Overview

overview

9

Static

static

3

LoginImpor...nfig.h

windows7-x64

3

LoginImpor...nfig.h

windows10-2004-x64

3

LoginImpor...er.exe

windows7-x64

1

LoginImpor...er.exe

windows10-2004-x64

9

LoginImporter.pyc

windows7-x64

3

LoginImporter.pyc

windows10-2004-x64

3

LoginImpor...xe.xml

windows7-x64

3

LoginImpor...xe.xml

windows10-2004-x64

1

LoginImpor...ng.dll

windows7-x64

1

LoginImpor...ng.dll

windows10-2004-x64

1

LoginImpor...et.dll

windows7-x64

1

LoginImpor...et.dll

windows10-2004-x64

1

LoginImpor...ry.zip

windows7-x64

1

LoginImpor...ry.zip

windows10-2004-x64

1

LoginImpor...g.json

windows7-x64

3

LoginImpor...g.json

windows10-2004-x64

3

LoginImpor...ta.dll

windows7-x64

1

LoginImpor...ta.dll

windows10-2004-x64

1

LoginImpor...on.txt

windows7-x64

1

LoginImpor...on.txt

windows10-2004-x64

1

LoginImpor...pt.dll

windows7-x64

1

LoginImpor...pt.dll

windows10-2004-x64

1

import_password.exe

windows7-x64

4

import_password.exe

windows10-2004-x64

9

WinLoginIm...ke.pyc

windows7-x64

3

WinLoginIm...ke.pyc

windows10-2004-x64

3

Resubmissions

20/08/2024, 13:31

240820-qsg1vathqf 9

20/08/2024, 13:19

240820-qkssdatene 9

20/08/2024, 13:18

240820-qj1ftsxfjl 3

Sharing

Copy URL Twitter E-mail

General

  • Target

    NortonImport_WinChrome64.zip

  • Size

    14.8MB

  • MD5

    b2f072b3f30e0dc2a33149e8066b77e6

  • SHA1

    96112d6e90dd2e112439cbcb41b523a70d75787c

  • SHA256

    099890455c1425d11cc841c0a598e9137136b36a41c243004e5b3e7f11ca8837

  • SHA512

    96141300db58c5c066bd792f7fd3e55c08b652dacd7e4ee9e293beb169b42a5d8ca50e4a02248c7d1b447341e733faedad766fcd63f80b97b6149cadba632d4d

  • SSDEEP

    393216:4rsETDP51Xh0g7UKtTLd22wPnsj3qJ2xNspwY5vX/:4rhTDP51Xd7v22anKawW

Score
3/10
pyinstaller

Malware Config

Signatures

  • Detects Pyinstaller 2 IoCs
    pyinstaller
  • Unsigned PE 41 IoCs

    Checks for missing Authenticode signature.

Files

  • NortonImport_WinChrome64.zip
    .zip
  • LoginImporter/Cryptodome/Cipher/_ARC4.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    77839d32ade4faf5e5ad8a6e22cfb91d


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_Salsa20.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    77839d32ade4faf5e5ad8a6e22cfb91d


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_chacha20.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    77839d32ade4faf5e5ad8a6e22cfb91d


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_aes.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    77839d32ade4faf5e5ad8a6e22cfb91d


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_aesni.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    fb40b205ec63a24947bdcc113e4c4b66


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_arc2.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    aee3ea20ba976dd964acab8cf3c06e14


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_blowfish.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    aee3ea20ba976dd964acab8cf3c06e14


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_cast.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    77839d32ade4faf5e5ad8a6e22cfb91d


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_cbc.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    aee3ea20ba976dd964acab8cf3c06e14


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_cfb.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    0d4b127a0dab93d1537d025833d54975


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_ctr.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    fb40b205ec63a24947bdcc113e4c4b66


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_des.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    e6a517ef2f3009d6d7427e4cc7f5d508


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_des3.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    e6a517ef2f3009d6d7427e4cc7f5d508


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_ecb.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    e22dc6bf1ee86180ded9ba2ecaefe868


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_eksblowfish.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    aee3ea20ba976dd964acab8cf3c06e14


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_ocb.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    6b1de1c410e525514205237ea28fb2ac


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Cipher/_raw_ofb.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    aee3ea20ba976dd964acab8cf3c06e14


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_BLAKE2b.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    aee3ea20ba976dd964acab8cf3c06e14


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_BLAKE2s.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    aee3ea20ba976dd964acab8cf3c06e14


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_MD2.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    6b1de1c410e525514205237ea28fb2ac


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_MD4.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    6b1de1c410e525514205237ea28fb2ac


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_MD5.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    6b1de1c410e525514205237ea28fb2ac


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_RIPEMD160.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    aee3ea20ba976dd964acab8cf3c06e14


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_SHA1.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    6b1de1c410e525514205237ea28fb2ac


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_SHA224.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    6b1de1c410e525514205237ea28fb2ac


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_SHA256.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    6b1de1c410e525514205237ea28fb2ac


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_SHA384.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    6b1de1c410e525514205237ea28fb2ac


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_SHA512.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    6b1de1c410e525514205237ea28fb2ac


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_ghash_clmul.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    7ecfe68273ab7adc231e4129a4be14f0


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_ghash_portable.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    77839d32ade4faf5e5ad8a6e22cfb91d


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_keccak.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    6b1de1c410e525514205237ea28fb2ac


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Hash/_poly1305.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    6b1de1c410e525514205237ea28fb2ac


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Math/_modexp.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    b1222dd7f690656d983032b0867bb56e


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Protocol/_scrypt.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    f1aedc98395cadb757fe02fd97d11328


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/PublicKey/_ec_ws.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    7966cc377920dd9af7e051cdacb69d25


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Util/_cpuid.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    f7b8688966072728081b04ab3bdbda27


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Util/_cpuid_c.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    e22dc6bf1ee86180ded9ba2ecaefe868


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Util/_galois.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    aa61680649e24aea64d1e237a0bc833c


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Cryptodome/Util/_strxor.cp39-win_amd64.pyd
    .dll windows:6 windows x64 arch:x64

    e22dc6bf1ee86180ded9ba2ecaefe868


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/Include/pyconfig.h
  • LoginImporter/LoginImporter.exe
    .exe windows:5 windows x64 arch:x64

    bb2292057634957dfa559b6eef7b52d8


    Code Sign

    Headers

    Imports

    Sections

  • LoginImporter.pyc
  • LoginImporter/LoginImporter.exe.manifest
    .xml
  • LoginImporter/VCRUNTIME140.dll
    .dll windows:6 windows x64 arch:x64

    44c3854843f7a3fccdf8ddbbea66f302


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/_asyncio.pyd
    .dll windows:6 windows x64 arch:x64

    76fd7298c0c6b735a544a3cb93f3f022


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/_bz2.pyd
    .dll windows:6 windows x64 arch:x64

    ffa916dfdc50e863f51c0b6a5f824af6


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/_ctypes.pyd
    .dll windows:6 windows x64 arch:x64

    e9c7683b409661b730f740b9e8192dc9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/_decimal.pyd
    .dll windows:6 windows x64 arch:x64

    bb2433e9e7d9719f9a68a0efb6c798bb


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/_hashlib.pyd
    .dll windows:6 windows x64 arch:x64

    683c97b97649a9c2dc807b6f67c277a4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/_lzma.pyd
    .dll windows:6 windows x64 arch:x64

    9737ade4e3ae3cc469d7407b46aaf0df


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/_multiprocessing.pyd
    .dll windows:6 windows x64 arch:x64

    e5a0297f9773fa33773c0b4088dbbf91


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/_overlapped.pyd
    .dll windows:6 windows x64 arch:x64

    a2ee5e4e55f5ee3f98a270b4082988db


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/_queue.pyd
    .dll windows:6 windows x64 arch:x64

    14b0a3b332c78da6de03df6b128fe759


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/_socket.pyd
    .dll .js windows:6 windows x64 arch:x64 polyglot

    776b7c5bc1aea73a6f74ab11ef18f641


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/_sqlite3.pyd
    .dll windows:6 windows x64 arch:x64

    a44aea3abf9659ac2e6d4ea9ce7a3efc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/_ssl.pyd
    .dll windows:6 windows x64 arch:x64

    1fcf5043325b1343fa5a5d7a85838079


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/base_library.zip
    .zip
  • _bootlocale.pyc
  • _collections_abc.pyc
  • _weakrefset.pyc
  • abc.pyc
  • codecs.pyc
  • collections/__init__.pyc
  • collections/abc.pyc
  • copyreg.pyc
  • encodings/__init__.pyc
  • encodings/aliases.pyc
  • encodings/ascii.pyc
  • encodings/base64_codec.pyc
  • encodings/big5.pyc
  • encodings/big5hkscs.pyc
  • encodings/bz2_codec.pyc
  • encodings/charmap.pyc
  • encodings/cp037.pyc
  • encodings/cp1006.pyc
  • encodings/cp1026.pyc
  • encodings/cp1125.pyc
  • encodings/cp1140.pyc
  • encodings/cp1250.pyc
  • encodings/cp1251.pyc
  • encodings/cp1252.pyc
  • encodings/cp1253.pyc
  • encodings/cp1254.pyc
  • encodings/cp1255.pyc
  • encodings/cp1256.pyc
  • encodings/cp1257.pyc
  • encodings/cp1258.pyc
  • encodings/cp273.pyc
  • encodings/cp424.pyc
  • encodings/cp437.pyc
  • encodings/cp500.pyc
  • encodings/cp720.pyc
  • encodings/cp737.pyc
  • encodings/cp775.pyc
  • encodings/cp850.pyc
  • encodings/cp852.pyc
  • encodings/cp855.pyc
  • encodings/cp856.pyc
  • encodings/cp857.pyc
  • encodings/cp858.pyc
  • encodings/cp860.pyc
  • encodings/cp861.pyc
  • encodings/cp862.pyc
  • encodings/cp863.pyc
  • encodings/cp864.pyc
  • encodings/cp865.pyc
  • encodings/cp866.pyc
  • encodings/cp869.pyc
  • encodings/cp874.pyc
  • encodings/cp875.pyc
  • encodings/cp932.pyc
  • encodings/cp949.pyc
  • encodings/cp950.pyc
  • encodings/euc_jis_2004.pyc
  • encodings/euc_jisx0213.pyc
  • encodings/euc_jp.pyc
  • encodings/euc_kr.pyc
  • encodings/gb18030.pyc
  • encodings/gb2312.pyc
  • encodings/gbk.pyc
  • encodings/hex_codec.pyc
  • encodings/hp_roman8.pyc
  • encodings/hz.pyc
  • encodings/idna.pyc
  • encodings/iso2022_jp.pyc
  • encodings/iso2022_jp_1.pyc
  • encodings/iso2022_jp_2.pyc
  • encodings/iso2022_jp_2004.pyc
  • encodings/iso2022_jp_3.pyc
  • encodings/iso2022_jp_ext.pyc
  • encodings/iso2022_kr.pyc
  • encodings/iso8859_1.pyc
  • encodings/iso8859_10.pyc
  • encodings/iso8859_11.pyc
  • encodings/iso8859_13.pyc
  • encodings/iso8859_14.pyc
  • encodings/iso8859_15.pyc
  • encodings/iso8859_16.pyc
  • encodings/iso8859_2.pyc
  • encodings/iso8859_3.pyc
  • encodings/iso8859_4.pyc
  • encodings/iso8859_5.pyc
  • encodings/iso8859_6.pyc
  • encodings/iso8859_7.pyc
  • encodings/iso8859_8.pyc
  • encodings/iso8859_9.pyc
  • encodings/johab.pyc
  • encodings/koi8_r.pyc
  • encodings/koi8_t.pyc
  • encodings/koi8_u.pyc
  • encodings/kz1048.pyc
  • encodings/latin_1.pyc
  • encodings/mac_arabic.pyc
  • encodings/mac_croatian.pyc
  • encodings/mac_cyrillic.pyc
  • encodings/mac_farsi.pyc
  • encodings/mac_greek.pyc
  • encodings/mac_iceland.pyc
  • encodings/mac_latin2.pyc
  • encodings/mac_roman.pyc
  • encodings/mac_romanian.pyc
  • encodings/mac_turkish.pyc
  • encodings/mbcs.pyc
  • encodings/oem.pyc
  • encodings/palmos.pyc
  • encodings/ptcp154.pyc
  • encodings/punycode.pyc
  • encodings/quopri_codec.pyc
  • encodings/raw_unicode_escape.pyc
  • encodings/rot_13.pyc
  • encodings/shift_jis.pyc
  • encodings/shift_jis_2004.pyc
  • encodings/shift_jisx0213.pyc
  • encodings/tis_620.pyc
  • encodings/undefined.pyc
  • encodings/unicode_escape.pyc
  • encodings/utf_16.pyc
  • encodings/utf_16_be.pyc
  • encodings/utf_16_le.pyc
  • encodings/utf_32.pyc
  • encodings/utf_32_be.pyc
  • encodings/utf_32_le.pyc
  • encodings/utf_7.pyc
  • encodings/utf_8.pyc
  • encodings/utf_8_sig.pyc
  • encodings/uu_codec.pyc
  • encodings/zlib_codec.pyc
  • enum.pyc
  • functools.pyc
  • heapq.pyc
  • io.pyc
  • keyword.pyc
  • linecache.pyc
  • locale.pyc
  • operator.pyc
  • re.pyc
  • reprlib.pyc
  • sre_compile.pyc
  • sre_constants.pyc
  • sre_parse.pyc
  • traceback.pyc
  • types.pyc
  • warnings.pyc
  • weakref.pyc
  • LoginImporter/config/config.json
  • LoginImporter/libcrypto-1_1.dll
    .dll windows:6 windows x64 arch:x64

    91e8dc4192e6f620254cd1fa32253e23


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/libffi-7.dll
    .dll windows:6 windows x64 arch:x64

    3dc8b86d60f90a1851eee5f9dc191312


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/libssl-1_1.dll
    .dll windows:6 windows x64 arch:x64

    2f472d9395bd5de322dac91610524932


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/pyexpat.pyd
    .dll windows:6 windows x64 arch:x64

    2ba9ffe0d37a6358b5626f9ea537e5d0


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/python39.dll
    .dll windows:6 windows x64 arch:x64

    5f25576b1014a343f42ea537d4f63fbd


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/pywintypes39.dll
    .dll windows:6 windows x64 arch:x64

    5bfc7f3e38fe642d435292f50f554818


    Headers

    Imports

    Exports

    Sections

  • LoginImporter/select.pyd
    .dll windows:6 windows x64 arch:x64

    72c31dcbd1c124b3eb380163acfe8f06


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/sqlite3.dll
    .dll windows:6 windows x64 arch:x64

    2e54f6f5c641bbb521bb78e587832105


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/unicodedata.pyd
    .dll windows:6 windows x64 arch:x64

    1020ee69c522eee9cc71cdcf6fac68fd


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • LoginImporter/utils/NortonCleanup.bat
    .bat .vbs
  • LoginImporter/version.txt
  • LoginImporter/win32crypt.pyd
    .dll windows:6 windows x64 arch:x64

    03abd6652cbc85225a5965531adbcb26


    Headers

    Imports

    Exports

    Sections

  • import_password.exe
    .exe windows:5 windows x64 arch:x64

    bb2292057634957dfa559b6eef7b52d8


    Code Sign

    Headers

    Imports

    Sections

  • WinLoginImporterInvoke.pyc