56d12a55dd5cc38529870f3b97d272523ff5861e540c1839dcb45e42c83470e4

General

Target

56d12a55dd5cc38529870f3b97d272523ff5861e540c1839dcb45e42c83470e4
Size

9KB
MD5

0cbba630008a8f99a16e10d1fc2d986d
SHA1

6ad40f2a5c0c259330af8cd5759d729d2d7d7092
SHA256

56d12a55dd5cc38529870f3b97d272523ff5861e540c1839dcb45e42c83470e4
SHA512

9272d99d46c5d12ccf10f5a40df2f621a9f107966b2f221babda1191ae71cca6eb0123d6997ccdba083521c739e97e8747303c8318088c340e3613e60b691a67
SSDEEP

192:8SI4ySF5IHS37udhLFK83XcgVlD6teFI4BUKXKXecWnHcyZfgC:84F5cQ7SjK0MgVl1ZZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56d12a55dd5cc38529870f3b97d272523ff5861e540c1839dcb45e42c83470e4

Files

56d12a55dd5cc38529870f3b97d272523ff5861e540c1839dcb45e42c83470e4
.dll windows:5 windows x86 arch:x86

d9fa7eb69c04687a265111592e7c3516

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

python27

Py_FatalError
PyType_Type
Py_InitModule4
PyModule_AddIntConstant
PyModule_AddStringConstant
PyInt_FromLong
Py_FindMethod
PyArg_ParseTuple
PyExc_ValueError
PyErr_SetString
PyMem_Malloc
PyErr_NoMemory
PyMem_Free
PyString_FromStringAndSize
PyArg_ParseTupleAndKeywords
_PyObject_New
PyExc_TypeError
PyErr_Format
PyExc_SystemError
PyObject_Free
PyErr_Occurred

msvcr90

__dllonexit
_crt_debugger_hook
_except_handler4_common
_onexit
_lock
_encoded_null
memcpy
_encode_pointer
_malloc_crt
free
_unlock
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
__clean_type_info_names_internal

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
GetLastError

Exports

Exports

initwinrandom

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9fa7eb69c04687a265111592e7c3516

Headers

File Characteristics

Imports

advapi32

python27

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 582B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 582B