f827147c531ae6df68c461dbbbe2752b8f41c5b74630763d43f6f59ee9524ca9

Sharing

Copy URL Twitter E-mail

General

Target

f827147c531ae6df68c461dbbbe2752b8f41c5b74630763d43f6f59ee9524ca9
Size

6.3MB
MD5

641709e36d662df2dd9d9b81438662dd
SHA1

5ffbe745f08aa8b56f261c689ac96d4ecd29f08c
SHA256

f827147c531ae6df68c461dbbbe2752b8f41c5b74630763d43f6f59ee9524ca9
SHA512

c80356f7af8c7c4e6a206e0d09e37586059b6dcba8bde298ea57e3d4407710c38c78694a5b7dbe8321319943142ebc3216e5ebc284c6d012852e7e9dc1f860ca
SSDEEP

49152:pTqg9EFLNoYGM8l2hiQGlvlHUcfaZe55BMkslfaM8w/+BH90o7w/Bxq95jKRkiGf:4KpCBxUT8BYKIBGX2oX+le059

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f827147c531ae6df68c461dbbbe2752b8f41c5b74630763d43f6f59ee9524ca9

Files

f827147c531ae6df68c461dbbbe2752b8f41c5b74630763d43f6f59ee9524ca9
.dll windows:6 windows x64 arch:x64

b571244c23dc398f4925cc6a879608f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WakeConditionVariable
SetHandleInformation
InitializeSRWLock
InitOnceExecuteOnce
TlsAlloc
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
GetProcAddress
GetModuleHandleA
Sleep
ReleaseMutex
GetQueuedCompletionStatusEx
WaitForSingleObjectEx
CreateMutexA
GetCurrentProcessId
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentDirectoryW
HeapAlloc
GetProcessHeap
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
TryAcquireSRWLockExclusive
QueryPerformanceCounter
SetThreadStackGuarantee
CreateThread
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
GetEnvironmentVariableW
SetFileCompletionNotificationModes
GetCurrentProcess
FormatMessageW
CreateIoCompletionPort
GetModuleHandleW
QueryPerformanceFrequency
GetCurrentThreadId
PostQueuedCompletionStatus
GetFinalPathNameByHandleW
SetLastError
DisableThreadLibraryCalls
WriteConsoleW
InitializeSListHead
GetLastError
IsDebuggerPresent
SwitchToThread
SleepConditionVariableSRW
ReleaseSRWLockExclusive
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
HeapReAlloc
CloseHandle
MultiByteToWideChar
LoadLibraryA
HeapFree

bcrypt

BCryptGenRandom

ntdll

NtCancelIoFileEx
NtWriteFile
RtlNtStatusToDosError
NtCreateFile
NtDeviceIoControlFile

ws2_32

WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
recv
bind
WSASocketW
WSAIoctl
getpeername
connect
ioctlsocket
socket
shutdown
WSAGetLastError
setsockopt
closesocket
send
WSASend
getsockopt
getsockname

advapi32

RegQueryValueExW
SystemFunction036
RegCloseKey
RegOpenKeyExW

python311

PyLong_FromSsize_t
PyObject_GetItem
PyObject_SetItem
PyObject_DelItem
PyType_GenericAlloc
PyObject_GenericSetDict
PyModule_Create2
PyExc_RuntimeError
PyObject_SetAttrString
PyException_SetCause
PyException_GetTraceback
PyException_GetCause
PyException_SetTraceback
PyType_GetQualName
PyExc_UnicodeDecodeError
PyObject_Repr
PyGILState_Release
PyGILState_Ensure
PyBytes_Size
PyBytes_AsString
PyUnicode_AsEncodedString
PyErr_SetObject
PyErr_NormalizeException
PyErr_SetString
PyExc_TypeError
PyErr_PrintEx
PyObject_Str
PyObject_GenericGetDict
PyExc_BaseException
PyExc_SystemError
PyErr_Fetch
PyUnicode_InternInPlace
PyErr_Print
Py_IsInitialized
PyList_Append
PyList_New
PyErr_GivenExceptionMatches
PyExc_AttributeError
PyObject_GetAttr
PyInterpreterState_GetID
PyInterpreterState_Get
PyFloat_AsDouble
PyFloat_Type
PyDict_Next
PyErr_Restore
_Py_NoneStruct
PyUnicode_AsUTF8AndSize
PyLong_FromLong
PyObject_GC_UnTrack
PyType_IsSubtype
PyErr_WriteUnraisable
PyDict_SetItem
PyDict_New
_Py_Dealloc
PyUnicode_FromStringAndSize
PyExc_Exception
PyBaseObject_Type
PyType_FromSpec
PyTuple_New
PyObject_SetAttr
PyErr_NewExceptionWithDoc
PyExc_ImportError
PyExc_ValueError

vcruntime140

__CxxFrameHandler3
memset
memmove
memcmp
_CxxThrowException
strchr
memchr
__C_specific_handler
__std_type_info_destroy_list
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
strlen
_strdup

api-ms-win-crt-math-l1-1-0

log2f

api-ms-win-crt-stdio-l1-1-0

fwrite
ftell
fseek
fread
__stdio_common_vsprintf
fopen
fgets
fflush
_close
_lseek
_read
_write
ferror
feof
__stdio_common_vsscanf
fclose

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initterm
abort
strerror
_initialize_onexit_table
_wassert
_execute_onexit_table
_errno
_cexit

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc

api-ms-win-crt-utility-l1-1-0

bsearch
qsort_s
qsort

api-ms-win-crt-time-l1-1-0

_time64
_ftime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

Exports

Exports

BroccoliConcatFinish
BroccoliConcatFinished
BroccoliConcatStream
BroccoliConcatStreaming
BroccoliCreateInstance
BroccoliCreateInstanceWithWindowSize
BroccoliDestroyInstance
BroccoliNewBrotliFile
BrotliDecoderCreateInstance
BrotliDecoderDecompress
BrotliDecoderDecompressPrealloc
BrotliDecoderDecompressStream
BrotliDecoderDecompressStreaming
BrotliDecoderDecompressWithReturnInfo
BrotliDecoderDestroyInstance
BrotliDecoderErrorString
BrotliDecoderFreeU8
BrotliDecoderFreeUsize
BrotliDecoderGetErrorCode
BrotliDecoderGetErrorString
BrotliDecoderHasMoreOutput
BrotliDecoderIsFinished
BrotliDecoderIsUsed
BrotliDecoderMallocU8
BrotliDecoderMallocUsize
BrotliDecoderSetParameter
BrotliDecoderTakeOutput
BrotliDecoderVersion
BrotliEncoderCompress
BrotliEncoderCompressMulti
BrotliEncoderCompressStream
BrotliEncoderCompressStreaming
BrotliEncoderCompressWorkPool
BrotliEncoderCreateInstance
BrotliEncoderCreateWorkPool
BrotliEncoderDestroyInstance
BrotliEncoderDestroyWorkPool
BrotliEncoderFreeU8
BrotliEncoderFreeUsize
BrotliEncoderHasMoreOutput
BrotliEncoderIsFinished
BrotliEncoderMallocU8
BrotliEncoderMallocUsize
BrotliEncoderMaxCompressedSize
BrotliEncoderMaxCompressedSizeMulti
BrotliEncoderSetCustomDictionary
BrotliEncoderSetParameter
BrotliEncoderTakeOutput
BrotliEncoderVersion
CBrotliDecoderErrorString
CBrotliDecoderGetErrorCode
CBrotliDecoderGetErrorString
CBrotliDecoderHasMoreOutput
CBrotliDecoderIsFinished
CBrotliDecoderIsUsed
CBrotliDecoderTakeOutput
PyInit_pyreqwest_impersonate

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b571244c23dc398f4925cc6a879608f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

bcrypt

ntdll

ws2_32

advapi32

python311

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 2KB - Virtual size: 8KB

.pdata Size: 132KB - Virtual size: 132KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 2KB - Virtual size: 8KB

.pdata
Size: 132KB - Virtual size: 132KB

.reloc
Size: 22KB - Virtual size: 22KB