123[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

123.rar
Size

12.1MB
MD5

b3168fc1437e542dbc2ea9ad472bfa4b
SHA1

83b081ffb33857fe6b10c212f6e17ff412f42a55
SHA256

43027ee8e7b68306903aefd96463d148f40b2df2b2b4ccacca13e6347cd19f93
SHA512

5c86eac8a43c903a5ef95185ecdccb872552b9a007b6e605d25f53e79de85a4f79c24f67559b272d9dbd199351afe683d86224108d15dc67b0c2ed3710a9f8c5
SSDEEP

393216:f5SBV5fdJIxDqzVm9QJr7/UdqgGvW/2tZ1A9:fibnAe3gT2NM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/python27.dll

Files

123.rar
.rar
deploy.exe
.exe windows:5 windows x86 arch:x86

a5044529c50e33478b151b1f2ad064c4

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-09-2018 00:00

Not After

01-02-2020 23:59

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,OU=研发部,O=Beijing Qihu Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-09-2018 00:00

Not After

01-02-2020 23:59

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,OU=研发部,O=Beijing Qihu Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14-06-2018 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:84:8d:60:65:6b:4c:34:4b:dc:3c:e2:ff:fe:88:62:09:d4:c3:e9:40:6e:e7:71:a9:6c:e0:79:6a:40:f4:07
Signer

Actual PE Digest

f9:84:8d:60:65:6b:4c:34:4b:dc:3c:e2:ff:fe:88:62:09:d4:c3:e9:40:6e:e7:71:a9:6c:e0:79:6a:40:f4:07

Digest Algorithm

sha256

PE Digest Matches

true

41:e3:e3:70:58:73:31:21:19:b7:e5:58:16:5a:ac:24:0e:9e:58:fd
Signer

Actual PE Digest

41:e3:e3:70:58:73:31:21:19:b7:e5:58:16:5a:ac:24:0e:9e:58:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetProcAddress
LoadLibraryA
GetLastError
GetModuleHandleA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetShortPathNameW
GetTempPathW
Sleep
LoadLibraryExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetCommandLineW
GetStartupInfoW
WriteConsoleA
SetConsoleTextAttribute
GetStdHandle
VirtualFree
VirtualAlloc
GetModuleFileNameW
CompareStringW
CompareStringA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
GetCurrentProcessId
DeleteFileA
RemoveDirectoryA
FindNextFileA
SetStdHandle
GetFileType
SetConsoleCtrlHandler
GetModuleHandleW
ExitProcess
HeapReAlloc
GetFullPathNameA
GetFileAttributesA
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
CloseHandle
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetCurrentDirectoryA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
DeleteCriticalSection
WriteFile
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
ReadFile
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
CreateFileW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
RaiseException

ws2_32

ntohl

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_pyi_bootstrap.pyc
_pyi_egg_install.py.pyc
deploy.pyc
pyi_carchive.pyc
python27.dll
.dll windows:6 windows x86 arch:x86

fd30afdefc178e25431742c07284cd5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ShowWindow

advapi32

CryptHashData

ws2_32

WSAGetLastError

Exports

Exports

PyAST_Compile
PyAST_FromNode
PyArena_AddPyObject
PyArena_Free
PyArena_Malloc
PyArena_New
PyArg_NoKeywords
PyArg_Parse
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_ParseTupleAndKeywords_SizeT
PyArg_ParseTuple_SizeT
PyArg_Parse_SizeT
PyArg_UnpackTuple
PyArg_VaParseTupleAndKeywords_SizeT
PyArg_VaParse_SizeT
PyBaseString_Type
PyBool_FromLong
PyBool_Type
PyBuffer_FillContiguousStrides
PyBuffer_FillInfo
PyBuffer_FromContiguous
PyBuffer_FromMemory
PyBuffer_FromObject
PyBuffer_FromReadWriteMemory
PyBuffer_FromReadWriteObject
PyBuffer_GetPointer
PyBuffer_IsContiguous
PyBuffer_New
PyBuffer_Release
PyBuffer_ToContiguous
PyBuffer_Type
PyBuiltin_Init
PyByteArrayIter_Type
PyByteArray_AsString
PyByteArray_Concat
PyByteArray_Fini
PyByteArray_FromObject
PyByteArray_FromStringAndSize
PyByteArray_Init
PyByteArray_Resize
PyByteArray_Size
PyByteArray_Type
PyByteArray_empty_string
PyBytes_FormatAdvanced
PyCFunction_Call
PyCFunction_ClearFreeList
PyCFunction_Fini
PyCFunction_GetFlags
PyCFunction_GetFunction
PyCFunction_GetSelf
PyCFunction_New
PyCFunction_NewEx
PyCFunction_Type
PyCObject_AsVoidPtr
PyCObject_FromVoidPtr
PyCObject_FromVoidPtrAndDesc
PyCObject_GetDesc
PyCObject_Import
PyCObject_SetVoidPtr
PyCObject_Type
PyCallIter_New
PyCallIter_Type
PyCallable_Check
PyCapsule_GetContext
PyCapsule_GetDestructor
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_Import
PyCapsule_IsValid
PyCapsule_New
PyCapsule_SetContext
PyCapsule_SetDestructor
PyCapsule_SetName
PyCapsule_SetPointer
PyCapsule_Type
PyCell_Get
PyCell_New
PyCell_Set
PyCell_Type
PyClassMethod_New
PyClassMethod_Type
PyClass_IsSubclass
PyClass_New
PyClass_Type
PyCode_Addr2Line
PyCode_CheckLineNumber
PyCode_New
PyCode_NewEmpty
PyCode_Optimize
PyCode_Type
PyCodec_BackslashReplaceErrors
PyCodec_Decode
PyCodec_Decoder
PyCodec_Encode
PyCodec_Encoder
PyCodec_IgnoreErrors
PyCodec_IncrementalDecoder
PyCodec_IncrementalEncoder
PyCodec_Lookup
PyCodec_LookupError
PyCodec_Register
PyCodec_RegisterError
PyCodec_ReplaceErrors
PyCodec_StreamReader
PyCodec_StreamWriter
PyCodec_StrictErrors
PyCodec_XMLCharRefReplaceErrors
PyComplex_AsCComplex
PyComplex_FormatAdvanced
PyComplex_FromCComplex
PyComplex_FromDoubles
PyComplex_ImagAsDouble
PyComplex_RealAsDouble
PyComplex_Type
PyDescr_NewClassMethod
PyDescr_NewGetSet
PyDescr_NewMember
PyDescr_NewMethod
PyDescr_NewWrapper
PyDictItems_Type
PyDictIterItem_Type
PyDictIterKey_Type
PyDictIterValue_Type
PyDictKeys_Type
PyDictProxy_New
PyDictProxy_Type
PyDictValues_Type
PyDict_Clear
PyDict_Contains
PyDict_Contains
PyDict_Copy
PyDict_DelItem
PyDict_DelItemString
PyDict_Fini
PyDict_GetItem
PyDict_GetItemString
PyDict_Items
PyDict_Keys
PyDict_MaybeUntrack
PyDict_Merge
PyDict_MergeFromSeq2
PyDict_New
PyDict_NewPresized
PyDict_Next
PyDict_Next
PyDict_SetItem
PyDict_SetItemString
PyDict_Size
PyDict_Type
PyDict_Update
PyDict_Values
PyEllipsis_Type
PyEnum_Type
PyErr_BadArgument
PyErr_BadInternalCall
PyErr_BadInternalCall
PyErr_CheckSignals
PyErr_Clear
PyErr_Display
PyErr_ExceptionMatches
PyErr_Fetch
PyErr_Format
PyErr_GivenExceptionMatches
PyErr_NewException
PyErr_NewExceptionWithDoc
PyErr_NoMemory
PyErr_NormalizeException
PyErr_Occurred
PyErr_Print
PyErr_PrintEx
PyErr_ProgramText
PyErr_ReplaceException
PyErr_Restore
PyErr_SetExcFromWindowsErr
PyErr_SetExcFromWindowsErrWithFilename
PyErr_SetExcFromWindowsErrWithFilenameObject
PyErr_SetExcFromWindowsErrWithUnicodeFilename
PyErr_SetFromErrno
PyErr_SetFromErrnoWithFilename
PyErr_SetFromErrnoWithFilenameObject
PyErr_SetFromErrnoWithUnicodeFilename
PyErr_SetFromWindowsErr
PyErr_SetFromWindowsErrWithFilename
PyErr_SetFromWindowsErrWithUnicodeFilename
PyErr_SetInterrupt
PyErr_SetNone
PyErr_SetObject
PyErr_SetString
PyErr_SyntaxLocation
PyErr_Warn
PyErr_WarnEx
PyErr_WarnExplicit
PyErr_WriteUnraisable
PyEval_AcquireLock
PyEval_AcquireThread
PyEval_CallFunction
PyEval_CallMethod
PyEval_CallObjectWithKeywords
PyEval_CallTracing
PyEval_EvalCode
PyEval_EvalCodeEx
PyEval_EvalFrame
PyEval_EvalFrameEx
PyEval_GetBuiltins
PyEval_GetCallStats
PyEval_GetFrame
PyEval_GetFuncDesc
PyEval_GetFuncName
PyEval_GetGlobals
PyEval_GetLocals
PyEval_GetRestricted
PyEval_InitThreads
PyEval_MergeCompilerFlags
PyEval_ReInitThreads
PyEval_ReleaseLock
PyEval_ReleaseThread
PyEval_RestoreThread
PyEval_SaveThread
PyEval_SetProfile
PyEval_SetTrace
PyEval_SliceIndex
PyEval_ThreadsInitialized
PyExc_ArithmeticError
PyExc_AssertionError
PyExc_AttributeError
PyExc_BaseException
PyExc_BufferError
PyExc_BytesWarning
PyExc_DeprecationWarning
PyExc_EOFError
PyExc_EnvironmentError
PyExc_Exception
PyExc_Fini
PyExc_FloatingPointError
PyExc_FutureWarning
PyExc_GeneratorExit
PyExc_IOError
PyExc_ImportError
PyExc_ImportWarning
PyExc_IndentationError
PyExc_IndexError
PyExc_Init
PyExc_KeyError
PyExc_KeyboardInterrupt
PyExc_LookupError
PyExc_MemoryError
PyExc_MemoryErrorInst
PyExc_NameError
PyExc_NotImplementedError
PyExc_OSError
PyExc_OverflowError
PyExc_PendingDeprecationWarning
PyExc_RecursionErrorInst
PyExc_ReferenceError
PyExc_RuntimeError
PyExc_RuntimeWarning
PyExc_StandardError
PyExc_StopIteration
PyExc_SyntaxError
PyExc_SyntaxWarning
PyExc_SystemError
PyExc_SystemExit
PyExc_TabError
PyExc_TypeError
PyExc_UnboundLocalError
PyExc_UnicodeDecodeError
PyExc_UnicodeEncodeError
PyExc_UnicodeError
PyExc_UnicodeTranslateError
PyExc_UnicodeWarning
PyExc_UserWarning
PyExc_ValueError
PyExc_Warning
PyExc_WindowsError
PyExc_ZeroDivisionError
PyFile_AsFile
PyFile_DecUseCount
PyFile_FromFile
PyFile_FromString
PyFile_GetLine
PyFile_IncUseCount
PyFile_Name
PyFile_SetBufSize
PyFile_SetEncoding
PyFile_SetEncodingAndErrors
PyFile_SoftSpace
PyFile_Type
PyFile_WriteObject
PyFile_WriteString
PyFloat_AsDouble
PyFloat_AsReprString
PyFloat_AsString
PyFloat_ClearFreeList
PyFloat_Fini
PyFloat_FormatAdvanced
PyFloat_FromDouble
PyFloat_FromString
PyFloat_GetInfo
PyFloat_GetMax
PyFloat_GetMin
PyFloat_Init
PyFloat_Pack4
PyFloat_Pack8
PyFloat_Type
PyFloat_Unpack4
PyFloat_Unpack8
PyFrame_BlockPop
PyFrame_BlockSetup
PyFrame_ClearFreeList
PyFrame_FastToLocals
PyFrame_Fini
PyFrame_GetLineNumber
PyFrame_Init
PyFrame_LocalsToFast
PyFrame_New
PyFrame_Type
PyFrozenSet_New
PyFrozenSet_Type
PyFunction_GetClosure
PyFunction_GetCode
PyFunction_GetDefaults
PyFunction_GetGlobals
PyFunction_GetModule
PyFunction_New
PyFunction_SetClosure
PyFunction_SetDefaults
PyFunction_Type
PyFuture_FromAST
PyGC_Collect
PyGILState_Ensure
PyGILState_GetThisThreadState
PyGILState_Release
PyGen_NeedsFinalizing
PyGen_New
PyGen_Type
PyGetSetDescr_Type
PyImportHooks_Init
PyImport_AcquireLock
PyImport_AddModule
PyImport_AppendInittab
PyImport_Cleanup
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_ExtendInittab
PyImport_FindExtension
PyImport_FindModule
PyImport_Fini
PyImport_FixupExtension
PyImport_FrozenModules
PyImport_GetImporter
PyImport_GetMagicNumber
PyImport_GetModuleDict
PyImport_Import
PyImport_ImportFrozenModule
PyImport_ImportModule
PyImport_ImportModuleLevel
PyImport_ImportModuleNoBlock
PyImport_Init
PyImport_Inittab
PyImport_IsScript
PyImport_ReInitLock
PyImport_ReleaseLock
PyImport_ReloadModule
PyInstance_Lookup
PyInstance_New
PyInstance_NewRaw
PyInstance_Type
PyInt_AsInt
PyInt_AsLong
PyInt_AsSsize_t
PyInt_AsUnsignedLongLongMask
PyInt_AsUnsignedLongMask
PyInt_ClearFreeList
PyInt_Fini
PyInt_Format
PyInt_FormatAdvanced
PyInt_FromLong
PyInt_FromSize_t
PyInt_FromSsize_t
PyInt_FromString
PyInt_FromUnicode
PyInt_GetMax
PyInt_Init
PyInt_Type
PyInterpreterState_Clear
PyInterpreterState_Delete
PyInterpreterState_Head
PyInterpreterState_New
PyInterpreterState_Next
PyInterpreterState_ThreadHead
PyIter_Next
PyList_Append
PyList_AsTuple
PyList_Extend
PyList_Fini
PyList_GetItem
PyList_GetSlice
PyList_Insert
PyList_New
PyList_Reverse
PyList_SetItem
PyList_SetSlice
PyList_Size
PyList_Sort
PyList_Type
PyLong_AsByteArray
PyLong_AsDouble
PyLong_AsInt
PyLong_AsLong
PyLong_AsLongAndOverflow
PyLong_AsLongLong
PyLong_AsLongLongAndOverflow
PyLong_AsSsize_t
PyLong_AsUnsignedLong
PyLong_AsUnsignedLongLong
PyLong_AsUnsignedLongLongMask
PyLong_AsUnsignedLongMask
PyLong_AsVoidPtr
PyLong_Copy
PyLong_DigitValue
PyLong_Format
PyLong_FormatAdvanced
PyLong_Frexp
PyLong_FromByteArray
PyLong_FromDouble
PyLong_FromLong
PyLong_FromLongLong
PyLong_FromSize_t
PyLong_FromSsize_t
PyLong_FromString
PyLong_FromUnicode
PyLong_FromUnsignedLong
PyLong_FromUnsignedLongLong
PyLong_FromVoidPtr
PyLong_GetInfo
PyLong_Init
PyLong_New
PyLong_NumBits
PyLong_Sign
PyLong_Type
PyMapping_Check
PyMapping_GetItemString
PyMapping_HasKey
PyMapping_HasKeyString
PyMapping_Length
PyMapping_SetItemString
PyMapping_Size
PyMarshal_ReadLastObjectFromFile
PyMarshal_ReadLongFromFile
PyMarshal_ReadObjectFromFile
PyMarshal_ReadObjectFromString
PyMarshal_ReadShortFromFile
PyMarshal_WriteLongToFile
PyMarshal_WriteObjectToFile
PyMarshal_WriteObjectToString
PyMem_Free
PyMem_Malloc
PyMem_Realloc
PyMemberDescr_Type
PyMember_Get
PyMember_GetOne
PyMember_Set
PyMember_SetOne
PyMemoryView_FromBuffer
PyMemoryView_FromObject
PyMemoryView_GetContiguous
PyMemoryView_Type
PyMethod_Class
PyMethod_ClearFreeList
PyMethod_Fini
PyMethod_Function
PyMethod_New
PyMethod_Self
PyMethod_Type
PyModule_AddIntConstant
PyModule_AddObject
PyModule_AddStringConstant
PyModule_Clear
PyModule_GetDict
PyModule_GetFilename
PyModule_GetName
PyModule_New
PyModule_Type
PyNode_AddChild
PyNode_Compile
PyNode_Free
PyNode_ListTree
PyNode_New
PyNode_SizeOf
PyNullImporter_Type
PyNumber_Absolute
PyNumber_Add
PyNumber_And
PyNumber_AsSsize_t
PyNumber_Check
PyNumber_Coerce
PyNumber_CoerceEx
PyNumber_ConvertIntegralToInt
PyNumber_Divide

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 373KB - Virtual size: 747KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cp0
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cp2
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qianxin.bin

Sharing

General

Malware Config

Signatures

Files

a5044529c50e33478b151b1f2ad064c4

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:daCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dcCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

33:90:20:77:61:c4:26:dd:94:50:03:0dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

f9:84:8d:60:65:6b:4c:34:4b:dc:3c:e2:ff:fe:88:62:09:d4:c3:e9:40:6e:e7:71:a9:6c:e0:79:6a:40:f4:07Signer

41:e3:e3:70:58:73:31:21:19:b7:e5:58:16:5a:ac:24:0e:9e:58:fdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 41KB

.rsrc Size: 33KB - Virtual size: 33KB

fd30afdefc178e25431742c07284cd5e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 199KB - Virtual size: 198KB

.data Size: 373KB - Virtual size: 747KB

.idata Size: 4KB - Virtual size: 3KB

.msvcjmc Size: 512B - Virtual size: 288B

.00cfg Size: 512B - Virtual size: 260B

.cp0 Size: 6.4MB - Virtual size: 6.4MB

.cp1 Size: 1KB - Virtual size: 1KB

.cp2 Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 25KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 233B

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:da
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dc
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

f9:84:8d:60:65:6b:4c:34:4b:dc:3c:e2:ff:fe:88:62:09:d4:c3:e9:40:6e:e7:71:a9:6c:e0:79:6a:40:f4:07
Signer

41:e3:e3:70:58:73:31:21:19:b7:e5:58:16:5a:ac:24:0e:9e:58:fd
Signer

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 41KB

.rsrc
Size: 33KB - Virtual size: 33KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 199KB - Virtual size: 198KB

.data
Size: 373KB - Virtual size: 747KB

.idata
Size: 4KB - Virtual size: 3KB

.msvcjmc
Size: 512B - Virtual size: 288B

.00cfg
Size: 512B - Virtual size: 260B

.cp0
Size: 6.4MB - Virtual size: 6.4MB

.cp1
Size: 1KB - Virtual size: 1KB

.cp2
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 233B