23ec3d2a57c46c3d0d64649caadbedfeb089cb2c0041264064f45e008b1b583b

Sharing

Copy URL Twitter E-mail

General

Target

23ec3d2a57c46c3d0d64649caadbedfeb089cb2c0041264064f45e008b1b583b
Size

61KB
MD5

c13ebd5be9749e723c93172c9d285a4a
SHA1

cb88556370b9ba9d39f219902e3d9a19a9e6b751
SHA256

23ec3d2a57c46c3d0d64649caadbedfeb089cb2c0041264064f45e008b1b583b
SHA512

3d27026e1b09600c2bc87c6b60720f735a1741486e491ff1ada02eca6397a83e0c6ade31d354e7dfa1a1231424e27bf613489b7c541c8a8d478ce6ac5567ff95
SSDEEP

1536:6AFParQAqDeVOGI0BKhiwRBVlD0dQnrQgF:6AckxyOGI0BKhiWBVZcg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23ec3d2a57c46c3d0d64649caadbedfeb089cb2c0041264064f45e008b1b583b

Files

23ec3d2a57c46c3d0d64649caadbedfeb089cb2c0041264064f45e008b1b583b
.dll windows:6 windows x64 arch:x64

10924632e93254bd1a341940273f2302

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python39

PyDict_Size
PyDict_GetItemString
PyDict_SetItemString
_PyDict_GetItem_KnownHash
PyCMethod_New
PyModule_NewObject
PyModule_GetDict
PyModule_GetName
PyModuleDef_Init
PyCapsule_GetPointer
PyCapsule_GetName
PyCapsule_IsValid
PyCode_New
PyCode_NewEmpty
PyTraceBack_Here
PyInterpreterState_GetID
PyThreadState_Get
PyGILState_Ensure
PyGILState_Release
_PyThreadState_UncheckedGet
PyErr_WarnEx
PyErr_WarnFormat
PyErr_SetObject
PyErr_SetString
PyDict_Next
PyErr_Clear
PyErr_GivenExceptionMatches
PyErr_ExceptionMatches
PyException_SetCause
PyErr_Format
PyOS_snprintf
Py_GetVersion
Py_EnterRecursiveCall
Py_LeaveRecursiveCall
PyEval_EvalFrameEx
PyEval_SaveThread
PyEval_RestoreThread
PyImport_GetModuleDict
PyImport_AddModule
PyImport_ImportModule
PyImport_ImportModuleLevelObject
PyObject_Call
PyObject_CallObject
PyObject_GetItem
PyObject_SetItem
PyObject_GetIter
PyObject_IsSubclass
PyEval_EvalCodeEx
PyFrame_New
PyTraceBack_Type
PyDict_DelItem
PyDict_SetItem
PyDict_New
PyList_New
PyTuple_Pack
PyTuple_New
PyLong_AsLong
PyLong_FromLong
PyUnicode_AsUTF8
_PyUnicode_Ready
PyUnicode_Compare
PyUnicode_Decode
PyUnicode_InternFromString
PyUnicode_FromStringAndSize
PyUnicode_FromFormat
PyBytes_AsStringAndSize
PyBytes_FromStringAndSize
PyObject_GC_IsFinalized
PyMem_Realloc
PyMem_Malloc
_PyObject_GenericGetAttrWithDict
PyObject_CallFinalizerFromDealloc
_PyObject_GetDictPtr
_PyType_Lookup
_Py_Dealloc
PyObject_Not
PyObject_IsTrue
PyObject_Hash
PyObject_GenericGetAttr
PyObject_SetAttr
PyObject_GetAttr
PyObject_SetAttrString
PyObject_GetAttrString
PyObject_RichCompareBool
PyObject_RichCompare
PyType_Modified
PyType_Ready
PyType_IsSubtype
PyExc_DeprecationWarning
PyExc_IOError
PyExc_ValueError
PyExc_TypeError
PyExc_SystemError
PyExc_RuntimeError
PyExc_OverflowError
PyExc_NameError
PyExc_MemoryError
PyExc_IndexError
PyExc_ImportError
PyExc_AttributeError
PyExc_ArithmeticError
PyExc_Exception
PyExc_StopIteration
PyMethod_Type
PyFunction_Type
PyCFunction_Type
PyList_Type
PyTuple_Type
PyFrame_Type
PyFloat_Type
_Py_TrueStruct
_Py_FalseStruct
PyLong_Type
PyUnicode_Type
_PyByteArray_empty_string
PyByteArray_Type
_Py_NoneStruct
PyBaseObject_Type
PyErr_Occurred
PyType_Type

arrow

??0IpcReadOptions@ipc@arrow@@QEAA@XZ
??1Status@arrow@@QEAA@XZ
?WriteTable@feather@ipc@arrow@@YA?AVStatus@3@AEBVTable@3@PEAVOutputStream@io@3@AEBUWriteProperties@123@@Z
??0WriteProperties@feather@ipc@arrow@@QEAA@XZ
?Open@Reader@feather@ipc@arrow@@SA?AV?$Result@V?$shared_ptr@VReader@feather@ipc@arrow@@@std@@@4@AEBV?$shared_ptr@VRandomAccessFile@io@arrow@@@std@@AEBUIpcReadOptions@34@@Z
??4IpcReadOptions@ipc@arrow@@QEAAAEAU012@$$QEAU012@@Z
??1IpcReadOptions@ipc@arrow@@QEAA@XZ
??0Status@arrow@@QEAA@XZ
?Defaults@IpcReadOptions@ipc@arrow@@SA?AU123@XZ
?CopyFrom@Status@arrow@@AEAAXAEBV12@@Z
??4Status@arrow@@QEAAAEAV01@$$QEAV01@@Z

arrow_python

?check_status@internal@py@arrow@@YAHAEBVStatus@3@@Z

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__std_terminate
_CxxThrowException
__CxxFrameHandler3
memcmp
memcpy
memmove
__C_specific_handler
__std_exception_copy
__std_exception_destroy
__std_type_info_destroy_list
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

PyInit__feather

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10924632e93254bd1a341940273f2302

Headers

DLL Characteristics

File Characteristics

Imports

python39

arrow

arrow_python

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 3KB - Virtual size: 6KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 336B

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 336B