c56fdaa26c53c20c8610723fa8172f3a1344b372b312f96d2462c1df831c44fc

Sharing

Copy URL Twitter E-mail

General

Target

c56fdaa26c53c20c8610723fa8172f3a1344b372b312f96d2462c1df831c44fc
Size

6.4MB
MD5

69b019a64e002c3a932d11c36183627a
SHA1

22f96a9ec929e9ad2a084ad69dc63c35bf97f0c9
SHA256

c56fdaa26c53c20c8610723fa8172f3a1344b372b312f96d2462c1df831c44fc
SHA512

526131c493592aee41a77baa80b4d1263ad6dad874b1d787b5aa07087b8d983615f6bb937aa1371932d6f7e90f76fab200a5335fec77e73b9a41c02ff415f9d9
SSDEEP

98304:U+pMtmPt8Lc4vzgaU+VNYLRuKr4KVC/3fy0N8T:U+pMtmlb48anYLQKUKVCd8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c56fdaa26c53c20c8610723fa8172f3a1344b372b312f96d2462c1df831c44fc

Files

c56fdaa26c53c20c8610723fa8172f3a1344b372b312f96d2462c1df831c44fc
.dll windows:6 windows x86 arch:x86

946bb17dde60359ebee579a620f7c053

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegGetValueA

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

ws2_32

htons
inet_ntop
ntohs
WSAGetLastError
WSASocketA
closesocket
freeaddrinfo
getaddrinfo
setsockopt
WSAGetOverlappedResult
WSAIoctl
WSARecv
getsockname
WSASend
WSAStartup
bind
WSACleanup
getpeername
listen
htonl
inet_pton
socket
send
connect
recv
shutdown
ioctlsocket
getsockopt

python39

PyDict_DelItem
PyList_New
_PyInterpreterState_GetConfig
PyUnicode_Compare
PyExc_StopAsyncIteration
_Py_NewReference
PyObject_IsSubclass
PyExc_TypeError
PyMem_Realloc
_PyObject_NextNotImplemented
PyObject_IsTrue
PyExc_NameError
PyTuple_Pack
_PyByteArray_empty_string
_PyUnicode_Ready
PyMem_Malloc
PyExc_IndexError
Py_EnterRecursiveCall
PyExc_ImportError
PyGen_Type
_Py_TrueStruct
PyArg_UnpackTuple
PyExc_SystemError
_PyUnicode_FastCopyCharacters
PyExc_AssertionError
PyObject_SetItem
_PyObject_GC_New
PyType_Modified
PyTraceBack_Type
PyMethodDescr_Type
PyExc_GeneratorExit
_PyList_Extend
PyEval_EvalFrameEx
PyUnicode_FromString
PyLong_FromSize_t
_PyType_Lookup
PyUnicode_Format
PyObject_Size
PyObject_Call
PyByteArray_Type
PyType_Type
PySequence_Tuple
PyEval_RestoreThread
PySet_Discard
PyUnicode_FromStringAndSize
_PyObject_GetDictPtr
PyObject_CallObject
PySet_New
PyUnicode_FromFormat
PyUnicode_AsUTF8
PyObject_Not
PyObject_ClearWeakRefs
PyLong_AsLong
PyObject_CallFunctionObjArgs
PyErr_Fetch
PyObject_GC_Del
PyModule_AddObject
PyCapsule_GetPointer
_PyErr_FormatFromCause
PyErr_ExceptionMatches
PyObject_Free
PySequence_GetSlice
PyObject_Format
PyModule_GetDict
PyImport_GetModuleDict
PyTuple_GetItem
_Py_Dealloc
PyExc_OverflowError
PyErr_Restore
PyNumber_Subtract
PyType_IsSubtype
PyLong_Type
PyMethod_Type
PyModule_NewObject
PyFloat_Type
PyNumber_InPlaceAdd
PyCoro_Type
_Py_FalseStruct
PyTuple_Type
PyObject_RichCompare
PyDict_Type
PyObject_GetItem
PyDict_Next
PyLong_FromUnsignedLong
PyExc_ValueError
PyEval_EvalCodeEx
PyErr_WarnFormat
PyNumber_Add
PyObject_GetIter
PyErr_WriteUnraisable
PyErr_SetString
PyNumber_Multiply
PySet_Size
PyUnicode_New
PyTuple_GetSlice
PyExc_AttributeError
PyBytes_FromStringAndSize
PyFloat_FromDouble
PyFrame_Type
PyLong_FromLongLong
PyDict_Size
PyDict_SetItemString
PySequence_Contains
PyTuple_New
_Py_NoneStruct
PyBytes_AsStringAndSize
PyGILState_Release
PyRun_StringFlags
PyBytes_FromString
PyFloat_AsDouble
PySet_Clear
PyDict_Contains
PyObject_GetAttr
Py_GetVersion
PyInterpreterState_GetID
PyDict_GetItemWithError
PyErr_SetNone
PyObject_Hash
PyObject_GC_UnTrack
PyLong_FromLong
PyObject_SetAttrString
PyMethod_New
PyExc_RuntimeError
_PyThreadState_UncheckedGet
PyEval_SaveThread
PyTraceBack_Here
PyObject_GenericGetAttr
PyNumber_Remainder
PyUnicode_DecodeUTF8
PyLong_FromSsize_t
PyType_GetFlags
PyErr_Occurred
PyObject_SelfIter
PyErr_NormalizeException
PyImport_ImportModuleLevelObject
PyImport_ImportModule
Py_LeaveRecursiveCall
PyExc_KeyError
_PyDict_SetItem_KnownHash
PyExc_DeprecationWarning
PyLong_AsSsize_t
PyFrame_New
PyUnicode_DecodeLatin1
PyFunction_Type
PyErr_PrintEx
PyExc_RuntimeWarning
PyErr_WarnEx
PyLong_AsUnsignedLong
_PyObject_CallFunction_SizeT
PyErr_GivenExceptionMatches
PyCode_NewEmpty
PyErr_SetObject
PyExc_Exception
PyThreadState_Get
PyOS_snprintf
PyCFunction_Type
PyUnicode_InternFromString
PyObject_SetAttr
PyBaseObject_Type
PyNumber_InPlaceOr
PySequence_List
PyFrozenSet_Type
PyDict_GetItem
PyDict_GetItemString
PyList_Type
_PySet_NextEntry
PyCMethod_New
PyFrozenSet_New
PyExc_StopIteration
PyNumber_Index
PyObject_IsInstance
_PyDict_GetItem_KnownHash
PyObject_CallFinalizerFromDealloc
PyUnicode_Type
PyDict_New
PyDict_SetItem
PySet_Type
_PyObject_GenericGetAttrWithDict
PyCapsule_New
PyException_SetTraceback
PyCode_New
PyLong_AsDouble
PyUnicode_Decode
PyObject_RichCompareBool
PyBytes_Type
PyList_Append
PyErr_Clear
PyNumber_InPlaceAnd
_PyDict_Pop
_PyGen_Send
PyObject_GetAttrString
PyType_Ready
PyImport_AddModule
PyObject_GC_IsFinalized
PyGILState_Ensure
PyObject_GC_Track
PyModuleDef_Init
PySet_Add
PyErr_CheckSignals
PyErr_Format
PySlice_New
PyNumber_Long

kernel32

SetEndOfFile
HeapSize
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileSizeEx
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
FlushFileBuffers
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
HeapFree
HeapAlloc
GetModuleFileNameW
SetFilePointerEx
ReadConsoleW
GetModuleHandleExW
ExitProcess
GetConsoleMode
GetConsoleOutputCP
WriteFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
ReadFile
GetTimeZoneInformation
SetConsoleCtrlHandler
LoadLibraryExW
TlsFree
RaiseException
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
MultiByteToWideChar
DecodePointer
EncodePointer
GetModuleHandleW
GetSystemTimeAsFileTime
InitOnceBeginInitialize
InitOnceComplete
GetLocaleInfoEx
SwitchToThread
WaitForSingleObjectEx
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SleepConditionVariableCS
WakeAllConditionVariable
TlsGetValue
AcquireSRWLockShared
ReleaseSRWLockShared
TlsAlloc
SetLastError
TlsSetValue
InitOnceExecuteOnce
LoadLibraryW
WideCharToMultiByte
FreeLibrary
LoadLibraryExA
SleepConditionVariableSRW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
InitializeSRWLock
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetLogicalProcessorInformation
GetLastError
VirtualAlloc
CreateEventA
CreateThread
SetEvent
WaitForSingleObject
GetEnvironmentVariableA
FindClose
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
FormatMessageA
LocalFree
GetCurrentThreadId
GetCurrentProcessorNumber
GetSystemInfo
CreateIoCompletionPort
CloseHandle
PostQueuedCompletionStatus
GetQueuedCompletionStatus

Exports

Exports

PyInit_cygrpc

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 219KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

946bb17dde60359ebee579a620f7c053

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

ws2_32

python39

kernel32

Exports

Exports

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 219KB - Virtual size: 276KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 295KB - Virtual size: 295KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 219KB - Virtual size: 276KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 295KB - Virtual size: 295KB