81db97600dd2becdcd78afe40ed5dd927f795405ba0f32de1c866019e0dcf967

Sharing

Copy URL Twitter E-mail

General

Target

81db97600dd2becdcd78afe40ed5dd927f795405ba0f32de1c866019e0dcf967
Size

337KB
MD5

45fda44f50978946126515f72170ef22
SHA1

d5897a6fa6df5281e704eaff5db81cfb98e8b75b
SHA256

81db97600dd2becdcd78afe40ed5dd927f795405ba0f32de1c866019e0dcf967
SHA512

48cbcfceb76e61a5be4232431f6ec00d4b88b2c7a789ebd73a21c4dd6c8ffa39924c92a8bf21c7e18358e2276f9476a09686a957f3edd5f56372c2f9cdebfb19
SSDEEP

6144:LTaw+8/uRYxs2hmiAaBZ6iGJNWzdCButAfWkUMGLeOnsDX+tsBieqfljo/3Ifu2E:LTJ+8/uRYxzhmiAgZ6iGJNWzdCButAfr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81db97600dd2becdcd78afe40ed5dd927f795405ba0f32de1c866019e0dcf967

Files

81db97600dd2becdcd78afe40ed5dd927f795405ba0f32de1c866019e0dcf967
.dll windows:6 windows x86 arch:x86

3755f42d1066e56850fd17ac1605f25f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

python39

PyComplex_FromDoubles
Py_GetVersion
PySet_Contains
PyObject_GetAttr
PyModule_GetName
PyFloat_AsDouble
PyRun_StringFlags
_Py_NoneStruct
PyTuple_New
PyDict_SetItemString
PyDict_Size
PyLong_FromLongLong
PyFloat_FromDouble
PySet_Add
PyExc_AttributeError
PyTuple_GetSlice
PyNumber_Multiply
PyErr_SetString
PyExc_ZeroDivisionError
PyErr_WriteUnraisable
PyObject_GetIter
PyNumber_Add
PyExc_ValueError
PyLong_FromUnsignedLong
PyDict_Next
PyErr_Format
PyObject_RichCompare
PyTuple_Type
_Py_FalseStruct
PyImport_GetModule
PyCoro_Type
PyFloat_Type
PyOS_string_to_double
PyModule_NewObject
PyMethod_Type
PyLong_Type
PyType_IsSubtype
PyNumber_Subtract
PyErr_Restore
PyUnicode_Join
PyExc_OverflowError
PyCode_NewWithPosOnlyArgs
_Py_Dealloc
PyTuple_GetItem
PyImport_GetModuleDict
PyModule_GetDict
PyObject_Free
PyErr_ExceptionMatches
PyComplex_AsCComplex
PyObject_GC_Del
PyErr_Fetch
PyObject_ClearWeakRefs
PyObject_Not
PyUnicode_AsUTF8
PyUnicode_FromFormat
PySet_New
PyList_New
PyObject_GC_IsFinalized
PyImport_AddModule
PyType_Ready
PyObject_GetAttrString
_PyGen_Send
PyErr_Clear
PyList_Append
PyUnicode_AsUTF8AndSize
PyUnicode_Decode
PyLong_AsDouble
PyException_SetTraceback
_PyObject_GenericGetAttrWithDict
PySet_Type
PyDict_SetItem
PyDict_New
PyNumber_Power
PyUnicode_Type
_PyUnicode_IsWhitespace
PyObject_CallFinalizerFromDealloc
PyInterpreterState_GetID
PyNumber_Index
PyMem_Free
PyExc_StopIteration
PyFrozenSet_New
PyNumber_Negative
PyList_Type
PyErr_NoMemory
PyDict_GetItemString
PyObject_GetItem
PyComplex_Type
PyModuleDef_Init
PyObject_GC_Track
PyBytes_FromStringAndSize
PyImport_Import
PyNumber_Long
PyUnicode_Compare
_Py_NewReference
PyObject_IsSubclass
PyExc_TypeError
PyMem_Realloc
_PyObject_NextNotImplemented
PyObject_IsTrue
PyExc_NameError
PyTuple_Pack
_PyByteArray_empty_string
_PyUnicode_Ready
PyMem_Malloc
PyExc_IndexError
Py_EnterRecursiveCall
PyExc_ImportError
PyGen_Type
_Py_TrueStruct
PyArg_UnpackTuple
PyExc_SystemError
_PyObject_GC_New
PyNumber_TrueDivide
PyTraceBack_Type
PyExc_GeneratorExit
_PyList_Extend
PyUnicode_FromString
_PyLong_Copy
_PyType_Lookup
PyUnicode_Format
PyObject_Size
PyObject_Call
PyByteArray_Type
PyNumber_Float
PySequence_Tuple
PyUnicode_FromStringAndSize
PyFloat_FromString
_PyObject_GetDictPtr
PyObject_GenericGetAttr
PyList_Sort
PyNumber_Remainder
PyLong_FromSsize_t
PyType_GetFlags
PyErr_Occurred
PyObject_SelfIter
PyErr_NormalizeException
PyImport_ImportModuleLevelObject
PyImport_ImportModule
Py_LeaveRecursiveCall
PyLong_AsSsize_t
_Py_ascii_whitespace
PyFrame_New
PyExc_RuntimeWarning
PyErr_WarnEx
PyObject_Malloc
PyErr_GivenExceptionMatches
PyCode_NewEmpty
PyErr_SetObject
PyThreadState_Get
PyOS_snprintf
PyCFunction_Type
PyErr_SetNone
PyExc_UnboundLocalError
PyUnicode_Concat
PyObject_Hash
PyObject_GC_UnTrack
PyLong_FromLong
PyObject_SetAttrString
PyMethod_New
PyExc_RuntimeError
_PyThreadState_UncheckedGet
PyTraceBack_Here
_PyDict_GetItem_KnownHash
PyNumber_Absolute
PyUnicode_InternFromString
PyObject_SetAttr
_PyDict_NewPresized
PyBaseObject_Type
PySequence_List
PyBytes_Type
PyFrozenSet_Type

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter

vcruntime140

_except_handler4_common
strrchr
__std_type_info_destroy_list
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-math-l1-1-0

_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_log_precise
_libm_sse2_pow_precise
_CIatan2
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise

Exports

Exports

PyInit_bezierTools

Sections

.text
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3755f42d1066e56850fd17ac1605f25f

Headers

DLL Characteristics

File Characteristics

Imports

python39

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 263KB - Virtual size: 262KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 263KB - Virtual size: 262KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 18KB - Virtual size: 17KB