4960c428474b8632d420c9a5aa342f6e

Sharing

Copy URL Twitter E-mail

General

Target

4960c428474b8632d420c9a5aa342f6e
Size

48KB
MD5

4960c428474b8632d420c9a5aa342f6e
SHA1

669a78e659888c005c63438e80a4c85da0a026ac
SHA256

3489f4bc9bee4b81f95364a58fa70785c800e02ca29dee4576857784a8c2a0d2
SHA512

35de749c02ce8623aeb11ecf99e6017ad05c98ec628bb67490680ca24b555469c4679d2e635bf0075c72b930a125e7e25eb9b398a60412f72eba158a91aaba1a
SSDEEP

1536:3A+M0UEzRFn8HD0RXpUOkpuFZ7yQAfPz/:Q+M07zRF8UXpUOvFIQAfPb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4960c428474b8632d420c9a5aa342f6e

Files

4960c428474b8632d420c9a5aa342f6e
.dll windows:4 windows x86 arch:x86

0982490bd25b963002a09063474a6993

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libpython2.6

PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
PyCObject_FromVoidPtr
PyCode_New
PyDict_GetItem
PyDict_New
PyDict_SetItem
PyErr_Clear
PyErr_Fetch
PyErr_Format
PyErr_NewException
PyErr_NoMemory
PyErr_Occurred
PyErr_Restore
PyErr_SetFromErrno
PyErr_SetObject
PyErr_SetString
PyEval_CallObjectWithKeywords
PyEval_GetGlobals
PyExc_AttributeError
PyExc_IOError
PyExc_RuntimeError
PyExc_TypeError
PyExc_ValueError
PyFile_AsFile
PyFile_Type
PyFrame_New
PyInt_AsLong
PyInt_FromLong
PyList_Append
PyList_New
PyModule_AddIntConstant
PyModule_AddObject
PyModule_AddStringConstant
PyModule_GetDict
PyModule_New
PyObject_Call
PyObject_CallFunction
PyObject_GC_Del
PyObject_GC_Track
PyObject_GC_UnTrack
PyObject_GetAttrString
PyObject_IsTrue
PyObject_SetAttrString
PyString_AsString
PyString_FromString
PyString_FromStringAndSize
PySys_GetObject
PyTraceBack_Here
PyTuple_New
PyTuple_Pack
PyType_IsSubtype
PyType_Type
PyUnicodeUCS2_Decode
PyUnicodeUCS2_DecodeUTF8
Py_BuildValue
Py_FindMethod
Py_InitModule4
_PyObject_GC_New
_PyThreadState_Current
_Py_HashSecret
_Py_NoneStruct
_Py_TrueStruct
_Py_ZeroStruct

cygwin1

__ctype_ptr__
_impure_ptr
calloc
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
fread
free
malloc
memcpy
realloc
sprintf
strcmp
strlen

cygexpat-1

XML_ErrorString
XML_ExpatVersion
XML_ExpatVersionInfo
XML_ExternalEntityParserCreate
XML_FreeContentModel
XML_GetBase
XML_GetBuffer
XML_GetCurrentByteIndex
XML_GetCurrentColumnNumber
XML_GetCurrentLineNumber
XML_GetErrorCode
XML_GetFeatureList
XML_GetInputContext
XML_GetSpecifiedAttributeCount
XML_Parse
XML_ParseBuffer
XML_ParserCreate
XML_ParserCreateNS
XML_ParserCreate_MM
XML_ParserFree
XML_SetAttlistDeclHandler
XML_SetBase
XML_SetCharacterDataHandler
XML_SetCommentHandler
XML_SetDefaultHandler
XML_SetDefaultHandlerExpand
XML_SetElementDeclHandler
XML_SetElementHandler
XML_SetEndCdataSectionHandler
XML_SetEndDoctypeDeclHandler
XML_SetEndElementHandler
XML_SetEndNamespaceDeclHandler
XML_SetEntityDeclHandler
XML_SetExternalEntityRefHandler
XML_SetHashSalt
XML_SetNamespaceDeclHandler
XML_SetNotStandaloneHandler
XML_SetNotationDeclHandler
XML_SetParamEntityParsing
XML_SetProcessingInstructionHandler
XML_SetReturnNSTriplet
XML_SetSkippedEntityHandler
XML_SetStartCdataSectionHandler
XML_SetStartDoctypeDeclHandler
XML_SetStartElementHandler
XML_SetStartNamespaceDeclHandler
XML_SetUnknownEncodingHandler
XML_SetUnparsedEntityDeclHandler
XML_SetUserData
XML_SetXmlDeclHandler
XML_StopParser
XML_UseForeignDTD

kernel32

GetModuleHandleA
GetProcAddress

Exports

Exports

initpyexpat

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 696B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0982490bd25b963002a09063474a6993

Headers

File Characteristics

Imports

libpython2.6

cygwin1

cygexpat-1

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 7KB - Virtual size: 6KB

/4 Size: 512B - Virtual size: 4B

.bss Size: - Virtual size: 696B

.edata Size: 512B - Virtual size: 74B

.idata Size: 5KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 7KB - Virtual size: 6KB

/4
Size: 512B - Virtual size: 4B

.bss
Size: - Virtual size: 696B

.edata
Size: 512B - Virtual size: 74B

.idata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB