eb3eef9a4cbf256c8a8230919cee06298b05d75d600bfe50af8e2c3b7509b506

Sharing

Copy URL

Twitter E-mail

General

Target

eb3eef9a4cbf256c8a8230919cee06298b05d75d600bfe50af8e2c3b7509b506
Size

577KB
MD5

bfa882840b255a432018a0171e318173
SHA1

d633c456f1ceae2acf23e3b69b7fbf68ff5292a8
SHA256

eb3eef9a4cbf256c8a8230919cee06298b05d75d600bfe50af8e2c3b7509b506
SHA512

17e08739a69509ef495e94a1fe051be0cfa11f979b205e6105122372d54feca2d8504a666ca275905a68e5f5a0c3c25244bc93409689e00f58478abbbac8fffa
SSDEEP

12288:AwstX0rdXH9jc6y4lTuVze4EGZYgDZ2hsM+D:4tX0rdXH9jZlTuVy4EGRXD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb3eef9a4cbf256c8a8230919cee06298b05d75d600bfe50af8e2c3b7509b506

Files

eb3eef9a4cbf256c8a8230919cee06298b05d75d600bfe50af8e2c3b7509b506
.dll windows:6 windows x86

3c9b7d73599ace0890c69fd9acea136e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentVariableA
InitializeCriticalSectionEx
OpenFile
GetFullPathNameA
FindNextFileA
GetCurrentDirectoryA
FindFirstFileA
GetFileAttributesExA
CompareFileTime
ReadFile
DebugBreak
FindClose
SetCurrentDirectoryA
HeapFree
lstrlenA
HeapAlloc
GetProcessHeap
MultiByteToWideChar
GetTempPathA
GetLastError
DecodePointer
DeleteCriticalSection
SetEnvironmentVariableA
GetLongPathNameA
GetDriveTypeA
FreeLibrary
GetModuleFileNameA
GetCurrentProcess
SetErrorMode
GetVolumeInformationA
OpenProcess
GetDiskFreeSpaceA
CompareStringA
LoadLibraryA
GetVersionExA
CloseHandle
GetLocalTime
GetProcAddress
VerSetConditionMask
VerifyVersionInfoW
WriteFile
SetFilePointer
CreateFileA
CreateDirectoryA
GetLocaleInfoA
GlobalLock
LocalFree
WideCharToMultiByte
FormatMessageA
GlobalUnlock
GlobalHandle
ExpandEnvironmentStringsA
GetTimeFormatA
GetFinalPathNameByHandleA
GetUserDefaultLCID
GetDateFormatA
GlobalFree
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileSectionA
GetCurrentThreadId
GetModuleHandleA
AddVectoredExceptionHandler
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentThread
GlobalAlloc
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RaiseException
GetTempFileNameA

python311

Py_VerboseFlag
_Py_Dealloc
_Py_NoneStruct
Py_InitializeZeusLoadLibrary
Py_InitializeZeusFatalHook
PyImport_AppendInittab
PySys_SetArgvEx
PySys_SetObject
Py_SetProgramName
Py_AtExit
Py_IsInitialized
Py_Finalize
Py_InitializeEx
PyRun_SimpleFileExFlags
PyModule_Create2
Py_BuildValue
PyArg_ParseTuple
PyErr_BadArgument
PyModule_GetDict
PyDict_GetItemString
PyTuple_GetItem
PyTuple_Size
PyTuple_New
PyLong_AsLong
PyLong_FromLong
PyUnicode_AsEncodedString
PyBytes_FromString
Py_DebugFlag

shlwapi

UrlCreateFromPathA

msvcp140

?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?bad@ios_base@std@@QBE_NXZ
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?gcount@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QBE_JXZ
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?eof@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

vcruntime140

_setjmp3
_seh_longjmp_unwind4
memmove
_purecall
memcpy
__current_exception_context
__current_exception
__std_type_info_destroy_list
_CxxThrowException
_except_handler4_common
__std_exception_copy
__std_exception_destroy
longjmp
strstr
strchr
__std_terminate
strrchr
memset
__CxxFrameHandler3

api-ms-win-crt-time-l1-1-0

_ctime64
_time64

api-ms-win-crt-stdio-l1-1-0

_getcwd
__stdio_common_vfprintf
fclose
__stdio_common_vsprintf_s
fopen
fwrite
__stdio_common_vsprintf
getc
_ftelli64
fopen_s
__stdio_common_vsnprintf_s
_wfopen_s
ferror
_get_stream_buffer_pointers
__acrt_iob_func
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fgetc
fflush
fputc
_write
__stdio_common_vsscanf

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_seh_filter_dll
_errno
_invalid_parameter_noinfo
strerror
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_set_invalid_parameter_handler

api-ms-win-crt-convert-l1-1-0

mbstowcs
wcstombs
_ecvt_s
atoi
_itoa
strtol
atol
strtod
strtoul
atof

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

islower
isupper
strncpy
_memicmp
tolower
isalnum
isdigit
strncmp
isalpha
toupper
strpbrk
_strrev
isxdigit
_stricmp
_strdup
_strnicmp

api-ms-win-crt-filesystem-l1-1-0

_chdir
_lock_file
_unlock_file
_stat64i32
_chmod
_chdrive
remove

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_recalloc

api-ms-win-crt-utility-l1-1-0

qsort
srand

api-ms-win-crt-math-l1-1-0

_CIfmod
ceil
floor
_finite
_isnan
_except1

advapi32

GetUserNameA
DuplicateToken
OpenProcessToken
AccessCheck
GetFileSecurityA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyA
MapGenericMask

ole32

CoTaskMemFree
CoCreateInstance

shell32

SHBrowseForFolderA
SHGetFileInfoA
SHCreateItemFromParsingName
SHGetPathFromIDListA
SHGetSpecialFolderPathA

user32

IsClipboardFormatAvailable
GetClipboardData
UnregisterClassA
CharLowerA
CloseClipboard
OpenClipboard
SendMessageA
IsCharAlphaNumericA
GetKeyboardLayout
PostQuitMessage
CharUpperA
LoadStringA
PeekMessageA
MessageBoxA
OemToCharA
MessageBeep
CharToOemA
GetAsyncKeyState
CharUpperBuffA

Exports

Exports

execute
kill
version

Sections

.text
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c9b7d73599ace0890c69fd9acea136e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

python311

shlwapi

msvcp140

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

advapi32

ole32

shell32

user32

Exports

Exports

Sections

.text Size: 438KB - Virtual size: 437KB

.rdata Size: 97KB - Virtual size: 96KB

.data Size: 17KB - Virtual size: 26KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 438KB - Virtual size: 437KB

.rdata
Size: 97KB - Virtual size: 96KB

.data
Size: 17KB - Virtual size: 26KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 24KB - Virtual size: 23KB