C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32service.pdb
Static task
static1
1 signatures
General
-
Target
win32service.pyd
-
Size
57KB
-
MD5
6fd78a29105da8691f0cdb740946932f
-
SHA1
b67d1e134560f7cea3b81860a3ac5fa6401229d1
-
SHA256
147aeba1123b598e246cb3793c1f968331e572660ad508eb9217cb5ed31bc18d
-
SHA512
a84d7fa3a465b578beef4257ce282924506eec990c29fc758d9913d670c5532a8f49346d36d664379fcf5a71835eeeca1b5870c7082c1f71d7683e18521165ca
-
SSDEEP
768:KOubrAR8N+qOc44bO91hG3T8uyDPPzLJi1SCH4wVdbvkZfoN:rubrAi353Mhmw9DXoMY4wfvkZfoN
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource win32service.pyd
Files
-
win32service.pyd.dll windows:6 windows x64 arch:x64
de259aee359495beae5184ae0b5cdbdf
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
advapi32
QueryServiceObjectSecurity
EnumServicesStatusW
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
StartServiceW
GetServiceDisplayNameW
EnumDependentServicesW
GetServiceKeyNameW
ControlService
SetServiceObjectSecurity
DeleteService
LockServiceDatabase
SetServiceStatus
OpenSCManagerW
CloseServiceHandle
UnlockServiceDatabase
QueryServiceLockStatusW
QueryServiceStatus
CreateServiceW
user32
CreateWindowStationW
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
SwitchDesktop
GetUserObjectInformationW
EnumDesktopWindows
OpenInputDesktop
SetProcessWindowStation
CreateDesktopW
CloseDesktop
GetThreadDesktop
CloseWindowStation
EnumWindowStationsW
EnumDesktopsW
SetThreadDesktop
SetUserObjectInformationW
python312
PyExc_NotImplementedError
PyLong_AsUnsignedLong
PyErr_Occurred
PyObject_GenericGetAttr
PyEval_SaveThread
PyLong_FromLong
PyExc_MemoryError
_Py_NoneStruct
PyTuple_New
PyBool_FromLong
PyDict_SetItemString
PyErr_SetString
PyExc_ValueError
PyLong_FromUnsignedLong
_PyArg_ParseTupleAndKeywords_SizeT
PyErr_Format
_Py_Dealloc
PyLong_AsUnsignedLongMask
PyModule_GetDict
_PyArg_ParseTuple_SizeT
PyList_New
PyModule_Create2
PyType_Ready
PyErr_Clear
PyList_Append
PyObject_GenericSetAttr
PyMem_Free
PyTuple_SetItem
PyEval_RestoreThread
PyObject_IsTrue
PyExc_TypeError
PyErr_NoMemory
_Py_BuildValue_SizeT
pywintypes312
?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z
?Detach@PyHANDLE@@SAPEAU_object@@PEAU2@0@Z
?Close@PyHANDLE@@UEAAHXZ
??0PyHANDLE@@QEAA@PEAX@Z
?PyWinObject_AsSECURITY_DESCRIPTOR@@YAHPEAU_object@@PEAPEAXH@Z
?PyWinObject_FromSECURITY_DESCRIPTOR@@YAPEAU_object@@PEAX@Z
?PyWinLong_FromVoidPtr@@YAPEAU_object@@PEBX@Z
?PyWinObject_FreeMultipleString@@YAXPEA_W@Z
?PyWinObject_AsSECURITY_ATTRIBUTES@@YAHPEAU_object@@PEAPEAU_SECURITY_ATTRIBUTES@@H@Z
?PyWinGlobals_Ensure@@YAHXZ
?PyWinObject_FromSID@@YAPEAU_object@@PEAX@Z
?PyWinObject_FromMultipleString@@YAPEAU_object@@PEA_W@Z
?PyHANDLEType@@3U_typeobject@@A
?PyWinObject_FromHANDLE@@YAPEAU_object@@PEAX@Z
?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z
?GetTypeName@PyHANDLE@@UEAAPEBDXZ
?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z
?PyWinExc_ApiError@@3PEAU_object@@EA
?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z
?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z
?PyWinObject_AsMultipleString@@YAHPEAU_object@@PEAPEA_WHPEAK@Z
?PyWinObject_FreeWCHARArray@@YAXPEAPEA_WK@Z
?PyWinObject_AsWCHARArray@@YAHPEAU_object@@PEAPEAPEA_WPEAKH@Z
?PyWinObject_FreeWCHAR@@YAXPEA_W@Z
??1PyHANDLE@@UEAA@XZ
kernel32
LoadLibraryW
GetProcAddress
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetLastError
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_type_info_destroy_list
__current_exception_context
__std_terminate
__C_specific_handler
api-ms-win-crt-heap-l1-1-0
malloc
_callnewh
free
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
terminate
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_crt_atexit
_register_onexit_function
_execute_onexit_table
_cexit
_crt_at_quick_exit
api-ms-win-crt-string-l1-1-0
strcmp
Exports
Exports
PyInit_win32service
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ