75e532030c116e4ae957e914bd3f2e2a1f045c9bfa483bc02c72dd10492620a6

Sharing

Copy URL Twitter E-mail

General

Target

75e532030c116e4ae957e914bd3f2e2a1f045c9bfa483bc02c72dd10492620a6
Size

67KB
MD5

aedfbd43f42db6b56f63e0350ca8028c
SHA1

2409811a37f01c99f0315fd6569ae45ef4be75e3
SHA256

75e532030c116e4ae957e914bd3f2e2a1f045c9bfa483bc02c72dd10492620a6
SHA512

af2b314a6123d927a7ce29911b767fffbd3604613b123beea1c21eedcf01a7ec7f8ad62a9ca19532fe31172708341c5cdbd79f66acecf48956e7de10551548b2
SSDEEP

1536:+PIacK+77w4FbWr9keeAO6m8AJ1ZGDCBl1tZp:gIacKM7w4FbWrqeeAO6m8qZGDCBljZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75e532030c116e4ae957e914bd3f2e2a1f045c9bfa483bc02c72dd10492620a6

Files

75e532030c116e4ae957e914bd3f2e2a1f045c9bfa483bc02c72dd10492620a6
.dll windows:6 windows x64 arch:x64

e9c9f87e34eb57da91eecd7d8b9da64c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win-amd64-3.8\Release\win32evtlog.pdb

Imports

advapi32

ClearEventLogW
BackupEventLogW
CloseEventLog
DeregisterEventSource
NotifyChangeEventLog
GetNumberOfEventLogRecords
GetOldestEventLogRecord
OpenEventLogW
RegisterEventSourceW
OpenBackupEventLogW
ReadEventLogW
ReportEventW

python38

PyObject_GenericSetAttr
_PyTraceMalloc_NewReference
_Py_Dealloc
PyBytes_FromStringAndSize
PyLong_FromLong
PyObject_GenericGetAttr
PyLong_FromSsize_t
PyLong_AsUnsignedLong
PyLong_AsUnsignedLongMask
PyLong_FromLongLong
PyLong_FromUnsignedLongLong
PyBool_FromLong
PyLong_FromUnsignedLong
PyFloat_FromDouble
PyTuple_New
PyList_New
PyList_Append
PyDict_SetItemString
PyModule_GetDict
PyExc_ValueError
PyExc_TypeError
PyExc_NotImplementedError
PyExc_MemoryError
_Py_NoneStruct
_Py_tracemalloc_config
PyObject_Call
PyEval_RestoreThread
PyEval_SaveThread
PyErr_Print
PyGILState_Ensure
Py_BuildValue
PyArg_ParseTupleAndKeywords
PyArg_ParseTuple
PyErr_Format
PyErr_NoMemory
PyErr_Occurred
PyErr_SetString
PyGILState_Release
PyModule_Create2

pywintypes38

?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z
?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z
?PyWinObject_FreeWCHAR@@YAXPEA_W@Z
?PyWinObject_AsReadBuffer@@YAHPEAU_object@@PEAPEAXPEAKH@Z
?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z
?PyWinObject_FreeWCHARArray@@YAXPEAPEA_WK@Z
?PyWinObject_AsWCHARArray@@YAHPEAU_object@@PEAPEAPEA_WPEAKH@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_WH@Z
?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z
?PyWinExc_ApiError@@3PEAU_object@@EA
??1PyHANDLE@@UEAA@XZ
??0PyHANDLE@@QEAA@PEAX@Z
?PyWinGlobals_Ensure@@YAHXZ
?PyWinLong_FromHANDLE@@YAPEAU_object@@PEAX@Z
?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z
?PyWinObject_FromSID@@YAPEAU_object@@PEAX@Z
?PyWinObject_AsSID@@YAHPEAU_object@@PEAPEAXH@Z
?PyWinTimeObject_Fromtime_t@@YAPEAU_object@@_J@Z
?PyWinObject_FromSYSTEMTIME@@YAPEAU_object@@AEBU_SYSTEMTIME@@@Z
?PyWinObject_FromTimeStamp@@YAPEAU_object@@AEBT_LARGE_INTEGER@@@Z

kernel32

RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent

vcruntime140

__CxxFrameHandler3
__std_terminate
memset
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__C_specific_handler
__std_exception_copy
_CxxThrowException
__std_type_info_destroy_list
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_initterm_e
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_register_onexit_function
_initterm

Exports

Exports

PyInit_win32evtlog

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9c9f87e34eb57da91eecd7d8b9da64c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

python38

pywintypes38

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 3KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 52B

.rsrc Size: 1024B - Virtual size: 728B

.reloc Size: 512B - Virtual size: 420B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 3KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 52B

.rsrc
Size: 1024B - Virtual size: 728B

.reloc
Size: 512B - Virtual size: 420B