2bbb8f8336692f7a968a3548fa950a468974695cc1cfa67e1ebc2b8342ef816d[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2bbb8f8336692f7a968a3548fa950a468974695cc1cfa67e1ebc2b8342ef816d.exe
Size

27KB
MD5

062951f5d4e5e0bcb6b765d39ae018e0
SHA1

4ce06949efaa1afe92cc012acb0300361243f300
SHA256

2bbb8f8336692f7a968a3548fa950a468974695cc1cfa67e1ebc2b8342ef816d
SHA512

7eaf34f6379768d15efb489319a5b6cc16fd705bbdcffafb5976c92fa6ae7f77d53738885a06788b04072d32d5f84e3781aa53a8bcb5f7a07419f22bc0c85ab9
SSDEEP

384:I8P1U795APt4yLxog1VYjOSaaY8J4U+ltukuFVN42a0sjOIJkBL:FPifAPtt1/SrTIvb0IOIJkt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bbb8f8336692f7a968a3548fa950a468974695cc1cfa67e1ebc2b8342ef816d.exe

Files

2bbb8f8336692f7a968a3548fa950a468974695cc1cfa67e1ebc2b8342ef816d.exe
.dll windows:6 windows x64 arch:x64

64b6598484227b106216468127a5dba0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\ci\python_1578510570019\work\PCbuild\amd64\instrumented\_multiprocessing.pdb

Imports

ws2_32

recv
send
closesocket
WSAGetLastError

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
SetLastError
ReleaseSemaphore
WaitForMultipleObjectsEx
GetCurrentThreadId
GetLastError
WaitForSingleObjectEx
CloseHandle
ResetEvent
CreateSemaphoreA
IsDebuggerPresent
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleW
GetStartupInfoW
QueryPerformanceCounter

python37

PyEval_RestoreThread
_PyOS_IsMainThread
PyExc_AssertionError
_Py_TrueStruct
PyMem_Malloc
PyThread_get_thread_ident
_PyOS_SigintEvent
PyMem_Free
PyObject_Free
PyExc_OverflowError
PyErr_SetFromErrno
_Py_FalseStruct
_PyArg_ParseTupleAndKeywords_SizeT
PyExc_ValueError
PyErr_SetString
PyFloat_AsDouble
PyErr_SetFromWindowsErr
PyErr_Occurred
PyBool_FromLong
_PyObject_New
PyBuffer_Release
PyErr_SetExcFromWindowsErr
PyBytes_FromStringAndSize
PyExc_OSError
PyErr_NoMemory
PyDict_New
PyType_Ready
PyModule_Create2
_PyBytes_Resize
_PyArg_ParseTuple_SizeT
PyModule_AddObject
PyErr_Format
PyDict_SetItemString
_Py_NoneStruct
PyLong_FromLong
PyExc_RuntimeError
PyEval_SaveThread

vcruntime140

memset
__std_type_info_destroy_list
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_errno
_seh_filter_dll
terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

pgort140

IrtSetStaticInfo
IrtAutoSweepA
IrtAutoSweepW
IrtClientAbort
IrtPogoInit
IrtTearDownDiffBuffer
IrtInitDiffBuffer

Exports

Exports

PyInit__multiprocessing

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64b6598484227b106216468127a5dba0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

python37

vcruntime140

api-ms-win-crt-runtime-l1-1-0

pgort140

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 1024B - Virtual size: 900B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 244B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1024B - Virtual size: 900B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 244B