970532d1680b38d480ccc163e625f58d157c7ff60a9387b6946c8fc3ac09508a

Sharing

Copy URL Twitter E-mail

General

Target

970532d1680b38d480ccc163e625f58d157c7ff60a9387b6946c8fc3ac09508a
Size

51KB
MD5

476e83ea368af43f68ced9ab85068684
SHA1

f6f88e9db80871678e955e92c2aa26f6dd3c3b94
SHA256

970532d1680b38d480ccc163e625f58d157c7ff60a9387b6946c8fc3ac09508a
SHA512

4b0e21f05a7500694108294307f113e13477287636ef229c9d678caab143df4842372983d292b24373b7eccf94463ec2edeb5e793e852c7510b7f1b6956e47af
SSDEEP

1536:d6uiskYXhYexVAEyfIfnouy8VPf4ODdwQ0:d6XskYxYexVjVPoutVPgGd

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
970532d1680b38d480ccc163e625f58d157c7ff60a9387b6946c8fc3ac09508a

Files

970532d1680b38d480ccc163e625f58d157c7ff60a9387b6946c8fc3ac09508a
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0PyACL@@QAE@HH@Z
??0PyACL@@QAE@PAU_ACL@@@Z
??0PyDEVMODEA@@QAE@G@Z
??0PyDEVMODEA@@QAE@PAU_devicemodeA@@@Z
??0PyDEVMODEA@@QAE@XZ
??0PyDEVMODEW@@QAE@G@Z
??0PyDEVMODEW@@QAE@PAU_devicemodeW@@@Z
??0PyDEVMODEW@@QAE@XZ
??0PyHANDLE@@QAE@ABV0@@Z
??0PyHANDLE@@QAE@PAX@Z
??0PyHKEY@@QAE@ABV0@@Z
??0PyHKEY@@QAE@PAX@Z
??0PyIID@@QAE@ABU_GUID@@@Z
??0PyOVERLAPPED@@QAE@PBVsMyOverlapped@0@@Z
??0PyOVERLAPPED@@QAE@XZ
??0PySECURITY_ATTRIBUTES@@QAE@ABU_SECURITY_ATTRIBUTES@@@Z
??0PySECURITY_ATTRIBUTES@@QAE@XZ
??0PySECURITY_DESCRIPTOR@@QAE@H@Z
??0PySECURITY_DESCRIPTOR@@QAE@PAX@Z
??0PySID@@QAE@HPAX@Z
??0PySID@@QAE@PAX@Z
??0PyTime@@QAE@ABU_FILETIME@@@Z
??0PyTime@@QAE@ABU_SYSTEMTIME@@@Z
??0PyTime@@QAE@N@Z
??0PyTime@@QAE@_J@Z
??0PyWAVEFORMATEX@@QAE@ABUtWAVEFORMATEX@@@Z
??0PyWAVEFORMATEX@@QAE@XZ
??0PyWin_AutoFreeBstr@@QAE@PA_W@Z
??0sMyOverlapped@PyOVERLAPPED@@QAE@ABU_OVERLAPPED@@@Z
??0sMyOverlapped@PyOVERLAPPED@@QAE@XZ
??1PyACL@@QAE@XZ
??1PyDEVMODEA@@IAE@XZ
??1PyDEVMODEW@@IAE@XZ
??1PyHANDLE@@UAE@XZ
??1PyHKEY@@UAE@XZ
??1PyOVERLAPPED@@QAE@XZ
??1PySECURITY_ATTRIBUTES@@QAE@XZ
??1PySECURITY_DESCRIPTOR@@QAE@XZ
??1PySID@@QAE@XZ
??1PyWAVEFORMATEX@@QAE@XZ
??1PyWin_AutoFreeBstr@@QAE@XZ
??4PyACL@@QAEAAV0@ABV0@@Z
??4PyDEVMODEA@@QAEAAV0@ABV0@@Z
??4PyDEVMODEW@@QAEAAV0@ABV0@@Z
??4PyHANDLE@@QAEAAV0@ABV0@@Z
??4PyHKEY@@QAEAAV0@ABV0@@Z
??4PyIID@@QAEAAV0@ABV0@@Z
??4PyOVERLAPPED@@QAEAAV0@ABV0@@Z
??4PySECURITY_ATTRIBUTES@@QAEAAV0@ABV0@@Z
??4PySECURITY_DESCRIPTOR@@QAEAAV0@ABV0@@Z
??4PySID@@QAEAAV0@ABV0@@Z
??4PyTime@@QAEAAV0@ABV0@@Z
??4PyWAVEFORMATEX@@QAEAAV0@ABV0@@Z
??4PyWin_AutoFreeBstr@@QAEAAV0@ABV0@@Z
??4sMyOverlapped@PyOVERLAPPED@@QAEAAV01@ABV01@@Z
??BPyHANDLE@@QAEPAXXZ
??BPyWin_AutoFreeBstr@@QAEPA_WXZ
??_7PyHANDLE@@6B@
??_7PyHKEY@@6B@
??_FPyIID@@QAEXXZ
??_FPySECURITY_DESCRIPTOR@@QAEXXZ
??_FPyWin_AutoFreeBstr@@QAEXXZ
?AddAccessAllowedAce@PyACL@@SAPAU_object@@PAU2@0@Z
?AddAccessAllowedAceEx@PyACL@@SAPAU_object@@PAU2@0@Z
?AddAccessAllowedObjectAce@PyACL@@SAPAU_object@@PAU2@0@Z
?AddAccessDeniedAce@PyACL@@SAPAU_object@@PAU2@0@Z
?AddAccessDeniedAceEx@PyACL@@SAPAU_object@@PAU2@0@Z
?AddAccessDeniedObjectAce@PyACL@@SAPAU_object@@PAU2@0@Z
?AddAuditAccessAce@PyACL@@SAPAU_object@@PAU2@0@Z
?AddAuditAccessAceEx@PyACL@@SAPAU_object@@PAU2@0@Z
?AddAuditAccessObjectAce@PyACL@@SAPAU_object@@PAU2@0@Z
?AddMandatoryAce@PyACL@@SAPAU_object@@PAU2@0@Z
?Clear@PyDEVMODEA@@SAPAU_object@@PAU2@0@Z
?Clear@PyDEVMODEW@@SAPAU_object@@PAU2@0@Z
?Close@PyHANDLE@@SAPAU_object@@PAU2@0@Z
?Close@PyHANDLE@@UAEHXZ
?Close@PyHKEY@@UAEHXZ
?DeleteAce@PyACL@@SAPAU_object@@PAU2@0@Z
?Detach@PyHANDLE@@SAPAU_object@@PAU2@0@Z
?Format@PyTime@@SAPAU_object@@PAU2@0@Z
?FreeAbsoluteSD@@YAXPAX@Z
?GetACL@PyACL@@QAEPAU_ACL@@XZ
?GetAce@PyACL@@SAPAU_object@@PAU2@0@Z
?GetAceCount@PyACL@@SAPAU_object@@PAU2@0@Z
?GetAclRevision@PyACL@@SAPAU_object@@PAU2@0@Z
?GetAclSize@PyACL@@SAPAU_object@@PAU2@0@Z
?GetDEVMODE@PyDEVMODEA@@QAEPAU_devicemodeA@@XZ
?GetDEVMODE@PyDEVMODEW@@QAEPAU_devicemodeW@@XZ
?GetLength@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?GetLength@PySID@@SAPAU_object@@PAU2@0@Z
?GetOverlapped@PyOVERLAPPED@@QAEPAU_OVERLAPPED@@XZ
?GetPythonTraceback@@YAPADPAU_object@@00@Z
?GetSA@PySECURITY_ATTRIBUTES@@QAEPAU_SECURITY_ATTRIBUTES@@XZ
?GetSD@PySECURITY_DESCRIPTOR@@QAEPAXXZ
?GetSID@PySID@@QAEPAXXZ
?GetSecurityDescriptorControl@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?GetSecurityDescriptorDacl@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?GetSecurityDescriptorGroup@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?GetSecurityDescriptorOwner@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?GetSecurityDescriptorSacl@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?GetSidIdentifierAuthority@PySID@@SAPAU_object@@PAU2@0@Z
?GetSubAuthority@PySID@@SAPAU_object@@PAU2@0@Z
?GetSubAuthorityCount@PySID@@SAPAU_object@@PAU2@0@Z
?GetTime@PyTime@@QAEHPAN@Z
?GetTime@PyTime@@QAEHPAU_FILETIME@@@Z
?GetTime@PyTime@@QAEHPAU_SYSTEMTIME@@@Z
?GetTypeName@PyHANDLE@@UAEPBDXZ
?GetTypeName@PyHKEY@@UAEPBDXZ
?Initialize@PyACL@@SAPAU_object@@PAU2@0@Z
?Initialize@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?Initialize@PySID@@SAPAU_object@@PAU2@0@Z
?IsEqual@PyIID@@QAEHAAV1@@Z
?IsEqual@PyIID@@QAEHABU_GUID@@@Z
?IsEqual@PyIID@@QAEHPAU_object@@@Z
?IsSelfRelative@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?IsValid@PyACL@@SAPAU_object@@PAU2@0@Z
?IsValid@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?IsValid@PySID@@SAPAU_object@@PAU2@0@Z
?PyACLType@@3U_typeobject@@A
?PyDEVMODEAType@@3U_typeobject@@A
?PyDEVMODEWType@@3U_typeobject@@A
?PyGetAuditedPermissionsFromAcl@PyACL@@SAPAU_object@@PAU2@0@Z
?PyGetEffectiveRightsFromAcl@PyACL@@SAPAU_object@@PAU2@0@Z
?PyGetExplicitEntriesFromAcl@PyACL@@SAPAU_object@@PAU2@0@Z
?PyHANDLEType@@3U_typeobject@@A
?PyIIDType@@3U_typeobject@@A
?PyOVERLAPPEDType@@3U_typeobject@@A
?PyObject_FromWIN32_FIND_DATAA@@YAPAU_object@@PAU_WIN32_FIND_DATAA@@@Z
?PyObject_FromWIN32_FIND_DATAW@@YAPAU_object@@PAU_WIN32_FIND_DATAW@@@Z
?PySECURITY_ATTRIBUTESType@@3U_typeobject@@A
?PySECURITY_DESCRIPTORType@@3U_typeobject@@A
?PySIDType@@3U_typeobject@@A
?PySetEntriesInAcl@PyACL@@SAPAU_object@@PAU2@0@Z
?PySocket_AsSOCKET@@YAHPAU_object@@PAI@Z
?PyTimeType@@3U_typeobject@@A
?PyWAVEFORMATEXType@@3U_typeobject@@A
?PyWinCoreString_FromIID@@YAPAU_object@@ABU_GUID@@@Z
?PyWinCoreString_FromString@@YAPAU_object@@PBDH@Z
?PyWinCoreString_FromString@@YAPAU_object@@PB_WH@Z
?PyWinExc_ApiError@@3PAU_object@@A
?PyWinExc_COMError@@3PAU_object@@A
?PyWinGlobals_Ensure@@YAHXZ
?PyWinGlobals_Free@@YAXXZ
?PyWinInterpreterLock_Acquire@@YAXXZ
?PyWinInterpreterLock_Release@@YAXXZ
?PyWinLong_AsVoidPtr@@YAHPAU_object@@PAPAX@Z
?PyWinLong_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinLong_FromVoidPtr@@YAPAU_object@@PBX@Z
?PyWinMethod_NewACL@@YAPAU_object@@PAU1@0@Z
?PyWinMethod_NewHANDLE@@YAPAU_object@@PAU1@0@Z
?PyWinMethod_NewIID@@YAPAU_object@@PAU1@0@Z
?PyWinMethod_NewOVERLAPPED@@YAPAU_object@@PAU1@0@Z
?PyWinMethod_NewSECURITY_ATTRIBUTES@@YAPAU_object@@PAU1@0@Z
?PyWinMethod_NewSECURITY_DESCRIPTOR@@YAPAU_object@@PAU1@0@Z
?PyWinMethod_NewSID@@YAPAU_object@@PAU1@0@Z
?PyWinMethod_NewTime@@YAPAU_object@@PAU1@0@Z
?PyWinMethod_NewWAVEFORMATEX@@YAPAU_object@@PAU1@0@Z
?PyWinObject_AsACL@@YAHPAU_object@@PAPAU_ACL@@H@Z
?PyWinObject_AsBstr@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_AsCharArray@@YAHPAU_object@@PAPAPADPAKH@Z
?PyWinObject_AsDATE@@YAHPAU_object@@PAN@Z
?PyWinObject_AsDEVMODE@@YAHPAU_object@@PAPAU_devicemodeA@@H@Z
?PyWinObject_AsDEVMODE@@YAHPAU_object@@PAPAU_devicemodeW@@H@Z
?PyWinObject_AsDWORDArray@@YAHPAU_object@@PAPAKPAKH@Z
?PyWinObject_AsFILETIME@@YAHPAU_object@@PAU_FILETIME@@@Z
?PyWinObject_AsHANDLE@@YAHPAU_object@@PAPAX@Z
?PyWinObject_AsHKEY@@YAHPAU_object@@PAPAUHKEY__@@@Z
?PyWinObject_AsIID@@YAHPAU_object@@PAU_GUID@@@Z
?PyWinObject_AsLARGE_INTEGER@@YAHPAU_object@@PAT_LARGE_INTEGER@@@Z
?PyWinObject_AsMSG@@YAHPAU_object@@PAUtagMSG@@@Z
?PyWinObject_AsMultipleString@@YAHPAU_object@@PAPADHPAK@Z
?PyWinObject_AsMultipleString@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_AsOVERLAPPED@@YAHPAU_object@@PAPAU_OVERLAPPED@@H@Z
?PyWinObject_AsPARAM@@YAHPAU_object@@PAI@Z
?PyWinObject_AsPOINT@@YAHPAU_object@@PAUtagPOINT@@@Z
?PyWinObject_AsPfnAllocatedWCHAR@@YAHPAU_object@@P6APAXK@ZPAPA_WHPAK@Z
?PyWinObject_AsPyOVERLAPPED@@YAHPAU_object@@PAPAVPyOVERLAPPED@@H@Z
?PyWinObject_AsRECT@@YAHPAU_object@@PAUtagRECT@@@Z
?PyWinObject_AsReadBuffer@@YAHPAU_object@@PAPAXPAKH@Z
?PyWinObject_AsResourceIdA@@YAHPAU_object@@PAPADH@Z
?PyWinObject_AsResourceIdW@@YAHPAU_object@@PAPA_WH@Z
?PyWinObject_AsSECURITY_ATTRIBUTES@@YAHPAU_object@@PAPAU_SECURITY_ATTRIBUTES@@H@Z
?PyWinObject_AsSECURITY_DESCRIPTOR@@YAHPAU_object@@PAPAXH@Z
?PyWinObject_AsSID@@YAHPAU_object@@PAPAXH@Z
?PyWinObject_AsSYSTEMTIME@@YAHPAU_object@@PAU_SYSTEMTIME@@@Z
?PyWinObject_AsString@@YAHPAU_object@@PAPADHPAK@Z
?PyWinObject_AsTaskAllocatedWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_AsULARGE_INTEGER@@YAHPAU_object@@PAT_ULARGE_INTEGER@@@Z
?PyWinObject_AsWAVEFORMATEX@@YAHPAU_object@@PAPAUtWAVEFORMATEX@@H@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_AsWCHARArray@@YAHPAU_object@@PAPAPA_WPAKH@Z
?PyWinObject_AsWriteBuffer@@YAHPAU_object@@PAPAXPAKH@Z
?PyWinObject_CloseHANDLE@@YAHPAU_object@@@Z
?PyWinObject_CloseHKEY@@YAHPAU_object@@@Z
?PyWinObject_FreeBstr@@YAXPA_W@Z
?PyWinObject_FreeCharArray@@YAXPAPADK@Z
?PyWinObject_FreeMultipleString@@YAXPAD@Z
?PyWinObject_FreeMultipleString@@YAXPA_W@Z
?PyWinObject_FreeResourceId@@YAXPAD@Z
?PyWinObject_FreeResourceId@@YAXPA_W@Z
?PyWinObject_FreeString@@YAXPAD@Z
?PyWinObject_FreeString@@YAXPA_W@Z
?PyWinObject_FreeTaskAllocatedWCHAR@@YAXPA_W@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_FreeWCHARArray@@YAXPAPA_WK@Z
?PyWinObject_FromBstr@@YAPAU_object@@QA_WH@Z
?PyWinObject_FromDATE@@YAPAU_object@@N@Z
?PyWinObject_FromDEVMODE@@YAPAU_object@@PAU_devicemodeA@@@Z
?PyWinObject_FromDEVMODE@@YAPAU_object@@PAU_devicemodeW@@@Z
?PyWinObject_FromFILETIME@@YAPAU_object@@ABU_FILETIME@@@Z
?PyWinObject_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinObject_FromHKEY@@YAPAU_object@@PAUHKEY__@@@Z
?PyWinObject_FromIID@@YAPAU_object@@ABU_GUID@@@Z
?PyWinObject_FromIO_COUNTERS@@YAPAU_object@@PAU_IO_COUNTERS@@@Z
?PyWinObject_FromLARGE_INTEGER@@YAPAU_object@@AAT_LARGE_INTEGER@@@Z
?PyWinObject_FromMSG@@YAPAU_object@@PBUtagMSG@@@Z
?PyWinObject_FromMultipleString@@YAPAU_object@@PAD@Z
?PyWinObject_FromMultipleString@@YAPAU_object@@PA_W@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_WH@Z
?PyWinObject_FromOVERLAPPED@@YAPAU_object@@PBU_OVERLAPPED@@@Z
?PyWinObject_FromRECT@@YAPAU_object@@PAUtagRECT@@@Z
?PyWinObject_FromSECURITY_ATTRIBUTES@@YAPAU_object@@ABU_SECURITY_ATTRIBUTES@@@Z
?PyWinObject_FromSECURITY_DESCRIPTOR@@YAPAU_object@@PAX@Z
?PyWinObject_FromSID@@YAPAU_object@@PAX@Z
?PyWinObject_FromSYSTEMTIME@@YAPAU_object@@ABU_SYSTEMTIME@@@Z
?PyWinObject_FromTCHAR@@YAPAU_object@@PBDH@Z
?PyWinObject_FromTimeStamp@@YAPAU_object@@ABT_LARGE_INTEGER@@@Z
?PyWinObject_FromULARGE_INTEGER@@YAPAU_object@@AAT_ULARGE_INTEGER@@@Z
?PyWinSequence_Tuple@@YAPAU_object@@PAU1@PAK@Z
?PyWinThreadState_Clear@@YAXXZ
?PyWinThreadState_Ensure@@YAHXZ
?PyWinThreadState_Free@@YAXXZ
?PyWinTimeObject_Fromtime_t@@YAPAU_object@@_J@Z
?PyWinTime_Check@@YAHPAU_object@@@Z
?PyWin_AcquireGlobalLock@@YAXXZ
?PyWin_CopyString@@YAPADPBD@Z
?PyWin_CopyString@@YAPA_WPB_W@Z
?PyWin_GetErrorMessageModule@@YAPAUHINSTANCE__@@K@Z
?PyWin_InterpreterState@@3PAU_is@@A
?PyWin_MakePendingCalls@@YAXXZ
?PyWin_NewUnicode@@YAPAU_object@@PAU1@0@Z
?PyWin_RegisterErrorMessageModule@@YAHKKPAUHINSTANCE__@@@Z
?PyWin_ReleaseGlobalLock@@YAXXZ
?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z
?PyWin_SetBasicCOMError@@YAPAU_object@@J@Z
?SetACL@PyACL@@QAEHPAU_ACL@@@Z
?SetBstr@PyWin_AutoFreeBstr@@QAEXPA_W@Z
?SetSD@PySECURITY_DESCRIPTOR@@QAEHPAX@Z
?SetSecurityDescriptorControl@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?SetSecurityDescriptorDacl@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?SetSecurityDescriptorGroup@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?SetSecurityDescriptorOwner@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?SetSecurityDescriptorSacl@PySECURITY_DESCRIPTOR@@SAPAU_object@@PAU2@0@Z
?SetSubAuthority@PySID@@SAPAU_object@@PAU2@0@Z
?_MakeAbsoluteSD@@YAHPAXPAPAX@Z
?asLong@PyTime@@QAEJXZ
?asStr@PyHANDLE@@QAEPAU_object@@XZ
?binaryFailureFunc@PyHANDLE@@SAPAU_object@@PAU2@0@Z
?binaryFailureFunc@PyTime@@SAPAU_object@@PAU2@0@Z
?compare@PyTime@@QAEHPAU_object@@@Z
?compareFunc@PyTime@@SAHPAU_object@@0@Z
?deallocFunc@PyACL@@SAXPAU_object@@@Z
?deallocFunc@PyDEVMODEA@@SAXPAU_object@@@Z
?deallocFunc@PyDEVMODEW@@SAXPAU_object@@@Z
?deallocFunc@PyHANDLE@@SAXPAU_object@@@Z
?deallocFunc@PyIID@@SAXPAU_object@@@Z
?deallocFunc@PyOVERLAPPED@@SAXPAU_object@@@Z
?deallocFunc@PySECURITY_ATTRIBUTES@@SAXPAU_object@@@Z
?deallocFunc@PySECURITY_DESCRIPTOR@@SAXPAU_object@@@Z
?deallocFunc@PySID@@SAXPAU_object@@@Z
?deallocFunc@PyTime@@SAXPAU_object@@@Z
?deallocFunc@PyWAVEFORMATEX@@SAXPAU_object@@@Z
?floatFunc@PyTime@@SAPAU_object@@PAU2@@Z
?get_DeviceName@PyDEVMODEA@@SAPAU_object@@PAU2@PAX@Z
?get_DeviceName@PyDEVMODEW@@SAPAU_object@@PAU2@PAX@Z
?get_DriverData@PyDEVMODEA@@SAPAU_object@@PAU2@PAX@Z
?get_DriverData@PyDEVMODEW@@SAPAU_object@@PAU2@PAX@Z
?get_FormName@PyDEVMODEA@@SAPAU_object@@PAU2@PAX@Z
?get_FormName@PyDEVMODEW@@SAPAU_object@@PAU2@PAX@Z
?get_handle@PyHANDLE@@SAPAU_object@@PAU2@PAX@Z
?getattro@PyOVERLAPPED@@SAPAU_object@@PAU2@0@Z
?getattro@PySECURITY_ATTRIBUTES@@SAPAU_object@@PAU2@0@Z
?getattro@PyTime@@SAPAU_object@@PAU2@0@Z
?getreadbuf@PySECURITY_DESCRIPTOR@@SAHPAU_object@@HPAPAX@Z
?getreadbuf@PySID@@SAHPAU_object@@HPAPAX@Z
?getsegcount@PySECURITY_DESCRIPTOR@@SAHPAU_object@@PAH@Z
?getsegcount@PySID@@SAHPAU_object@@PAH@Z
?getset@PyDEVMODEA@@2PAUPyGetSetDef@@A
?getset@PyDEVMODEW@@2PAUPyGetSetDef@@A
?getset@PyHANDLE@@2PAUPyGetSetDef@@A
?hash@PyHANDLE@@QAEJXZ
?hash@PyIID@@QAEJXZ
?hash@PyTime@@QAEJXZ
?hashFunc@PyHANDLE@@SAJPAU_object@@@Z
?hashFunc@PyIID@@SAJPAU_object@@@Z
?hashFunc@PyOVERLAPPED@@SAJPAU_object@@@Z
?hashFunc@PyTime@@SAJPAU_object@@@Z
?intFunc@PyHANDLE@@SAPAU_object@@PAU2@@Z
?intFunc@PyTime@@SAPAU_object@@PAU2@@Z
?longFunc@PyHANDLE@@SAPAU_object@@PAU2@@Z
?members@PyDEVMODEA@@2PAUPyMemberDef@@A
?members@PyDEVMODEW@@2PAUPyMemberDef@@A
?members@PyOVERLAPPED@@2PAUPyMemberDef@@A
?members@PySECURITY_ATTRIBUTES@@2PAUPyMemberDef@@A
?members@PyWAVEFORMATEX@@2PAUPyMemberDef@@A
?methods@PyACL@@2PAUPyMethodDef@@A
?methods@PyDEVMODEA@@2PAUPyMethodDef@@A
?methods@PyDEVMODEW@@2PAUPyMethodDef@@A
?methods@PyHANDLE@@2PAUPyMethodDef@@A
?methods@PySECURITY_ATTRIBUTES@@2PAUPyMethodDef@@A
?methods@PySECURITY_DESCRIPTOR@@2PAUPyMethodDef@@A
?methods@PySID@@2PAUPyMethodDef@@A
?methods@PyTime@@2PAUPyMethodDef@@A
?modify_in_place@PyDEVMODEA@@QAEXXZ
?modify_in_place@PyDEVMODEW@@QAEXXZ
?nonzeroFunc@PyHANDLE@@SAHPAU_object@@@Z
?nonzeroFunc@PyTime@@SAHPAU_object@@@Z
?print@PyHANDLE@@QAEHPAU_iobuf@@H@Z
?printFunc@PyHANDLE@@SAHPAU_object@@PAU_iobuf@@H@Z
?repr@PyIID@@QAEPAU_object@@XZ
?repr@PyTime@@QAEPAU_object@@XZ
?reprFunc@PyIID@@SAPAU_object@@PAU2@@Z
?reprFunc@PyTime@@SAPAU_object@@PAU2@@Z
?richcompare@PyHANDLE@@QAEPAU_object@@PAU2@H@Z
?richcompare@PyIID@@QAEPAU_object@@PAU2@H@Z
?richcompare@PySID@@QAEPAU_object@@PAU2@H@Z
?richcompare@PyTime@@QAEPAU_object@@PAU2@H@Z
?richcompareFunc@PyHANDLE@@SAPAU_object@@PAU2@0H@Z
?richcompareFunc@PyIID@@SAPAU_object@@PAU2@0H@Z
?richcompareFunc@PyOVERLAPPED@@SAPAU_object@@PAU2@0H@Z
?richcompareFunc@PySID@@SAPAU_object@@PAU2@0H@Z
?richcompareFunc@PyTime@@SAPAU_object@@PAU2@0H@Z
?set_DeviceName@PyDEVMODEA@@SAHPAU_object@@0PAX@Z
?set_DeviceName@PyDEVMODEW@@SAHPAU_object@@0PAX@Z
?set_DriverData@PyDEVMODEA@@SAHPAU_object@@0PAX@Z
?set_DriverData@PyDEVMODEW@@SAHPAU_object@@0PAX@Z
?set_FormName@PyDEVMODEA@@SAHPAU_object@@0PAX@Z
?set_FormName@PyDEVMODEW@@SAHPAU_object@@0PAX@Z
?setattro@PyOVERLAPPED@@SAHPAU_object@@00@Z
?setattro@PySECURITY_ATTRIBUTES@@SAHPAU_object@@00@Z
?str@PyIID@@QAEPAU_object@@XZ
?str@PyTime@@QAEPAU_object@@XZ
?strFunc@PyHANDLE@@SAPAU_object@@PAU2@@Z
?strFunc@PyIID@@SAPAU_object@@PAU2@@Z
?strFunc@PySID@@SAPAU_object@@PAU2@@Z
?strFunc@PyTime@@SAPAU_object@@PAU2@@Z
?ternaryFailureFunc@PyHANDLE@@SAPAU_object@@PAU2@00@Z
?ternaryFailureFunc@PyTime@@SAPAU_object@@PAU2@00@Z
?tp_new@PyDEVMODEA@@SAPAU_object@@PAU_typeobject@@PAU2@1@Z
?tp_new@PyDEVMODEW@@SAPAU_object@@PAU_typeobject@@PAU2@1@Z
?unaryFailureFunc@PyHANDLE@@SAPAU_object@@PAU2@@Z
?unaryFailureFunc@PyTime@@SAPAU_object@@PAU2@@Z
_DllMain@12
initpywintypes

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 100KB

UPX1 Size: 30KB - Virtual size: 32KB

.rsrc Size: 20KB - Virtual size: 20KB

UPX0
Size: - Virtual size: 100KB

UPX1
Size: 30KB - Virtual size: 32KB

.rsrc
Size: 20KB - Virtual size: 20KB