4d9623d66796bfa0dc0c729652356e60addb4422a5904120e05995f5ecc50230[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4d9623d66796bfa0dc0c729652356e60addb4422a5904120e05995f5ecc50230.exe
Size

2.0MB
MD5

6cf545f7dce60a2683ec889d45d6d910
SHA1

fc44f3c4e4b43276bcf8cdc0e5a0a2964220b410
SHA256

4d9623d66796bfa0dc0c729652356e60addb4422a5904120e05995f5ecc50230
SHA512

5827f9d5e8b7bda926e707718644c7ae9f66e0a7dbd9afc97e3cbec90c80d1541080b6d0360a82fe2f4108ccfe5a08b19be3d4afa1b77a5fb3ffe2dae73afcef
SSDEEP

24576:c+ncMkyfXaj+dYUh6K0j3tGyRpFDTNvw989m5qesyTVbMT4kHlyh9W3:ZcmXgqwtGJebIVbMTBmW3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d9623d66796bfa0dc0c729652356e60addb4422a5904120e05995f5ecc50230.exe

Files

4d9623d66796bfa0dc0c729652356e60addb4422a5904120e05995f5ecc50230.exe
.dll windows:5 windows x86 arch:x86

91e20f01f5b1376f415c69d306036006

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

getsockname
bind
listen
WSAStartup
socket
ioctlsocket
connect
__WSAFDIsSet
getsockopt
recv
send
select
closesocket
WSASetLastError
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr

python34

PySequence_Check
PySet_Add
PyObject_Dir
PyNumber_Or
PySet_Clear
PyUnicode_Split
PyObject_DelItem
PyErr_Fetch
PyExc_NotImplementedError
_PyUnicode_Ready
PyLong_AsLong
PyLong_AsUnsignedLong
PySlice_GetIndicesEx
PyTuple_GetSlice
PyNumber_Multiply
PyErr_SetFromErrno
PyCFunction_Type
PySet_Type
PyList_Sort
PyUnicode_AsASCIIString
PyUnicode_Concat
PyFloat_AsDouble
PyFloat_Type
PyNumber_Check
PyBool_Type
PyFloat_FromDouble
PyList_Reverse
PyType_Modified
PyCFunction_NewEx
PyWrapperDescr_Type
PyDict_GetItemString
PyImport_GetModuleDict
PyModule_Create2
PyDict_Copy
PyObject_HasAttr
PyObject_Size
PyThread_allocate_lock
PyGILState_Ensure
PyGILState_Release
PyUnicode_AsEncodedString
PySet_New
PyDict_Clear
PyDict_DelItem
PyDict_Type
PyObject_Hash
PySlice_Type
PyBytes_FromString
PyBytes_FromFormat
PyThreadState_GetDict
PySequence_Tuple
PyObject_Repr
PyUnicode_Join
PyUnicode_DecodeASCII
PyObject_RichCompare
PyErr_Restore
PyUnicode_DecodeLatin1
PyUnicode_AsUTF8String
PyBytes_Type
_PyEval_SliceIndex
PyUnicode_DecodeUTF8
PyUnicode_Format
PyErr_NoMemory
Py_OptimizeFlag
PyExc_AssertionError
PyNumber_Add
PyNumber_InPlaceAdd
PyList_AsTuple
PyLong_FromSize_t
PyLong_Type
PyLong_AsSsize_t
PyNumber_Index
PyNumber_Long
PyObject_IsTrue
PyByteArray_Type
PyBytes_AsStringAndSize
_PyByteArray_empty_string
PyBytes_FromStringAndSize
PyFrame_New
PyTraceBack_Here
PyMem_Malloc
PyMem_Realloc
PyModule_AddObject
PyDict_SetItemString
PyOS_snprintf
Py_GetVersion
PyErr_WarnEx
PyObject_GenericGetAttr
PyObject_SelfIter
PyArg_UnpackTuple
PyExc_GeneratorExit
_PyObject_CallFunction_SizeT
PyObject_IsInstance
PyUnicode_FromStringAndSize
PyModule_GetDict
PyImport_ImportModuleLevelObject
PyLong_FromLong
PyImport_Import
PyCFunction_Call
PyUnicode_FromFormat
PyMethod_New
PyInstanceMethod_New
PyObject_ClearWeakRefs
PyObject_GC_Del
_PyObject_GC_New
PyDict_New
PyUnicode_InternFromString
PyImport_AddModule
PyObject_GetAttrString
PyType_Ready
PyObject_SetAttrString
PyType_Type
PyExc_ImportError
PyCapsule_New
PyDict_Size
PyExc_RuntimeError
PyIter_Next
PyObject_GetIter
PyExc_UnboundLocalError
_PyObject_NextNotImplemented
PyErr_SetNone
PyList_New
PyTuple_Type
PyObject_GetItem
PyDict_GetItem
PyList_Type
PyExc_OverflowError
PyErr_ExceptionMatches
PyErr_Clear
PyObject_SetItem
PyType_IsSubtype
PyUnicode_FromUnicode
PyUnicode_Decode
PyErr_PrintEx
PyUnicode_FromString
PyErr_WriteUnraisable
PyErr_NormalizeException
PyException_SetTraceback
PyExc_StopIteration
PyErr_GivenExceptionMatches
PyExc_ValueError
_Py_CheckRecursionLimit
_Py_CheckRecursiveCall
PyExc_SystemError
PyErr_SetString
PyTraceBack_Type
PyObject_IsSubclass
PyTuple_New
PyObject_Call
PyObject_CallObject
PyException_SetCause
_PyThreadState_Current
PyDict_Next
PyUnicode_AsUnicode
PyUnicode_Compare
PyDict_SetItem
PyExc_TypeError
PyExc_NameError
PyErr_Format
PySlice_New
PyCode_New
PyUnicode_Type
PyLong_FromSsize_t
PyObject_GC_Track
PyObject_CallFinalizerFromDealloc
PyBaseObject_Type
PyObject_GC_UnTrack
PyEval_SaveThread
PyEval_RestoreThread
_Py_TrueStruct
PyThread_release_lock
PyThread_free_lock
PyMem_Free
_Py_NoneStruct
_Py_FalseStruct
_PyType_Lookup
PyExc_AttributeError
PyDict_GetItemWithError
PyErr_Occurred
PyTuple_Pack
PyExc_KeyError
PyErr_SetObject
PyDict_Contains
PySequence_Contains
PyList_Append
PyObject_SetAttr
PyObject_GetAttr
PyThread_acquire_lock

msvcr100

fopen
_read
_write
_close
_dup
_getcwd
_CIcos
_CIsin
_CIlog
_CIsqrt
rand
_CIpow
floor
_CIfmod
_snprintf
sscanf
fprintf
__iob_func
vfprintf
_mkdir
fclose
strncmp
malloc
sprintf
memcpy
_open
realloc
free
strchr
memset
_stat64i32
_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_vsnprintf
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
strerror
wcstombs
_lseeki64
_strnicmp
atoi
_stricmp
printf
strtol
strcat_s
sprintf_s
strtoul
strncpy_s
calloc
strcpy_s
fputc
_beginthread
_endthread
getenv
_CIlog10
_fpclass
_isnan
exit
strncpy
fflush
ferror
_wstat64i32
strstr
_wopen
_wfopen
memchr
_errno
toupper
fwrite
memmove
_time64
_localtime64
_gmtime64
_CIexp
_CIatan2
_CIatan
_CIacos
_CIasin
_CItan
fread

advapi32

CryptAcquireContextA
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptDecrypt
CryptGetHashParam

kernel32

GetModuleHandleA
GetFileAttributesA
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
CompareStringW
GetLocaleInfoA
EnumSystemLocalesA
LocalFree
FormatMessageA
GetLastError
GetVersionExA
CreateMutexA
CloseHandle
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
DisableThreadLibraryCalls
InterlockedExchange
DecodePointer
EncodePointer
IsValidCodePage
GetCPInfo
WideCharToMultiByte
InterlockedCompareExchange
GetACP
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
IsDBCSLeadByteEx
GetModuleFileNameA
TlsGetValue
GetCurrentProcess
GetCurrentThread
DuplicateHandle
TlsSetValue
InterlockedIncrement
TlsAlloc
Sleep
GetCurrentThreadId

Exports

Exports

PyInit_etree

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 245KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91e20f01f5b1376f415c69d306036006

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

python34

msvcr100

advapi32

kernel32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 245KB - Virtual size: 259KB

.reloc Size: 109KB - Virtual size: 108KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 245KB - Virtual size: 259KB

.reloc
Size: 109KB - Virtual size: 108KB