python[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

python.exe
Size

26KB
MD5

2b42a7296c485fed8ba02b65978803ed
SHA1

5ea85e4e3cc374162667cb70ff418363b27ee2dc
SHA256

faf47a394eab423708736ef9cb6d33c7e9a369c1b84878a3182b94fa99ecb8a1
SHA512

203893f3e80093c8f9e4ffa3a8eb4dc3a6da182c5f7f1b406711b94dec89fbcf8d760f1c901913edadf96308008f4755296dd4dfff2424040707d77e0c03fc0f
SSDEEP

384:Ndc0QCQoaZaS8H9VkUllsmMIpIagQ4xHXaiWj/HVw6V7gC:LQTilLMIpNiWjPVNp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
python.exe

Files

python.exe
.exe windows:4 windows x86

85593cf701dc1143b225eb08ca5d88c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

python25

Py_Main

msvcr80

__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_adjust_fdiv
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_lock

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ