dot64[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dot64.rar
Size

251KB
MD5

f07c06fda2a6e1299a472f79fb070a2f
SHA1

f3c3f9be3812f5aa6ca29ba6faf1fd48fba2f103
SHA256

0c669f2cda483f61059bcf26a8f9dcc5abd57f749cfa609709eb4ca902611831
SHA512

9533a1de124dd140926ee66f134410ac61515310fcb6596e995bc3cd8964b2666fae408a48f5068ffb054b9a190fb24426bb96ac9e8a8845cb0bf087afddd598
SSDEEP

6144:Z+kL3j5gVG61BJP1InDlMFsA9ZCfnmRxyyuj:ZXT52GybynDlMOAzqn6u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dot64/dot64.exe

Files

dot64.rar
.rar
dot64/assets/asm.png
.png
dot64/dot64.exe
.exe windows:6 windows x64 arch:x64

fb33cbc7f9776ff3852ba30ac658abdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

python312

PyUnicode_DecodeUTF8
_PyWeakref_CallableProxyType
PyList_Sort
_PyGen_FetchStopIterationValue
PyExc_RuntimeError
PyObject_SetAttrString
PyNumber_FloorDivide
PyUnicode_Concat
PyExc_UnboundLocalError
_PyErr_WriteUnraisableMsg
_PyImport_FixupExtensionObject
Py_BuildValue
PyLong_FromUnsignedLongLong
PyComplex_FromDoubles
PyObject_GetAttr
PyModule_GetName
PyUnicode_FromOrdinal
PyBytes_FromString
PyModule_GetDef
_PyObject_GC_Resize
PyTuple_New
PyLong_FromString
_Py_EllipsisObject
_PyFunction_Vectorcall
PyDict_SetItemString
PyLong_FromLongLong
PyFrame_Type
PyFloat_FromDouble
PySet_Add
PyExc_AttributeError
PyUnicode_New
PyObject_LengthHint
PyUnicode_FromWideChar
_PyWeakref_ClearRef
PyMarshal_ReadObjectFromString
PyObject_CallFunction
PyIter_Next
PyObject_GetIter
PyNumber_Add
PyIter_Send
PyUnicode_InternInPlace
PyNumber_InPlaceLshift
PyMapping_Size
PyDict_Type
PyObject_RichCompare
PyBool_Type
PyTuple_Type
PyCoro_Type
PyNumber_InPlaceAdd
PyFloat_Type
PyModule_NewObject
PyMethod_Type
PyLong_Type
PyNumber_Subtract
PyExc_OverflowError
PyImport_GetModuleDict
PyModule_GetDict
PyObject_Free
PyImport_ImportFrozenModule
PyErr_ExceptionMatches
PyUnicode_FindChar
PyObject_GC_Del
PyObject_CallFunctionObjArgs
PyLong_FromUnicodeObject
PyDescr_IsData
PyObject_ClearWeakRefs
PyObject_Init
PyCode_Type
PyUnicode_AsUTF8
PyUnicode_AsWideCharString
PyUnicode_FromFormat
PyNumber_InPlaceMultiply
PyErr_BadArgument
PySet_New
PyList_New
PyImport_ExecCodeModuleEx
PyType_Ready
PyModule_FromDefAndSpec2
PyObject_GetAttrString
Py_CompileStringExFlags
PyList_Append
PyBytes_Type
PyObject_RichCompareBool
PySet_Type
_PyLong_New
PyObject_GenericSetAttr
PyDict_New
PyObject_IsInstance
_PyDict_MaybeUntrack
PyFrozenSet_New
PyByteArray_FromStringAndSize
PyModule_ExecDef
PyCMethod_New
PyNumber_Negative
_PyGen_SetStopIterationValue
_PySet_NextEntry
PyErr_NoMemory
PyObject_Realloc
PyDict_GetItemString
PyEllipsis_Type
PyDict_GetItem
PyImport_FrozenModules
PyComplex_Type
PyBytes_FromStringAndSize
_Py_NotImplementedStruct
PyDict_DelItem
PyUnstable_Code_NewWithPosOnlyArgs
PyExc_StopAsyncIteration
PyArg_ParseTupleAndKeywords
PyImport_ExecCodeModule
_PyWeakref_ProxyType
_PyObject_New
PyMem_Realloc
PyObject_Str
PyExc_NameError
PyTuple_Pack
_PyByteArray_empty_string
PyCallable_Check
PyMem_Malloc
PyFrame_GetBack
_PyErr_NormalizeException
PyModuleDef_Type
PyExc_ImportError
PyGen_Type
PyObject_CallMethodObjArgs
PyArg_UnpackTuple
_PyWeakref_RefType
PyList_SetItem
PyAsyncGen_Type
PyErr_Print
PyTraceBack_Type
_PyTuple_MaybeUntrack
PyRange_Type
Py_GenericAliasType
_PyLong_Copy
_PyType_Lookup
PyObject_Call
PyObject_Repr
PyByteArray_Type
PyArg_ParseTuple
PySys_WriteStderr
PyUnicode_Substring
PyEval_RestoreThread
PyUnicode_FromStringAndSize
PyEval_GetFuncName
PyObject_SelfIter
PyImport_ImportModule
PySlice_Type
_PyArg_NoKeywords
PyFunction_Type
PyErr_WarnEx
PyOS_snprintf
PyCFunction_Type
PyObject_SetAttr
PyMem_Calloc
PyBaseObject_Type
PyExc_ImportWarning
PyNumber_InPlaceOr
PySequence_List
PyByteArray_FromObject
PyFrozenSet_Type
PyModule_GetFilenameObject
_PyAsyncGenWrappedValue_Type
Py_FrozenFlag
Py_IgnoreEnvironmentFlag
Py_InspectFlag
Py_InteractiveFlag
Py_UTF8Mode
PyDict_DelItemString
PyStructSequence_SetItem
Py_OptimizeFlag
Py_InitializeFromConfig
_PyRuntime_Initialize
PySys_SetArgv
_PyRuntime
Py_VerboseFlag
_PyConfig_InitCompatConfig
Py_BytesWarningFlag
PyObject_CallMethod
PyLong_AsLong
Py_DebugFlag
Py_DontWriteBytecodeFlag
PyStatus_Exception
Py_SetProgramName
Py_NoUserSiteDirectory
Py_NoSiteFlag
PyConfig_SetArgv
Py_SetPythonHome
_PyWarnings_Init
Py_ExitStatusException
Py_GetPath
PySequence_Tuple
PyType_Type
PyEval_AcquireThread
_PyThreadState_GetCurrent
PyExc_GeneratorExit
PyObject_SetItem
PyException_GetContext
PyExc_SystemError
_Py_TrueStruct
PyExc_IndexError
PyModule_Type
PyExc_TypeError
PyObject_IsSubclass
PyNumber_AsSsize_t
PyObject_GetItem
PyList_Type
PyExc_StopIteration
PyException_SetContext
PyUnicode_Type
PySequence_Check
PyDict_SetItem
_Py_Dealloc
PyUnicode_Join
PyType_IsSubtype
PySeqIter_Type
PyExc_BaseException
PyErr_Format
PyExc_ValueError
PyErr_WriteUnraisable
PyExc_SystemExit
PySequence_Contains
_Py_NoneStruct
PyEval_SaveThread
PyLong_FromSsize_t
PyExc_KeyError
PyErr_PrintEx
PyObject_Malloc
Py_Exit
PyExc_Exception
PyThreadState_Get
Py_MakePendingCalls
_PyDict_NewPresized
Py_GenericAlias
PyUnicode_FromString
PyCapsule_New
PySys_SetObject
_Py_FalseStruct
PyStructSequence_New
PySys_GetObject
PyStructSequence_InitType
PyLong_FromLong

kernel32

WriteConsoleW
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
GetFileType
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetStdHandle
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
RtlPcToFileHeader
RaiseException
EncodePointer
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExW
FormatMessageA
GetSystemTimeAsFileTime
WideCharToMultiByte
GetCurrentProcessId
GetProcAddress
LoadResource
CloseHandle
LockResource
GetLastError
GetModuleHandleA
CreateFileW
FindResourceA
GetEnvironmentVariableW
SetErrorMode
SetEnvironmentVariableW
GetModuleFileNameW
GetShortPathNameW
WriteFile
SetStdHandle

Sections

.text
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dot64/dot64.pyw
dot64/run.bat
.bat .vbs
dot64/settings.json
dot64/setup.bat
dot64/tutorial.txt

Sharing

General

Malware Config

Signatures

Files

fb33cbc7f9776ff3852ba30ac658abdb

Headers

DLL Characteristics

File Characteristics

Imports

python312

kernel32

Sections

.text Size: 486KB - Virtual size: 485KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 15KB - Virtual size: 26KB

.pdata Size: 15KB - Virtual size: 14KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 486KB - Virtual size: 485KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 15KB - Virtual size: 26KB

.pdata
Size: 15KB - Virtual size: 14KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 2KB - Virtual size: 2KB