.rdata Size: 3KB - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

.xdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 400B

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 96B

.text
Size: - Virtual size: 3.2MB

.itext
Size: - Virtual size: 9KB

.data
Size: - Virtual size: 64KB

.bss
Size: - Virtual size: 28KB

.idata
Size: - Virtual size: 16KB

.didata
Size: - Virtual size: 2KB

.edata
Size: - Virtual size: 139KB

.rdata
Size: - Virtual size: 68B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 820KB - Virtual size: 30.8MB

.text
Size: 31KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 84B

.rdata
Size: 4KB - Virtual size: 4KB

.eh_fram
Size: 6KB - Virtual size: 5KB

.bss
Size: - Virtual size: 6KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 273KB - Virtual size: 273KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 192B

.rdata
Size: 3KB - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 400B

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 96B