1b1860d5c69253bee655d50ef282c3e0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1b1860d5c69253bee655d50ef282c3e0N.exe
Size

61KB
MD5

1b1860d5c69253bee655d50ef282c3e0
SHA1

4436e1379dd33184ecd5a60b75e73f4a45077b37
SHA256

3c50dd14a0c0bf8df66dbd9b2470da1193ba9f62405c4db427681646e5208a22
SHA512

280216fcbb7d4e7f1273012d934f87c0ab6d920b388669cde869149242b96d3335661b602f7ad3a7deb93d5e0d946df6c3833964de04c072237faa2b3e9fb67b
SSDEEP

1536:ff71NCZe4GH8hA+5tUVFUH/qlJt/cEegWg7o51Rr9s2s2dlaigM+:H76P9k6Itwoo51RppWix+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b1860d5c69253bee655d50ef282c3e0N.exe

Files

1b1860d5c69253bee655d50ef282c3e0N.exe
.dll windows:6 windows x64 arch:x64

0ad9f85b929aa8a0b33fbfd49afdb35f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shell32

SHChangeNotify
SHGetKnownFolderPath
SHGetFolderPathW
SHCreateItemFromParsingName
CommandLineToArgvW
SHAddToRecentDocs

wininet

InternetGetConnectedState

advapi32

GetUserNameW

gdi32

CreateCompatibleBitmap
DeleteObject
GetObjectW

rstrtmgr

RmStartSession
RmGetList
RmRegisterResources
RmEndSession

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

python311

PyErr_SetExcFromWindowsErrWithFilenameObjects
PyExc_FileExistsError
PyExc_ValueError
PyExc_TypeError
PyExc_RuntimeError
PyExc_OverflowError
PyExc_IndexError
PyLong_FromUnsignedLong
PyLong_AsUnsignedLong
PyLong_FromVoidPtr
PyLong_AsVoidPtr
PyLong_FromLongLong
PyTuple_New
PyList_New
PyList_Append
PyModuleDef_Init
PyErr_SetString
PyErr_Occurred
PyErr_NoMemory
PyErr_SetFromErrno
PyErr_Format
PyErr_SetFromWindowsErr
PyErr_SetExcFromWindowsErrWithFilenameObject
PyExc_OSError
_PyArg_ParseTuple_SizeT
_Py_BuildValue_SizeT
PyModule_AddObject
PyModule_AddIntConstant
PyEval_SaveThread
PyEval_RestoreThread
_Py_NoneStruct
PyBytes_Type
PyLong_FromLong
PyUnicode_AsWideCharString
PyUnicode_FromWideChar
PyUnicode_FromFormat
_PyBytes_Resize
PyBytes_FromStringAndSize
Py_DecRef
_Py_Dealloc
PyType_Ready
PyMem_Free
PyMem_Malloc
PyLong_Type
_Py_FalseStruct
_Py_TrueStruct

user32

WaitForInputIdle
GetAsyncKeyState
GetDC
DestroyIcon
CreateIconIndirect
CreateIconFromResourceEx

ole32

CoInitialize
CoUninitialize
CoCreateInstance
StringFromIID
IIDFromString
CoTaskMemFree

kernel32

VerSetConditionMask
GetSystemTimeAsFileTime
CompareFileTime
CreateFileW
DeleteFileW
GetDiskFreeSpaceExW
DisableThreadLibraryCalls
InitializeSListHead
GetFileInformationByHandle
GetFileSizeEx
GetLongPathNameW
GetVolumeInformationW
ReadFile
SetFileAttributesW
SetFileInformationByHandle
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetFilePointerEx
OutputDebugStringW
IsDebuggerPresent
GetUserDefaultLocaleName
VerifyVersionInfoW
ReadDirectoryChangesW
CreateHardLinkW
MoveFileExW
GetDllDirectoryW
QueryFullProcessImageNameW
FormatMessageW
SetThreadExecutionState
LocalFree
LocalAlloc
EnumResourceNamesW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
FreeLibrary
FindResourceExW
IsWow64Process
GetComputerNameExW
OpenProcess
CreateProcessW
GetCurrentProcess
GetProcessTimes
CreateMutexW
DeleteCriticalSection
InitializeCriticalSectionEx
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
GetLastError
SetHandleInformation
GetHandleInformation
CloseHandle
WriteFile
GetTempPathW
GetDriveTypeW

shlwapi

AssocQueryStringW

vcruntime140

memset
__C_specific_handler
memmove
_CxxThrowException
memcpy
__std_exception_copy
__std_type_info_destroy_list
__std_exception_destroy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
_cexit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initterm_e
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

_getmaxstdio
fclose
__stdio_common_vswprintf_s
_wfreopen_s
__acrt_iob_func
_setmaxstdio

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-locale-l1-1-0

localeconv

Exports

Exports

PyInit_winutil

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ad9f85b929aa8a0b33fbfd49afdb35f

Headers

DLL Characteristics

File Characteristics

Imports

shell32

wininet

advapi32

gdi32

rstrtmgr

msvcp140

python311

user32

ole32

kernel32

shlwapi

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 3KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 492B

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 492B