Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Overview
overview
8Static
static
8PySilon-ma...2).zip
windows7-x64
1PySilon-ma...2).zip
windows10-2004-x64
1PySilon-ma...nux.sh
ubuntu-18.04-amd64
1PySilon-ma...nux.sh
debian-9-armhf
1PySilon-ma...nux.sh
debian-9-mips
1PySilon-ma...nux.sh
debian-9-mipsel
1PySilon-ma...on.bat
windows7-x64
1PySilon-ma...on.bat
windows10-2004-x64
1PySilon-ma...der.py
windows7-x64
3PySilon-ma...der.py
windows10-2004-x64
3PySilon-ma...ler.py
windows7-x64
3PySilon-ma...ler.py
windows10-2004-x64
3PySilon-ma...64.exe
windows7-x64
4PySilon-ma...64.exe
windows10-2004-x64
4PySilon-ma...ber.py
windows7-x64
3PySilon-ma...ber.py
windows10-2004-x64
3PySilon-ma...ies.py
windows7-x64
3PySilon-ma...ies.py
windows10-2004-x64
3PySilon-ma...64.dll
windows7-x64
1PySilon-ma...64.dll
windows10-2004-x64
1PySilon-ma...isc.py
windows7-x64
3PySilon-ma...isc.py
windows10-2004-x64
3PySilon-ma...ber.py
windows7-x64
3PySilon-ma...ber.py
windows10-2004-x64
3PySilon-ma...ons.py
windows7-x64
3PySilon-ma...ons.py
windows10-2004-x64
3PySilon-ma...rol.py
windows7-x64
3PySilon-ma...rol.py
windows10-2004-x64
3PySilon-ma...put.py
windows7-x64
3PySilon-ma...put.py
windows10-2004-x64
3PySilon-ma...sod.py
windows7-x64
3PySilon-ma...sod.py
windows10-2004-x64
3Behavioral task
behavioral1
Sample
PySilon-malware-3.7.5 (2).zip
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
PySilon-malware-3.7.5 (2).zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
PySilon-malware-3.7.5/PySilon-linux.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral4
Sample
PySilon-malware-3.7.5/PySilon-linux.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral5
Sample
PySilon-malware-3.7.5/PySilon-linux.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral6
Sample
PySilon-malware-3.7.5/PySilon-linux.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral7
Sample
PySilon-malware-3.7.5/PySilon.bat
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
PySilon-malware-3.7.5/PySilon.bat
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
PySilon-malware-3.7.5/builder.py
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
PySilon-malware-3.7.5/builder.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
PySilon-malware-3.7.5/compiler.py
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
PySilon-malware-3.7.5/compiler.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
PySilon-malware-3.7.5/python-3.12.4-amd64.exe
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
PySilon-malware-3.7.5/python-3.12.4-amd64.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
PySilon-malware-3.7.5/resources/discord_token_grabber.py
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
PySilon-malware-3.7.5/resources/discord_token_grabber.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
PySilon-malware-3.7.5/resources/get_cookies.py
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
PySilon-malware-3.7.5/resources/get_cookies.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
PySilon-malware-3.7.5/resources/libopus-0.x64.dll
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
PySilon-malware-3.7.5/resources/libopus-0.x64.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
PySilon-malware-3.7.5/resources/misc.py
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
PySilon-malware-3.7.5/resources/misc.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
PySilon-malware-3.7.5/resources/passwords_grabber.py
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
PySilon-malware-3.7.5/resources/passwords_grabber.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
PySilon-malware-3.7.5/resources/protections.py
Resource
win7-20240729-en
Behavioral task
behavioral26
Sample
PySilon-malware-3.7.5/resources/protections.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
PySilon-malware-3.7.5/resources/source_code/audio_control.py
Resource
win7-20240704-en
Behavioral task
behavioral28
Sample
PySilon-malware-3.7.5/resources/source_code/audio_control.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
PySilon-malware-3.7.5/resources/source_code/block_input.py
Resource
win7-20240705-en
Behavioral task
behavioral30
Sample
PySilon-malware-3.7.5/resources/source_code/block_input.py
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
PySilon-malware-3.7.5/resources/source_code/bsod.py
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
PySilon-malware-3.7.5/resources/source_code/bsod.py
Resource
win10v2004-20240802-en
Target
PySilon-malware-3.7.5 (2).zip
Size
27.3MB
MD5
6299e5719747d4fd91c3ffc700b27bd7
SHA1
1c11cb42397ec11456ab73aed19423f00fdd09fb
SHA256
2757fa3287b7c4ebbe244efdf36758c50f961226c4b35d61b8e9926f793a6a16
SHA512
fabbaac16e31514408b01ac8e55fe2731735b52a36e4986682b7f928489787b3482521aaab5cc83fb1e4d9b34eef6322f06648d6b6b60201cc26e2b626a9fd9d
SSDEEP
786432:mD8QQbWu4p2VP+TP1dnSV+e/SJaVPe/p3VL6tJr5JFjk6:mLKWu4UVGbS/r2fL6tJrThD
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
Processes:
resource | yara_rule |
---|---|
static1/unpack002/out.upx | patched_upx |
Processes:
resource | yara_rule |
---|---|
static1/unpack001/PySilon-malware-3.7.5/resources/upx.exe | upx |
Checks for missing Authenticode signature.
Processes:
resource |
---|
unpack001/PySilon-malware-3.7.5/resources/libopus-0.x64.dll |
unpack001/PySilon-malware-3.7.5/resources/upx.exe |
unpack002/out.upx |
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
C:\agent\_work\138\s\build\ship\x86\burn.pdb
RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
CloseEventLog
OpenEventLogW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
InitializeAcl
DecryptFileW
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW
PeekMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
GetMessageW
TranslateMessage
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
VariantInit
SysAllocString
VariantClear
SysFreeString
DeleteDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID
GetCPInfo
GetOEMCP
GetACP
CreateFileW
CloseHandle
GetLastError
HeapSetInformation
GetModuleHandleW
GetProcAddress
LocalFree
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
ExpandEnvironmentStringsW
CreateDirectoryW
GetFullPathNameW
GetTempFileNameW
GetTempPathW
Sleep
GetLocalTime
GetModuleFileNameW
CompareStringW
CreateFileA
SetFilePointer
WriteFile
GetCurrentProcessId
GetSystemDirectoryW
LoadLibraryW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetCommandLineA
SetCurrentDirectoryW
GetCurrentDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
MoveFileExW
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetCurrentProcess
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
GetVolumePathNameW
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetWindowsDirectoryW
GetNativeSystemInfo
GetCommandLineW
FreeLibrary
GetModuleHandleExW
GetComputerNameW
VerifyVersionInfoW
GetDateFormatW
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
LoadLibraryExW
CreateEventW
ProcessIdToSessionId
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitForSingleObject
GetProcessId
OpenProcess
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
LocalFileTimeToFileTime
SetEndOfFile
SetFileTime
ResetEvent
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
CreateMutexW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetThreadLocale
IsValidCodePage
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileSizeEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
GetSystemInfo
VirtualProtect
VirtualQuery
GetSystemWow64DirectoryW
GetProcessHeap
GetFileType
ExitProcess
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
LoadLibraryExA
UuidCreate
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
CloseHandle
GetConsoleMode
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
SetStdHandle
CreateFileW
SetFilePointerEx
GetStringTypeW
HeapSize
WriteConsoleW
opus_decode
opus_decode_float
opus_decoder_create
opus_decoder_ctl
opus_decoder_destroy
opus_decoder_get_nb_samples
opus_decoder_get_size
opus_decoder_init
opus_encode
opus_encode_float
opus_encoder_create
opus_encoder_ctl
opus_encoder_destroy
opus_encoder_get_size
opus_encoder_init
opus_get_version_string
opus_multistream_decode
opus_multistream_decode_float
opus_multistream_decoder_create
opus_multistream_decoder_ctl
opus_multistream_decoder_destroy
opus_multistream_decoder_get_size
opus_multistream_decoder_init
opus_multistream_encode
opus_multistream_encode_float
opus_multistream_encoder_create
opus_multistream_encoder_ctl
opus_multistream_encoder_destroy
opus_multistream_encoder_get_size
opus_multistream_encoder_init
opus_multistream_packet_pad
opus_multistream_packet_unpad
opus_multistream_surround_encoder_create
opus_multistream_surround_encoder_get_size
opus_multistream_surround_encoder_init
opus_packet_get_bandwidth
opus_packet_get_nb_channels
opus_packet_get_nb_frames
opus_packet_get_nb_samples
opus_packet_get_samples_per_frame
opus_packet_pad
opus_packet_parse
opus_packet_unpad
opus_pcm_soft_clip
opus_projection_ambisonics_encoder_create
opus_projection_ambisonics_encoder_get_size
opus_projection_ambisonics_encoder_init
opus_projection_decode
opus_projection_decode_float
opus_projection_decoder_create
opus_projection_decoder_ctl
opus_projection_decoder_destroy
opus_projection_decoder_get_size
opus_projection_decoder_init
opus_projection_encode
opus_projection_encode_float
opus_projection_encoder_ctl
opus_projection_encoder_destroy
opus_repacketizer_cat
opus_repacketizer_create
opus_repacketizer_destroy
opus_repacketizer_get_nb_frames
opus_repacketizer_get_size
opus_repacketizer_init
opus_repacketizer_out
opus_repacketizer_out_range
opus_strerror
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE