67ed6f79d0522570159bfd8980a1898b3854cfe128c5c072bf0bf02fe8a235a1

Sharing

Copy URL Twitter E-mail

General

Target

67ed6f79d0522570159bfd8980a1898b3854cfe128c5c072bf0bf02fe8a235a1
Size

378KB
MD5

1c4a52a54ee808556e09a1d27b0fc7c2
SHA1

86afac87f9a496f74b61a98d85420bcf844a43b8
SHA256

67ed6f79d0522570159bfd8980a1898b3854cfe128c5c072bf0bf02fe8a235a1
SHA512

a183386673cfb39e8120aa81049b8dfb591397cf23a33719d919f6ee0232fd2875c7bdbe8a81989b7b3171fb8eba60334de112c0929152b0dcac917872e6d295
SSDEEP

6144:y98x/wtJqMcoLBF2g2r5+E7EXaUbacfB8HUNWPFqRKbI5dL39nLWnl7OmOYYaie/://wyroLBF2gPacf2HUNWtqRKbUdLNn2R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67ed6f79d0522570159bfd8980a1898b3854cfe128c5c072bf0bf02fe8a235a1

Files

67ed6f79d0522570159bfd8980a1898b3854cfe128c5c072bf0bf02fe8a235a1
.dll windows:6 windows x86 arch:x86

8cb4baf51f108ab0a1500a2e0ad86dc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\rpds\rpds\target\i686-pc-windows-msvc\release\deps\rpds.pdb

Imports

kernel32

DisableThreadLibraryCalls
GetCurrentThreadId
InitializeSListHead
GetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
RtlCaptureContext
GetCurrentThread
GetCurrentProcess
GetStdHandle
GetCurrentProcessId
AcquireSRWLockExclusive
WaitForSingleObject
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcessHeap
UnhandledExceptionFilter
HeapFree
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetLastError
GetConsoleMode
ReleaseSRWLockShared
ReleaseMutex
GetModuleHandleW
FormatMessageW
IsDebuggerPresent
MultiByteToWideChar
WriteConsoleW
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
HeapReAlloc
CloseHandle
Sleep
TlsSetValue
HeapAlloc
TlsGetValue
IsProcessorFeaturePresent

advapi32

SystemFunction036

bcrypt

BCryptGenRandom

ntdll

NtWriteFile
RtlNtStatusToDosError

python310

PyMapping_Items
_Py_NoneStruct
PyBaseObject_Type
_Py_FalseStruct
_Py_TrueStruct
PyExc_SystemError
PyImport_Import
PyErr_WriteUnraisable
PyList_Append
PyList_New
PyObject_Call
PyObject_RichCompare
PyObject_SetAttr
PyUnicode_AsUTF8AndSize
PyObject_VectorcallMethod
PyObject_GetAttr
PyDict_SetItem
PyObject_IsInstance
PyBytes_AsString
PyBytes_Size
PyUnicode_FromStringAndSize
PyExc_StopIteration
PyException_GetCause
PyObject_Repr
PyObject_Str
Py_IsInitialized
PyGILState_Ensure
PyGILState_Release
PyExc_TypeError
PyErr_Fetch
PyErr_PrintEx
PyErr_NewExceptionWithDoc
PyException_SetCause
PyErr_NormalizeException
PyErr_Print
PyExc_RuntimeError
PyExc_OverflowError
PyTuple_GetSlice
PyTuple_GetItem
PyModule_Create2
PyExc_ImportError
PyObject_GenericGetDict
PyObject_GenericSetDict
PyType_FromSpec
PyExc_AttributeError
PyErr_GivenExceptionMatches
PyObject_IsTrue
PyObject_GetIter
PyObject_Hash
PyUnicode_InternInPlace
PyUnicode_AsEncodedString
PyLong_FromSsize_t
PyObject_GetItem
PyObject_SetItem
PyObject_DelItem
PyTuple_New
PyObject_SetAttrString
PyIter_Next
PyDict_New
PyDict_Next
PyType_GenericAlloc
PyExc_BaseException
PyErr_Restore
PyExc_KeyError
PyExc_IndexError
_Py_Dealloc
_Py_NotImplementedStruct
PyType_IsSubtype
PyTuple_SetItem
PyBool_Type
PyExc_ValueError

vcruntime140

memcpy
memmove
memcmp
memset
_CxxThrowException
__std_type_info_destroy_list
_except_handler4_common
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initterm
_configure_narrow_argv
_initialize_narrow_environment
_initterm_e
_execute_onexit_table
_cexit
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

PyInit_rpds

Sections

.text
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cb4baf51f108ab0a1500a2e0ad86dc3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

bcrypt

ntdll

python310

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 302KB - Virtual size: 302KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 302KB - Virtual size: 302KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB