c39fb388bee48e8c1e1225ced51d368bbbe353e2fe8576c0c5e21e006f5dfc76

Sharing

Copy URL Twitter E-mail

General

Target

c39fb388bee48e8c1e1225ced51d368bbbe353e2fe8576c0c5e21e006f5dfc76
Size

216KB
MD5

92308186598da39bc23a261fbb2f670a
SHA1

aeb6932df4bedeadb61b8e581642a24f461959ba
SHA256

c39fb388bee48e8c1e1225ced51d368bbbe353e2fe8576c0c5e21e006f5dfc76
SHA512

ab60b5e48a632b9716cc675014dd21e57b7e6b80df2c0b5ef9c48a9ca3ad9f395e02c1c93e065bce7dd43de200dadeafc1bf6a59a1ca427091e8d3bd1dc4588b
SSDEEP

6144:/MOd2kfIiwAkpvMBRQeBMtr63y8uX4NoFhe01fdSwr+:/MOd2kfIiwAkpvaV3uX4NoFha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c39fb388bee48e8c1e1225ced51d368bbbe353e2fe8576c0c5e21e006f5dfc76

Files

c39fb388bee48e8c1e1225ced51d368bbbe353e2fe8576c0c5e21e006f5dfc76
.dll windows:6 windows x86 arch:x86

336af5ad0ef8f67b95ed94505a240b86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\dulwich\dulwich\target\i686-pc-windows-msvc\release\deps\diff_tree_py.pdb

Imports

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
UnhandledExceptionFilter
GetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
ReleaseMutex
RtlCaptureContext
GetStdHandle
GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapFree
AcquireSRWLockExclusive
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetProcessHeap
HeapAlloc
WaitForSingleObject
GetConsoleMode
GetLastError
GetModuleHandleW
FormatMessageW
MultiByteToWideChar
WriteConsoleW
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
CloseHandle
GetProcAddress
GetModuleHandleA
Sleep
TlsSetValue
ReleaseSRWLockShared
TlsGetValue
IsProcessorFeaturePresent

ntdll

RtlNtStatusToDosError
NtWriteFile

python310

PyImport_Import
PyObject_VectorcallMethod
PyLong_FromUnsignedLongLong
PySequence_Check
PySequence_Size
PyUnicode_FromStringAndSize
PyExc_ValueError
PyBytes_AsString
PyBytes_Size
PyBytes_FromStringAndSize
PyUnicode_AsUTF8AndSize
PyObject_GetIter
PyIter_Next
PyUnicode_InternInPlace
PyException_GetCause
PyErr_Restore
PyErr_WriteUnraisable
Py_IsInitialized
PyGILState_Ensure
PyGILState_Release
PyException_SetCause
PyObject_GetItem
_Py_NoneStruct
PyModule_GetNameObject
PyCMethod_New
PyExc_ImportError
PyException_GetTraceback
PyErr_NormalizeException
PyErr_SetString
PyErr_Fetch
PyErr_SetObject
PyInterpreterState_Get
PyInterpreterState_GetID
PyLong_FromLongLong
PyObject_Str
PyObject_Repr
PyObject_Hash
PyExc_AttributeError
PyErr_GivenExceptionMatches
PyObject_GetAttr
PyObject_SetAttr
PyObject_Call
PyTuple_New
PyLong_AsLong
PyExc_OverflowError
PyNumber_Index
PyLong_AsUnsignedLongLong
PyExc_UnicodeDecodeError
PyException_SetTraceback
PyErr_PrintEx
PyErr_NewExceptionWithDoc
PyErr_Print
PyUnicode_AsEncodedString
PyExc_BaseException
PyModule_Create2
PyList_Append
_Py_Dealloc
PyExc_TypeError
PyExc_SystemError
PyList_New
_Py_FalseStruct
_Py_TrueStruct

vcruntime140

memcpy
memcmp
__CxxFrameHandler3
_except_handler4_common
memset
_CxxThrowException
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit
_initterm_e

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

PyInit__diff_tree

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

336af5ad0ef8f67b95ed94505a240b86

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

python310

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 165KB - Virtual size: 165KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB