f87269b8f9115948494c3722a9c11b1252c4edc7d570ce4b0e346679049f961e

Sharing

Copy URL Twitter E-mail

General

Target

f87269b8f9115948494c3722a9c11b1252c4edc7d570ce4b0e346679049f961e
Size

241KB
MD5

6fb410f62395b9b51a04cb75e8634056
SHA1

1bc1caa96e55ec5550b804e56c44b873397fed03
SHA256

f87269b8f9115948494c3722a9c11b1252c4edc7d570ce4b0e346679049f961e
SHA512

73f47efe7fe37a2267fbb9f3996f30c45c9b2834a83a054e25c09b2e9f7e8677c8abbdb832a1bbf5707709fc4d51587783848482d6d6bf654a547ee8b5d66343
SSDEEP

3072:5qRDzgDLS9tgeb23mqbONo4xSnq5MhA3tlKrtpHKr67CH5Abq1:02fMRb2WqOnxSq5Mctl0pHOZ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f87269b8f9115948494c3722a9c11b1252c4edc7d570ce4b0e346679049f961e

Files

f87269b8f9115948494c3722a9c11b1252c4edc7d570ce4b0e346679049f961e
.dll windows:6 windows x64 arch:x64

0048665ca9df1546534cbc438a970f2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libpq

ord9
ord172
ord71
ord5
ord42
ord7
ord16
ord108
ord103
ord14
ord119
ord153
ord152
ord109
ord25
ord26
ord106
ord40
ord134
ord113
ord22
ord37
ord23
ord105
ord133
ord107
ord15
ord143
ord81
ord47
ord160
ord12
ord132
ord39
ord11
ord110
ord82
ord13
ord35
ord154
ord120
ord79
ord18
ord4
ord65
ord186
ord21
ord127
ord174
ord3
ord126
ord131
ord98
ord122
ord96
ord46
ord180
ord121
ord78
ord17
ord48
ord41
ord100
ord101
ord184
ord83
ord84
ord44
ord1
ord8
ord34
ord155
ord165
ord89
ord102
ord19
ord104
ord24
ord10
ord80
ord158
ord97
ord49
ord181
ord136
ord45
ord140
ord94
ord86
ord161
ord33
ord182
ord135
ord118
ord166
ord95
ord111
ord36
ord183
ord138
ord88

python310

PyObject_GetAttr
PyModule_GetName
PyUnicode_FromOrdinal
PyBytes_FromString
PyGILState_Release
PyBytes_AsStringAndSize
_Py_NoneStruct
PyTuple_New
PySequence_Contains
PyDict_SetItemString
PyDict_Size
PyLong_FromLongLong
PyGC_Disable
PyMemoryView_FromObject
PyExc_AttributeError
PyUnicode_New
PyErr_SetString
PyErr_WriteUnraisable
PyErr_WarnFormat
PyExc_ValueError
PyLong_FromUnsignedLong
PyDict_Next
PyErr_Format
PyDict_Type
PyObject_RichCompare
PyTuple_Type
_Py_FalseStruct
PyImport_GetModule
PyNumber_InPlaceAdd
PyFloat_Type
PyModule_NewObject
PyMethod_Type
PyLong_Type
PyType_IsSubtype
PyErr_Restore
PyExc_OverflowError
PyCode_NewWithPosOnlyArgs
_Py_Dealloc
PyTuple_GetItem
PyImport_GetModuleDict
PyModule_GetDict
PyObject_Format
PyObject_Free
PyErr_ExceptionMatches
PyCapsule_GetPointer
PyModule_AddObject
PyObject_CheckBuffer
PyObject_GC_Del
PyErr_Fetch
PyLong_AsLong
PyObject_ClearWeakRefs
PyObject_Init
PyObject_Not
_PyUnicodeWriter_Finish
PyUnicode_AsUTF8
PyUnicode_FromFormat
PyObject_GetBuffer
PyList_New
PyObject_GC_IsFinalized
PyImport_AddModule
PyType_Ready
PyObject_GetAttrString
PyErr_Clear
PyList_Append
PyBytes_Type
PyObject_RichCompareBool
PyUnicode_Decode
PyException_SetTraceback
PyCapsule_New
_PyObject_GenericGetAttrWithDict
PyDict_SetItem
PyDict_New
Py_GetVersion
PyObject_CallFinalizerFromDealloc
_PyDict_GetItem_KnownHash
PyMem_Free
PyClassMethod_New
PyList_Type
PyErr_NoMemory
PyDict_GetItemString
_PyFloat_FormatAdvancedWriter
PyObject_GetItem
PyModuleDef_Init
PyObject_GC_Track
PyBytes_FromStringAndSize
PyExc_NotImplementedError
PyGILState_Ensure
PyDict_DelItem
PyNumber_Long
PyUnicode_Compare
_PyUnicodeWriter_Init
PyObject_IsSubclass
PyExc_TypeError
PyMem_Realloc
PyObject_IsTrue
PyExc_NameError
PyTuple_Pack
_PyByteArray_empty_string
Py_OptimizeFlag
_PyUnicode_Ready
PyMem_Malloc
Py_EnterRecursiveCall
PyExc_ImportError
_Py_TrueStruct
PyExc_SystemError
_PyUnicode_FastCopyCharacters
PyObject_SetItem
_PyObject_GC_New
PyType_Modified
PyMethodDescr_Type
PyUnicode_FromString
_PyUnicodeWriter_Dealloc
_PyType_Lookup
PyUnicode_Format
PyObject_Size
PyBuffer_Release
PyObject_Call
PyByteArray_Type
PyType_Type
PySequence_Tuple
_PyLong_FormatAdvancedWriter
PyEval_RestoreThread
PyUnicode_FromStringAndSize
_PyObject_GetDictPtr
PyBaseObject_Type
PyBytes_AsString
PyImport_ImportModule
Py_LeaveRecursiveCall
_PyDict_SetItem_KnownHash
PyExc_DeprecationWarning
PyFrame_New
PyErr_PrintEx
PyExc_RuntimeWarning
PyErr_WarnEx
PyLong_AsUnsignedLong
PyErr_GivenExceptionMatches
PyCode_NewEmpty
PyErr_SetObject
PyExc_Exception
PyThreadState_Get
PyDescr_NewClassMethod
PyOS_snprintf
PyCFunction_Type
PyUnicode_InternFromString
PyObject_SetAttr
PyExc_BufferError
PyGC_Enable
PyInterpreterState_GetID
PyUnicode_Concat
PyObject_Hash
PyObject_GC_UnTrack
PyLong_FromLong
PyObject_SetAttrString
PyMethod_New
PyExc_RuntimeError
_PyThreadState_UncheckedGet
PyEval_SaveThread
PyTraceBack_Here
PyObject_GenericGetAttr
PyUnicode_DecodeUTF8
PyLong_FromSsize_t
PyErr_Occurred
PyErr_NormalizeException
PyUnicode_Type
PyImport_ImportModuleLevelObject
PyTuple_GetSlice

kernel32

RtlCaptureContext
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
QueryPerformanceCounter

vcruntime140

__std_type_info_destroy_list
memset
memcmp
__C_specific_handler
strrchr
memcpy

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

_fdopen

Exports

Exports

PyInit_pq

Sections

.text
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0048665ca9df1546534cbc438a970f2f

Headers

DLL Characteristics

File Characteristics

Imports

libpq

python310

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 187KB - Virtual size: 187KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 10KB - Virtual size: 17KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 187KB - Virtual size: 187KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 10KB - Virtual size: 17KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1KB - Virtual size: 1KB