2452d6e0aa7b67a5d0042580c0675cf0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2452d6e0aa7b67a5d0042580c0675cf0N.exe
Size

76KB
MD5

2452d6e0aa7b67a5d0042580c0675cf0
SHA1

e4f71eb9d127e422a66575bc4e28bb5a73ce64b7
SHA256

302ac813d7d2237784562e52c8e6ed98db7a6fb18b07d6abb8029310f0f4679c
SHA512

aa4dd3c66b7dbb6185f833d222a94be57da5655117fd37cbe47851ca48999d5c4d50e7d15cd172c87f3f9964e5fbf2494ba0308389b55e2e2222762866367759
SSDEEP

1536:VXNN5VzAWcnr8l94Rng006Pmduk77M26csv4td2zsN9uCG+rbxU7R9:V9bxTcwr4Rnn06PmdukE26cA4td2zsNs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2452d6e0aa7b67a5d0042580c0675cf0N.exe

Files

2452d6e0aa7b67a5d0042580c0675cf0N.exe
.dll windows:6 windows x64 arch:x64

fb7dd011d82932d0ef1bdce6512c1578

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

sdl2

SDL_RWsize
SDL_RWFromFile
SDL_RWseek
SDL_RWread
SDL_RWclose
SDL_RWtell
SDL_MapRGB
SDL_SetPaletteColors
SDL_FreeSurface
SDL_FillRect
SDL_MapRGBA
SDL_CreateRGBSurface
SDL_SetSurfaceBlendMode
SDL_LockSurface
SDL_UnlockSurface
SDL_SetSurfaceAlphaMod
SDL_SetColorKey
SDL_GetError

freetype

FT_Init_FreeType
FT_Done_Glyph
FT_Glyph_To_Bitmap
FT_Matrix_Multiply
FT_Library_Version
FT_Get_Glyph
FT_Vector_Length
FTC_CMapCache_Lookup
FT_Get_Kerning
FT_Outline_Get_CBox
FT_Outline_Embolden
FT_Bitmap_Embolden
FT_MulFix
FT_Vector_Unit
FT_Load_Glyph
FT_Vector_Rotate
FT_Glyph_Transform
FTC_Manager_LookupSize
FTC_Manager_RemoveFaceID
FTC_Manager_New
FT_Open_Face
FTC_CMapCache_New
FTC_Manager_Done
FTC_Manager_LookupFace
FT_Done_FreeType

python310

PyObject_CallMethod
PyMem_Free
PyNumber_Check
PyArg_ParseTupleAndKeywords
PyUnicode_FromEncodedObject
PyExc_TypeError
PyCapsule_Type
PyObject_IsTrue
PyObject_Str
PyTuple_Pack
PyState_FindModule
PyModule_GetState
PyUnicode_FromString
PyObject_Repr
PyNumber_Float
PyArg_ParseTuple
PyMem_Malloc
PyErr_NoMemory
PyBytes_FromStringAndSize
PySequence_Check
_PyObject_CallFunction_SizeT
PyBytes_AsStringAndSize
PyErr_Restore
PyUnicode_AsUCS4Copy
PyExc_UnicodeEncodeError
PyUnicode_GetLength
PyOS_snprintf
PyEval_SaveThread
PyExc_FileNotFoundError
PyEval_RestoreThread
PyExc_RuntimeError
PyNumber_Remainder
PyErr_Occurred
PySequence_GetItem
PyImport_ImportModule
PyModule_AddIntConstant
PyBool_FromLong
PySequence_Size
PyCapsule_New
PyObject_RichCompareBool
PyErr_Clear
PyObject_GetAttrString
PyType_Ready
PyLong_FromLong
PyList_New
PyUnicode_FromFormat
PyLong_AsLong
PyModule_AddObject
PyCapsule_GetPointer
_Py_Dealloc
PyExc_OverflowError
PyType_IsSubtype
PyFloat_Type
PyBool_Type
PyErr_Format
PyLong_FromUnsignedLong
PyExc_ValueError
PyObject_CallFunction
PyErr_SetString
PyBytes_FromFormat
PyExc_AttributeError
PyFloat_FromDouble
_Py_NoneStruct
PyFloat_AsDouble
PyExc_SystemError
Py_BuildValue
PyModule_Create2

kernel32

RtlCaptureContext
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry

vcruntime140

__std_type_info_destroy_list
memset
__C_specific_handler

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initialize_narrow_environment

Exports

Exports

PyInit__freetype

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb7dd011d82932d0ef1bdce6512c1578

Headers

DLL Characteristics

File Characteristics

Imports

sdl2

freetype

python310

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 16B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 1024B - Virtual size: 704B

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 16B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1024B - Virtual size: 704B