6f36ca786ad8db398d220e952e02518e3af6b8167e6737bb84d40368ca62e295

Sharing

Copy URL Twitter E-mail

General

Target

6f36ca786ad8db398d220e952e02518e3af6b8167e6737bb84d40368ca62e295
Size

41KB
MD5

a9d900ac6d39c9c608056840cf169e83
SHA1

cd02fd81f9c2d303928c76991d7d88bfa518a64d
SHA256

6f36ca786ad8db398d220e952e02518e3af6b8167e6737bb84d40368ca62e295
SHA512

736569e73d2a2ce23acf66320703dc5899e748cebb77cc2f7365f657414f1dbd214078a7c8e07973492629731d14ee5fa4a77bc335ac1929f7295fcdd04fe4bd
SSDEEP

768:fUALXoi20ILdI3QA5TWfDtNYE7+E00d4POGbjDNNWS6xiVK1ekvLmIEQoEsB0+Tq:fBDooUY5TWLXP7+GdYOBQKnvAT+PR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f36ca786ad8db398d220e952e02518e3af6b8167e6737bb84d40368ca62e295

Files

6f36ca786ad8db398d220e952e02518e3af6b8167e6737bb84d40368ca62e295
.dll windows:5 windows x64 arch:x64

26f387cd7e5dc8b944a2eef8bec9162d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

psapi

GetMappedFileNameA
GetProcessImageFileNameA
EnumProcesses
GetProcessMemoryInfo

kernel32

GetProcessTimes
GetSystemInfo
GlobalMemoryStatusEx
FreeLibrary
GetProcAddress
LoadLibraryA
ReadProcessMemory
Thread32Next
ResumeThread
SuspendThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
GetThreadTimes
QueryDosDeviceA
GetPriorityClass
SetPriorityClass
GetProcessIoCounters
GetProcessAffinityMask
WaitForSingleObject
GetDiskFreeSpaceExW
DeviceIoControl
CreateFileA
SetLastError
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
GetProcessHandleCount
VirtualQueryEx
GetModuleHandleA
Process32Next
Process32First
LocalFree
GetCurrentProcess
lstrcmpiA
GetCurrentThread
GetExitCodeProcess
OpenProcess
GetLastError
TerminateProcess
CloseHandle
GetSystemTimeAsFileTime
GetTickCount
DisableThreadLibraryCalls
Sleep
DecodePointer
GetCurrentThreadId
QueryPerformanceCounter
EncodePointer
SetProcessAffinityMask
GetCurrentProcessId

advapi32

LookupPrivilegeValueA
GetTokenInformation
OpenThreadToken
ImpersonateSelf
RevertToSelf
LookupAccountSidA
AdjustTokenPrivileges
LookupPrivilegeNameA
OpenProcessToken

shell32

CommandLineToArgvW

iphlpapi

GetIfEntry
GetAdaptersAddresses

wtsapi32

WTSCloseServer
WTSQuerySessionInformationA
WTSEnumerateSessionsA
WTSOpenServerA
WTSFreeMemory

python27

PyModule_AddIntConstant
PyErr_NewException
Py_InitModule4_64
PyErr_SetObject
PyObject_CallFunction
PyExc_OSError
PyErr_Format
PyLong_FromLong
PySequence_Check
PySequence_Contains
PyTuple_New
PyExc_NotImplementedError
PyObject_IsTrue
PyExc_TypeError
PyUnicodeUCS2_FromWideChar
PyUnicodeUCS2_AsUTF8String
PyErr_Clear
PyEval_SaveThread
PyEval_RestoreThread
PyInt_FromLong
PyErr_SetFromWindowsErr
_Py_NoneStruct
PyList_New
PyList_Append
PyArg_ParseTuple
PyBool_FromLong
Py_BuildValue
PyDict_SetItemString
PyDict_New
PyUnicodeUCS2_FromObject
PyDict_SetItem
PyExc_RuntimeError
_Py_TrueStruct
PyErr_SetString
_Py_ZeroStruct

msvcr100

_amsg_exit
malloc
sprintf
memset
memcpy
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
__C_specific_handler
free
_encoded_null
_initterm_e
_initterm
_malloc_crt
realloc
strerror
strchr

Exports

Exports

init_psutil_mswindows

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26f387cd7e5dc8b944a2eef8bec9162d

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

advapi32

shell32

iphlpapi

wtsapi32

python27

msvcr100

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 6KB - Virtual size: 6KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 376B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 6KB - Virtual size: 6KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 376B