4cf41239e5522915df63112aeb672d1fcdf2e2ebb79d1e84fa60a3e4731ea8ac

Sharing

Copy URL Twitter E-mail

General

Target

4cf41239e5522915df63112aeb672d1fcdf2e2ebb79d1e84fa60a3e4731ea8ac
Size

6.6MB
MD5

b2fef87d2dcee1841dd0226cbeee92c4
SHA1

f7b7c167c51137360bd2fc8d639e03699f24c5dc
SHA256

4cf41239e5522915df63112aeb672d1fcdf2e2ebb79d1e84fa60a3e4731ea8ac
SHA512

faf8b0b5ed8ce48a80c2e8461e6a864e53b84afed1a644121755c95823359746fe4475d62f70542ee8c232be0b4a44e11163971df975660f39931177593fabff
SSDEEP

49152:vcc6rOu7T0N08AjrrBwYqun7I2trD/HBKgZe0Ah8e33HUhsXF0giLvcZvEM7jSLt:1rOqZ73hWT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cf41239e5522915df63112aeb672d1fcdf2e2ebb79d1e84fa60a3e4731ea8ac

Files

4cf41239e5522915df63112aeb672d1fcdf2e2ebb79d1e84fa60a3e4731ea8ac
.dll windows:6 windows x64 arch:x64

975d577cd43f4c7e85644101ef79a99c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python37

PyExc_NotImplementedError
PyExc_OverflowError
PyErr_GivenExceptionMatches
PyExc_IndexError
PyLong_Type
PyLong_AsSsize_t
PyNumber_Index
PyObject_SetItem
PyTraceBack_Type
PyObject_IsSubclass
PyObject_CallObject
PyException_SetCause
PyErr_SetObject
_PyDict_GetItem_KnownHash
PyDict_Next
PyUnicode_AsUnicode
PyUnicode_Compare
PyObject_IsTrue
PyUnicode_Format
PyUnicode_Type
PyNumber_Remainder
PyObject_RichCompare
PyExc_ZeroDivisionError
_PyUnicode_Ready
PyEval_EvalCodeEx
PyEval_EvalFrameEx
PyObject_RichCompareBool
PyNumber_InPlaceAdd
PyErr_NormalizeException
PyException_SetTraceback
PyLong_AsLong
PyGILState_Ensure
PyGILState_Release
PyExc_DeprecationWarning
PyErr_WarnFormat
PyUnicode_DecodeASCII
PyUnicode_FromUnicode
PyErr_PrintEx
PyErr_WriteUnraisable
PyBuffer_Release
PyLong_FromSsize_t
PyObject_Size
PySlice_Type
PyList_AsTuple
PyExc_ValueError
Py_OptimizeFlag
PyExc_AssertionError
PyErr_SetNone
PyLong_FromLongLong
PyFloat_Type
_PyList_Extend
PyExc_UnboundLocalError
PyNumber_InPlaceMultiply
Py_FatalError
PyThread_acquire_lock
PyThread_release_lock
PyNumber_Multiply
PyObject_GetBuffer
PyObject_GC_Track
PyModule_GetName
PyCapsule_IsValid
PyCapsule_GetName
PyCapsule_GetPointer
_PyObject_GC_New
PyFloat_AsDouble
PyEval_SaveThread
PyEval_RestoreThread
PyDict_Contains
PyDict_GetItemWithError
PyExc_KeyError
PyByteArray_Type
PyType_IsSubtype
_PyByteArray_empty_string
PyDict_Type
PyIter_Next
PyType_Type
PyMethodDescr_Type
_PyObject_GetDictPtr
PyExc_BufferError
PyObject_Not
PyMem_Realloc
PyErr_Restore
PyErr_Fetch
PyObject_CallFinalizerFromDealloc
PyBytes_Type
PyNumber_Add
PySequence_Tuple
PyCFunction_Type
PyFunction_Type
PyMethod_Type
PyBytes_FromString
PyMem_Free
PyMem_Malloc
PyExc_StopIteration
PyObject_GetIter
PyTuple_Type
PyList_Type
PyDict_DelItem
PyBaseObject_Type
_PyType_Lookup
PyExc_NameError
PyObject_Hash
PyUnicode_Decode
PyObject_Str
PyObject_GetAttr
PyObject_GetItem
PyUnicode_Join
PyList_Append
PyObject_IsInstance
PyUnicode_InternFromString
PyUnicode_FromString
PyDict_Size
PyObject_GC_Del
PyObject_ClearWeakRefs
PyMethod_New
PyObject_Free
PyTuple_GetItem
PyTuple_GetSlice
PyUnicode_FromFormat
PyObject_GC_UnTrack
PyErr_Format
PyExc_TypeError
PyTraceBack_Here
PyFrame_New
_PyThreadState_UncheckedGet
PyExc_SystemError
_Py_CheckRecursiveCall
_Py_CheckRecursionLimit
PyObject_Call
PyCapsule_New
_Py_FalseStruct
_Py_TrueStruct
PyErr_NoMemory
PyObject_Malloc
PyImport_ImportModuleLevelObject
PyList_New
PyImport_ImportModule
PyObject_GenericGetAttr
PyType_Ready
PyCode_New
PySlice_New
PyTuple_Pack
PyLong_FromLong
PyErr_WarnEx
Py_GetVersion
PyOS_snprintf
PyErr_Clear
PyErr_ExceptionMatches
PyExc_AttributeError
PyInterpreterState_GetID
PyThreadState_Get
PyExc_ImportError
PyErr_Occurred
PyThread_allocate_lock
PyType_Modified
PyCFunction_NewEx
PyDict_New
_Py_NoneStruct
PyFloat_FromDouble
PyDict_SetItem
PyDict_SetItemString
PyDict_GetItemString
PyImport_GetModuleDict
PyObject_SetAttr
PyObject_SetAttrString
PyImport_AddModule
PyUnicode_FromStringAndSize
PyBytes_FromStringAndSize
PyTuple_New
PyFrame_Type
PyErr_SetString
PyExc_RuntimeError
PyModule_GetDict
PyModule_NewObject
PyObject_GetAttrString
PyThread_free_lock
PyModuleDef_Init

kernel32

CreateFileW
HeapReAlloc
HeapSize
SetFilePointerEx
RaiseException
SetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringW
CompareStringW
OutputDebugStringW
WriteFile
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
ExitProcess
GetCurrentProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
GetFileType
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
InterlockedFlushSList
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
Sleep
WaitForSingleObject
CreateThread
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable
InitOnceExecuteOnce
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle

Exports

Exports

PyInit_py

Sections

.text
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

975d577cd43f4c7e85644101ef79a99c

Headers

DLL Characteristics

File Characteristics

Imports

python37

kernel32

Exports

Exports

Sections

.text Size: 6.4MB - Virtual size: 6.4MB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 18KB - Virtual size: 65KB

.pdata Size: 62KB - Virtual size: 61KB

.tls Size: 1KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 148B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 6.4MB - Virtual size: 6.4MB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 18KB - Virtual size: 65KB

.pdata
Size: 62KB - Virtual size: 61KB

.tls
Size: 1KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 148B

.reloc
Size: 4KB - Virtual size: 4KB