bf322a838353f29666900bc145f7a995009f9895ef37a5d77f7165c00bab9be8

Sharing

Copy URL

Twitter E-mail

General

Target

bf322a838353f29666900bc145f7a995009f9895ef37a5d77f7165c00bab9be8
Size

23KB
MD5

542186a84d2ce57681153afa5aadaf46
SHA1

9130560766a90942d7551303c97f5d95421acf7b
SHA256

bf322a838353f29666900bc145f7a995009f9895ef37a5d77f7165c00bab9be8
SHA512

a17ed8b99b92270c6574b631468fa329228d7e716541caf82f11d75c3988d77cebb587ef31dd089771cd86ef2210676341243a183f2ba837a9d3c57e4d09fb60
SSDEEP

384:CxgbVj7YdpWNvR1ybWaAF9sLcAFJeOpecrjPMsnupTw7u9a0sjWIACV:HGdGp4iF9sQmJegekksas0IWIACV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf322a838353f29666900bc145f7a995009f9895ef37a5d77f7165c00bab9be8

Files

bf322a838353f29666900bc145f7a995009f9895ef37a5d77f7165c00bab9be8
.dll windows:6 windows x64 arch:x64

c3f169435e840ee1febb8471c19c65e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\b\abs_abfc_k0l_o\croot\python-split_1709054685618\work\PCbuild\amd64\_bz2.pdb

Imports

libbz2

BZ2_bzDecompressInit
BZ2_bzDecompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzCompress
BZ2_bzDecompressEnd

python312

PyModule_GetState
PyExc_SystemError
PyMem_RawFree
PyBuffer_Release
PyObject_GetBuffer
_PyNumber_Index
PyThread_release_lock
_Py_Dealloc
PyModule_AddType
PyMem_Malloc
PyMem_Realloc
PyType_FromModuleAndSpec
PyType_GetModuleByDef
PyBytes_FromStringAndSize
PyList_New
PyModuleDef_Init
PyExc_OSError
PyErr_NoMemory
PyMem_Free
PyThread_free_lock
PyList_Append
PyExc_EOFError
PyEval_RestoreThread
PyErr_Format
PyExc_ValueError
_PyArg_UnpackKeywords
PyErr_SetString
_PyArg_BadArgument
PyThread_acquire_lock
_PyArg_NoPositional
PyMem_RawMalloc
PyThread_allocate_lock
PyExc_MemoryError
PyErr_SetNone
PyBuffer_IsContiguous
PyExc_RuntimeError
PyEval_SaveThread
PyErr_Occurred
_PyArg_CheckPositional
PyLong_AsSsize_t
_PyArg_NoKeywords
_PyLong_AsInt

vcruntime140

memcpy
memset
__std_type_info_destroy_list
__C_specific_handler
memmove

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_narrow_environment

kernel32

DisableThreadLibraryCalls
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId

Exports

Exports

PyInit__bz2

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3f169435e840ee1febb8471c19c65e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libbz2

python312

vcruntime140

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 672B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 112B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 672B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 112B