4b488216bdff667c285b040cc3c4b16d6313a209a8bcb6b74ef33eebebaec64f

Sharing

Copy URL Twitter E-mail

General

Target

4b488216bdff667c285b040cc3c4b16d6313a209a8bcb6b74ef33eebebaec64f
Size

313KB
MD5

b0115ee217b5fcb25e29e27582ea1a76
SHA1

42756c5933d5b59ba159cc81e6716034982dd13a
SHA256

4b488216bdff667c285b040cc3c4b16d6313a209a8bcb6b74ef33eebebaec64f
SHA512

8ae846def37c9e1da1c967f65ea7835f2c59d203e4b3ed4d4d3ea7f4760afdb05b717f4bf4c3121ed6ec657102780641e05c7c054f4ce06fc499e2d24f119339
SSDEEP

6144:+ciBnKLl01YChTdZ9ZurhC/g052ATbQOhBWRmV/YtwX:+LBKOlLZKhC/gYbQ7S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b488216bdff667c285b040cc3c4b16d6313a209a8bcb6b74ef33eebebaec64f

Files

4b488216bdff667c285b040cc3c4b16d6313a209a8bcb6b74ef33eebebaec64f
.dll windows:6 windows x64 arch:x64

033feabe4cc9e44fa92199efb4652079

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCurrentProcessId
InitOnceExecuteOnce
QueryPerformanceCounter
GetACP
GetConsoleCP
GetLastError
InitializeCriticalSection
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
MultiByteToWideChar
SetLastError
CloseHandle
ReadFile
GetFileSizeEx
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
CreateFileA
Sleep
CancelIoEx
GetModuleFileNameA
GetSystemWindowsDirectoryA
GetWindowsDirectoryA
CreateFiber
DeleteFiber
SwitchToFiber
LocalFree
LocalAlloc
FormatMessageA
LoadLibraryExA
GetProcAddress
FreeLibrary
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

python310

PyObject_CallFunctionObjArgs
PyExc_Exception
PyMem_RawRealloc
PyUnicode_FromFormatV
PyExc_RuntimeError
PyErr_SetObject
PyObject_SetAttr
PyStructSequence_NewType
PyList_Append
PyList_New
PyStructSequence_New
PyDict_SetItemString
_Py_BuildValue_SizeT
PyBool_FromLong
PyEval_RestoreThread
_Py_TrueStruct
PyObject_IsTrue
PyExc_TypeError
PyType_GenericAlloc
PyMem_Free
PyDict_New
PyDict_SetItem
_PyArg_ParseTuple_SizeT
_Py_FalseStruct
_PyArg_ParseTupleAndKeywords_SizeT
PyErr_WarnFormat
PyEval_SaveThread
PyType_GenericNew
PyExc_RuntimeWarning
PyUnicode_FromStringAndSize
_PyLong_NumBits
PyMem_RawFree
PyCallable_Check
PyObject_Str
PyBytes_FromStringAndSize
PyObject_HasAttrString
PyObject_CallObject
PyDict_GetItem
PyList_Type
PyTuple_SetItem
PyUnicode_Type
_PyLong_Sign
PyList_GetItem
PyTuple_Size
PyBytes_Type
PyObject_GetAttrString
PyLong_AsLong
PyTuple_GetItem
_Py_Dealloc
PyType_IsSubtype
PyLong_Type
PyFloat_Type
PyTuple_Type
PyBool_Type
PyMem_RawCalloc
PyDict_Type
PyLong_FromUnsignedLong
PyList_Size
PyFloat_FromDouble
PyLong_FromLongLong
PyLong_FromString
PyTuple_New
PyLong_AsLongLong
_Py_NoneStruct
PyLong_AsUnsignedLongLong
PyFloat_AsDouble
PyDict_Contains
PyLong_FromUnsignedLongLong
PyLong_FromLong
PyUnicode_AsUTF8AndSize
PyLong_AsUnsignedLong
_PyObject_CallFunction_SizeT
PyType_Type
PyUnicode_FromString
PyExc_ImportError
PyCapsule_Import
PyErr_NewExceptionWithDoc
PyErr_NewException
PyType_Ready
PyModule_Create2
PyModule_AddObject
PyErr_SetString
PyObject_GetAttr
PyErr_Occurred
PyImport_ImportModule
PyMem_RawMalloc

vcruntime140

memset
strstr
strchr
memcpy
memmove
__C_specific_handler
memcmp
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
_wfopen
fgets
__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
fclose
fread
fopen

api-ms-win-crt-string-l1-1-0

isspace
strtok
_strdup
strncpy_s
toupper
strncpy
strnlen
strcmp
strncmp
strpbrk
_strnicmp
_stricmp
strtok_s
isdigit

api-ms-win-crt-convert-l1-1-0

strtod
atoi
strtol
atof

api-ms-win-crt-runtime-l1-1-0

_initterm
_errno
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_initterm_e
_cexit
strerror_s

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
calloc

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

ceil
ceilf
floor

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_access

ws2_32

ntohs
setsockopt
getaddrinfo
getservbyname
WSASetLastError
freeaddrinfo
socket
shutdown
WSAStartup
WSACleanup
send
WSAGetLastError
select
recv
ioctlsocket
connect
getsockopt
__WSAFDIsSet
bind
closesocket

advapi32

CryptImportKey
CryptReleaseContext
CryptDestroyKey
CryptAcquireContextA

shlwapi

PathRemoveFileSpecA

crypt32

CertGetCertificateContextProperty
CryptDecodeObjectEx
CertOpenStore
CertDuplicateStore
CertCloseStore
CertEnumCertificatesInStore
CertSetCertificateContextProperty
CryptStringToBinaryA
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertAddCRLContextToStore
CertAddCertificateContextToStore
CertFreeCertificateContext

secur32

QueryContextAttributesA
AcquireCredentialsHandleA
FreeContextBuffer
EncryptMessage
DecryptMessage
DeleteSecurityContext
FreeCredentialsHandle
InitializeSecurityContextA

Exports

Exports

PyInit__mariadb

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

033feabe4cc9e44fa92199efb4652079

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

python310

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

ws2_32

advapi32

shlwapi

crypt32

secur32

Exports

Exports

Sections

.text Size: 171KB - Virtual size: 170KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 20KB - Virtual size: 25KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 171KB - Virtual size: 170KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 20KB - Virtual size: 25KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 7KB - Virtual size: 6KB