PyInit_pyarmor_runtime
Static task
static1
1 signatures
General
-
Target
截获starlink数据.rar
-
Size
199KB
-
MD5
e1eeeaea507bba96e489541fa83926d7
-
SHA1
fc5af0795e5c567fb967109e0966616c94c17171
-
SHA256
70020a9efe88995b74599dfcfee2e32dca4d8352c63a47f6195daf35355bd4f7
-
SHA512
bd8758c65f18ab78b5e7185086ed29d54718dca3161afed8d73b3ffc9ae850ad89c1dc99500b1e01dd48ae39ffa67eba1ca5260f26fe431925cbb64303b855a3
-
SSDEEP
6144:1WX8ioSJf2U6NFMmIzMRs02G+niVBd4R8Kxex642D:1WMio+2U6NFMmIzMWGF3Ugx64g
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/pyarmor_runtime_000000/pyarmor_runtime.pyd
Files
-
截获starlink数据.rar.rar
Password: ElonMusk
-
coolStarlink1.py
-
pyarmor_runtime_000000/__init__.py
-
pyarmor_runtime_000000/__pycache__/__init__.cpython-311.pyc
-
pyarmor_runtime_000000/pyarmor_runtime.pyd.dll windows:4 windows x64
Password: ElonMusk
8f636fb0a7a6b8ea4433a01adeb03275
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
python311
PyBuffer_FillInfo
PyBuffer_Release
PyBytes_AsString
PyBytes_AsStringAndSize
PyBytes_FromStringAndSize
PyBytes_Type
PyCFunction_GetSelf
PyCFunction_Type
PyCMethod_New
PyCell_Get
PyCell_New
PyCell_Set
PyCode_GetCode
PyCode_Type
PyComplex_FromCComplex
PyComplex_ImagAsDouble
PyComplex_RealAsDouble
PyComplex_Type
PyDict_Copy
PyDict_DelItem
PyDict_GetItem
PyDict_GetItemString
PyDict_New
PyDict_Next
PyDict_SetItem
PyDict_Type
PyDict_Update
PyErr_CheckSignals
PyErr_Clear
PyErr_ExceptionMatches
PyErr_Fetch
PyErr_Format
PyErr_GivenExceptionMatches
PyErr_NoMemory
PyErr_NormalizeException
PyErr_Occurred
PyErr_Restore
PyErr_SetFromWindowsErr
PyErr_SetImportError
PyErr_SetObject
PyErr_SetString
PyEval_EvalCode
PyEval_GetBuiltins
PyEval_GetFrame
PyEval_GetGlobals
PyExc_AttributeError
PyExc_EOFError
PyExc_ImportError
PyExc_NotImplementedError
PyExc_RuntimeError
PyExc_StopIteration
PyExc_SystemExit
PyExc_TypeError
PyExc_UnboundLocalError
PyExc_ValueError
PyException_GetTraceback
PyException_SetCause
PyException_SetContext
PyException_SetTraceback
PyFloat_FromDouble
PyFloat_Pack8
PyFloat_Type
PyFloat_Unpack8
PyFrame_GetCode
PyFrozenSet_New
PyFrozenSet_Type
PyFunction_GetCode
PyFunction_NewWithQualName
PyImport_ExecCodeModuleObject
PyImport_GetModule
PyImport_GetModuleDict
PyImport_ImportModule
PyImport_ImportModuleLevel
PyImport_ImportModuleLevelObject
PyIter_Next
PyList_Append
PyList_AsTuple
PyList_GetItem
PyList_New
PyList_Sort
PyList_Type
PyLong_AsLong
PyLong_AsLongAndOverflow
PyLong_AsVoidPtr
PyLong_FromLong
PyLong_FromVoidPtr
PyLong_Type
PyMarshal_WriteObjectToString
PyMem_Free
PyMem_Malloc
PyMem_Realloc
PyMemoryView_FromBuffer
PyMethod_Function
PyMethod_Type
PyModule_Create2
PyModule_GetDict
PyModule_GetFilenameObject
PyModule_GetName
PyModule_Type
PyNumber_Add
PyNumber_And
PyNumber_AsSsize_t
PyNumber_FloorDivide
PyNumber_InPlaceAdd
PyNumber_InPlaceAnd
PyNumber_InPlaceFloorDivide
PyNumber_InPlaceLshift
PyNumber_InPlaceMatrixMultiply
PyNumber_InPlaceMultiply
PyNumber_InPlaceOr
PyNumber_InPlacePower
PyNumber_InPlaceRemainder
PyNumber_InPlaceRshift
PyNumber_InPlaceSubtract
PyNumber_InPlaceTrueDivide
PyNumber_InPlaceXor
PyNumber_Invert
PyNumber_Lshift
PyNumber_MatrixMultiply
PyNumber_Multiply
PyNumber_Negative
PyNumber_Or
PyNumber_Positive
PyNumber_Power
PyNumber_Remainder
PyNumber_Rshift
PyNumber_Subtract
PyNumber_TrueDivide
PyNumber_Xor
PyOS_double_to_string
PyOS_string_to_double
PyObject_ASCII
PyObject_Call
PyObject_CallFunction
PyObject_CallFunctionObjArgs
PyObject_CallMethod
PyObject_CheckBuffer
PyObject_DelItem
PyObject_Format
PyObject_GetAttr
PyObject_GetAttrString
PyObject_GetBuffer
PyObject_GetItem
PyObject_GetIter
PyObject_IsTrue
PyObject_Repr
PyObject_RichCompare
PyObject_SetAttr
PyObject_SetItem
PyObject_Str
PySequence_Check
PySequence_Contains
PySequence_List
PySet_Add
PySet_New
PySet_Type
PySlice_New
PySys_GetObject
PyThreadState_Get
PyTraceBack_Here
PyTuple_GetItem
PyTuple_GetSlice
PyTuple_New
PyTuple_Pack
PyTuple_SetItem
PyTuple_Size
PyTuple_Type
PyType_IsSubtype
PyUnicode_AsEncodedString
PyUnicode_AsUTF8
PyUnicode_AsUTF8AndSize
PyUnicode_DecodeUTF8
PyUnicode_FromFormat
PyUnicode_FromKindAndData
PyUnicode_FromString
PyUnicode_InternInPlace
PyUnicode_New
PyUnicode_Type
Py_BuildValue
Py_DecRef
Py_IncRef
Py_InspectFlag
_PyArg_ParseTuple_SizeT
_PyBytes_Resize
_PyCode_New
_PyCode_Validate
_PyDict_GetItemWithError
_PyErr_Clear
_PyErr_ExceptionMatches
_PyErr_Format
_PyErr_GetTopmostException
_PyErr_Restore
_PyErr_SetObject
_PyErr_SetString
_PyList_Extend
_PyLong_AsInt
_PyLong_FromByteArray
_PyLong_New
_PyModuleSpec_IsInitializing
_PyObject_CallFunction_SizeT
_PyObject_CallMethod
_PyObject_CallMethod_SizeT
_PyObject_FastCall
_PyObject_LookupAttr
_PyObject_LookupSpecialId
_PyObject_MakeTpCall
_PyRuntime
_PySet_NextEntry
_PyUnicode_JoinArray
_Py_BuildValue_SizeT
_Py_CheckFunctionResult
_Py_Dealloc
_Py_EllipsisObject
_Py_FalseStruct
_Py_NoneStruct
_Py_TrueStruct
_Py_hashtable_compare_direct
_Py_hashtable_destroy
_Py_hashtable_hash_ptr
_Py_hashtable_new_full
_Py_hashtable_set
advapi32
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
iphlpapi
GetAdaptersAddresses
GetNetworkParams
kernel32
CloseHandle
CreateFileA
CreateFileMappingA
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
FlushViewOfFile
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetProcAddress
GetProcessHeap
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalFree
MapViewOfFile
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
msvcrt
__iob_func
_amsg_exit
_errno
_get_osfhandle
_initterm
_lock
_snprintf
_stat64
_time64
_unlock
_vsnprintf
abort
calloc
clock
exit
fprintf
fputc
fread
free
fwrite
getc
getenv
isprint
isxdigit
malloc
memcmp
memcpy
memmove
memset
rand
realloc
signal
sprintf
srand
strchr
strcmp
strerror
strlen
strncmp
strncpy
strrchr
strstr
toupper
vfprintf
user32
wsprintfA
ws2_32
WSACleanup
WSAGetLastError
WSAStartup
closesocket
gethostbyname
htons
inet_ntoa
ntohl
recvfrom
sendto
setsockopt
socket
Exports
Exports
Sections
.text Size: 499KB - Virtual size: 499KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 25KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 93B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ