66e91fc5567e30d63e6be8133a0dae8266af62a9e98c6eb0d911eae53e00e285

Sharing

Copy URL Twitter E-mail

General

Target

66e91fc5567e30d63e6be8133a0dae8266af62a9e98c6eb0d911eae53e00e285
Size

507KB
MD5

316f9535cbffc855ae2dac66248fab47
SHA1

da14da968b50751215183b9522fb98f1a3795c5a
SHA256

66e91fc5567e30d63e6be8133a0dae8266af62a9e98c6eb0d911eae53e00e285
SHA512

e0a9034c1995c091828ab3af70a2eb34500eed050ff17d44149fd6e3b4a06f7d3a6444ecd487e9766f8b15c3d768146bbbefa5bdde66dbb4bdb7185a99df79fb
SSDEEP

6144:6RHYQLTnb++h+b4Ux7BSaeyXhO9gWwjamE4Uuk1KjWRsm:CHYQTy+h+c/5yXhygkhvuHzm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66e91fc5567e30d63e6be8133a0dae8266af62a9e98c6eb0d911eae53e00e285

Files

66e91fc5567e30d63e6be8133a0dae8266af62a9e98c6eb0d911eae53e00e285
.dll windows:6 windows x64 arch:x64

7f6d813bb96586d857bcb4779785caf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\blake3-py\blake3-py\target\x86_64-pc-windows-msvc\release\deps\blake3.pdb

Imports

kernel32

SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
RtlLookupFunctionEntry
RtlVirtualUnwind
SwitchToThread
SetThreadStackGuarantee
GetLastError
GetStdHandle
GetCurrentProcessId
SetUnhandledExceptionFilter
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
HeapAlloc
RtlCaptureContext
HeapFree
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
VirtualProtect
DuplicateHandle
GetConsoleMode
QueryPerformanceCounter
GetCurrentProcess
MapViewOfFile
GetModuleHandleW
FormatMessageW
GetFullPathNameW
GetProcessHeap
CreateFileMappingW
MultiByteToWideChar
WriteConsoleW
CreateThread
GetCurrentThread
GetSystemTimeAsFileTime
UnmapViewOfFile
GetSystemInfo
SleepConditionVariableSRW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetProcAddress
GetModuleHandleA
Sleep
CloseHandle
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockExclusive
IsProcessorFeaturePresent

advapi32

SystemFunction036

ntdll

NtReadFile
RtlNtStatusToDosError
NtWriteFile

bcrypt

BCryptGenRandom

python311

PyExc_SystemError
PyUnicode_AsUTF8AndSize
PyObject_GetBuffer
PyType_IsSubtype
PyBaseObject_Type
PyBytes_FromStringAndSize
PyErr_WriteUnraisable
PyObject_GC_UnTrack
PyUnicode_FromStringAndSize
PyOS_FSPath
PyTuple_New
PyUnicode_InternInPlace
PyUnicode_AsEncodedString
PyObject_Repr
PyObject_Str
PyErr_Restore
PyExc_BrokenPipeError
PyExc_OSError
PyExc_ConnectionRefusedError
PyExc_TypeError
PyExc_BlockingIOError
PyExc_TimeoutError
PyExc_PermissionError
PyExc_FileNotFoundError
PyExc_RuntimeError
PyExc_ConnectionResetError
PyExc_InterruptedError
PyExc_ConnectionAbortedError
PyExc_FileExistsError
PyException_GetTraceback
PyException_SetTraceback
PyErr_Fetch
PyErr_PrintEx
PyErr_NewExceptionWithDoc
PyException_GetCause
PyException_SetCause
PyGILState_Release
PyErr_Print
Py_IsInitialized
PyEval_SaveThread
PyGILState_Ensure
_Py_Dealloc
PyEval_RestoreThread
PyObject_GetAttr
PyExc_ValueError
PyDict_Next
PyLong_FromSsize_t
PyObject_GetItem
PyObject_SetItem
PyObject_DelItem
PyLong_FromLongLong
PyLong_FromUnsignedLongLong
PyUnicode_AsWideChar
PyErr_NormalizeException
PyErr_SetString
PyErr_SetObject
PyExc_BaseException
PyModule_Create2
PyBool_Type
_Py_TrueStruct
PyList_New
PyList_Append
PyExc_AttributeError
PyErr_GivenExceptionMatches
PyObject_SetAttr
PyBytes_AsString
PyNumber_Index
PyLong_AsLongLong
PyLong_AsUnsignedLongLong
PyExc_ImportError
PyObject_SetAttrString
PyInterpreterState_Get
PyInterpreterState_GetID
PyType_GenericAlloc
PyObject_GenericGetDict
PyObject_GenericSetDict
PyType_FromSpec
_Py_NoneStruct
PyExc_BufferError
PyBytes_Size
PyBuffer_IsContiguous
PyBuffer_Release
PyExc_OverflowError

vcruntime140

__CxxFrameHandler3
memcpy
memset
memcmp
memmove
_CxxThrowException
__C_specific_handler
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_dll
_execute_onexit_table
_cexit
_initterm
_initterm_e

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

PyInit_blake3

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f6d813bb96586d857bcb4779785caf0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ntdll

bcrypt

python311

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 125KB - Virtual size: 124KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 18KB - Virtual size: 17KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 125KB - Virtual size: 124KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 18KB - Virtual size: 17KB

.reloc
Size: 2KB - Virtual size: 2KB