479e7bfa75b4f41f5f82e50950fb3138bc0352fb934026cfbb7055a7251bf0d6

General

Target

479e7bfa75b4f41f5f82e50950fb3138bc0352fb934026cfbb7055a7251bf0d6
Size

10KB
MD5

daede26395f5bb579fba8136120cf44b
SHA1

56e6faa4c593201752caa4a2b7bfe379be89a2e9
SHA256

479e7bfa75b4f41f5f82e50950fb3138bc0352fb934026cfbb7055a7251bf0d6
SHA512

91363ab3ed541b49ef9f33e6e3fee2e44d76fe51a899d922f49f8d22d1572b91ef4dd7c4288cb4f02222d176d2b01fcabe7a94cd085039776fc2d44a87637511
SSDEEP

96:QaGxymHTAZypaSV701Al/Q4MgJyUSUxsPU1twdzEBZrXKGdcDVGJBZ7QrOiw0rNB:QImHTzwSV70DBIwZyZhcDwZ8rpwCNL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
479e7bfa75b4f41f5f82e50950fb3138bc0352fb934026cfbb7055a7251bf0d6

Files

479e7bfa75b4f41f5f82e50950fb3138bc0352fb934026cfbb7055a7251bf0d6
.dll windows:6 windows x64 arch:x64

46a85b2608a179df3dc2c874c87ace24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python36

PyCapsule_Import
PyImport_ImportModule

kernel32

InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
IsDebuggerPresent

vcruntime140

memset
__C_specific_handler
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table

Exports

Exports

PyInit___init__
PyInit_nodes

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46a85b2608a179df3dc2c874c87ace24

Headers

DLL Characteristics

File Characteristics

Imports

python36

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 456B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 40B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 456B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 40B