ec5ac58434962ff6bbde6c434bd1a38e257806362210a3debcf780da9b01c689

Sharing

Copy URL

Twitter E-mail

General

Target

ec5ac58434962ff6bbde6c434bd1a38e257806362210a3debcf780da9b01c689
Size

615KB
MD5

7478afbdf5f160f8e89650241eac02b0
SHA1

56992237bc2b4cb8df4685bae018606cb2e45aee
SHA256

ec5ac58434962ff6bbde6c434bd1a38e257806362210a3debcf780da9b01c689
SHA512

a03f23083ad2f186345025d93a6363c484018d5163188193ec24f81d45cb844427ba686de4c758422d9f6055fecc16d5d6707abe6970a1c9baac3d29204d18c0
SSDEEP

12288:rR2eRPG535E/jAUv/L7regKwCLXFc6VjM3:rR2eRPGvmnv/ygKRE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec5ac58434962ff6bbde6c434bd1a38e257806362210a3debcf780da9b01c689

Files

ec5ac58434962ff6bbde6c434bd1a38e257806362210a3debcf780da9b01c689
.dll windows:6 windows x64

73bae6a5a7417c4c0c6c288edb96b341

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

zlib

inflateEnd
deflate
deflateEnd
zlibVersion
deflateInit2_
deflateSetDictionary
inflate
inflateInit_

tiff

TIFFClientOpen
TIFFComputeStrip
TIFFGetFieldDefaulted
TIFFIsTiled
TIFFFlush
TIFFError
TIFFClose
TIFFFdOpen
TIFFSetWarningHandler
TIFFSetSubDirectory
TIFFVSetField
TIFFReadEncodedStrip
TIFFGetField
TIFFSetWarningHandlerExt
TIFFRGBAImageBegin
TIFFTileRowSize
TIFFTileSize
TIFFReadTile
TIFFScanlineSize
TIFFStripSize
TIFFMergeFieldInfo
TIFFRGBAImageGet
TIFFGetVersion
TIFFSetField
TIFFWriteScanline
_TIFFmemcpy
TIFFRGBAImageEnd
TIFFRGBAImageOK

kernel32

GetCurrentProcess
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetModuleHandleA
GlobalSize
LoadLibraryA
GetProcAddress
GlobalLock
FreeLibrary
GlobalUnlock
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

RegisterClipboardFormatA
InvalidateRect
SetForegroundWindow
SetWindowLongPtrA
GetWindowLongPtrA
LoadIconA
GetClipboardData
TranslateMessage
CreateWindowExA
DefWindowProcA
ReleaseDC
EnumClipboardFormats
CloseClipboard
OpenClipboard
ShowWindow
GetSystemMetrics
FillRect
GetDC
LoadCursorA
GetWindowRect
DispatchMessageA
GetMessageA
EndPaint
BeginPaint
RegisterClassA

gdi32

CreateCompatibleDC
GdiFlush
PlayEnhMetaFile
SetEnhMetaFileBits
GetStockObject
DeleteObject
SetDIBColorTable
StretchBlt
GetDIBits
DeleteEnhMetaFile
GetDeviceCaps
DeleteDC
CreateDIBSection
SetWinMetaFileBits
SelectObject
CreateCompatibleBitmap
BitBlt
CreatePalette
SelectPalette
GetSystemPaletteEntries
StretchDIBits
RealizePalette
CreateDCA

python39

PyBytes_FromStringAndSize
_PyObject_New
PyExc_TypeError
PyExc_IndexError
_Py_TrueStruct
PyObject_Print
PyList_SetItem
PyUnicode_FromString
PyObject_Size
PyBuffer_Release
PyEval_RestoreThread
PyExc_RuntimeError
PyThreadState_Get
_PyObject_CallFunction_SizeT
PySys_GetObject
PyFile_WriteString
PyErr_Print
PyThreadState_Swap
PyList_Size
PyErr_Format
PyErr_SetFromErrno
_PyBytes_Resize
PyTuple_Size
PyBytes_Size
PyList_GetItem
PyDict_GetItem
PyExc_SystemError
PyLong_AsSsize_t
PyObject_CallMethod
PyExc_MemoryError
PyArg_ParseTuple
PyExc_OSError
PySlice_Type
PySequence_GetItem
PySlice_Unpack
Py_BuildValue
PyObject_CallFunction
PyErr_ExceptionMatches
PyIndex_Check
PyNumber_Check
PyNumber_AsSsize_t
PyType_IsSubtype
PyFloat_Type
_Py_FalseStruct
PyExc_ValueError
PyErr_SetString
PyFloat_FromDouble
PyTuple_New
PyLong_AsLongLong
PyErr_NoMemory
PyUnicode_Type
_Py_NoneStruct
PyBytes_AsStringAndSize
PySequence_Check
PyFloat_AsDouble
PyDict_New
PyCapsule_New
PyUnicode_AsLatin1String
PyErr_Clear
PyLong_FromLong
PyEval_SaveThread
PyLong_FromSsize_t
_PyObject_CallMethod_SizeT
PyErr_Occurred
PyBytes_AsString
_PyErr_BadInternalCall
PyType_Ready
PyModule_Create2
PyList_New
PySequence_Fast
PyModule_AddIntConstant
PyObject_GetBuffer
PyLong_AsLong
_PyArg_ParseTuple_SizeT
PyObject_CheckBuffer
_Py_BuildValue_SizeT
PyBool_FromLong
PySequence_Size
PyModule_AddObject
PyObject_Free
PyModule_GetDict
PyTuple_GetItem
PySlice_AdjustIndices
_Py_Dealloc
PyDict_SetItemString

vcruntime140

memmove
__intrinsic_setjmp
memcpy
__C_specific_handler
memset
longjmp
__std_type_info_destroy_list
memcmp

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
realloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf
_lseek
_write
tmpfile
fseek
fread
__stdio_common_vsscanf
fwrite
fclose
fopen
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

strncpy
strncmp

api-ms-win-crt-runtime-l1-1-0

exit
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_cexit

api-ms-win-crt-math-l1-1-0

log
pow
ceil
cos
floor
sin
round
roundf
fmod
sqrt
lround
fmin
hypot
fmax

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

PyInit__imaging

Sections

.text
Size: 494KB - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73bae6a5a7417c4c0c6c288edb96b341

Headers

DLL Characteristics

File Characteristics

Imports

zlib

tiff

kernel32

user32

gdi32

python39

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 494KB - Virtual size: 493KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 23KB - Virtual size: 25KB

.pdata Size: 21KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 494KB - Virtual size: 493KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 23KB - Virtual size: 25KB

.pdata
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 3KB - Virtual size: 3KB