cae8577e6ae56aee3fd16cbbca117e50N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cae8577e6ae56aee3fd16cbbca117e50N.exe
Size

51KB
MD5

cae8577e6ae56aee3fd16cbbca117e50
SHA1

870ed2aa01048fa01f5725cc50f7f45e35d4296d
SHA256

8d54a8c1deb386c38ae57af5ab231321f12dcd72838a52dd3a2dcf4eea1cf2b5
SHA512

2de655b3ed791457d43dc6d7908fdb317351335b97043722e08d9adc561e467829c0cd1027a3c34cb12be8e08e4eeb9d834f324286d7f204640654cf8ccc97cc
SSDEEP

768:XnMuWGONYCzQ73Gx+tyOBUq8PVeKWfnjIvP+4E6DhOZ57:XM5P5uG9rbWfn2P+4EwO57

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cae8577e6ae56aee3fd16cbbca117e50N.exe

Files

cae8577e6ae56aee3fd16cbbca117e50N.exe
.dll windows:6 windows x64 arch:x64

26b99fedf1af3627972571e18eb9f998

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\taskscheduler.pdb

Imports

ole32

CoTaskMemFree

pythoncom39

?PyCom_BuildPyException@@YAPEAU_object@@JPEAUIUnknown@@AEBU_GUID@@@Z
?setattr@PyIBase@@UEAAHPEADPEAU_object@@@Z
?getattr@PyIBase@@UEAAPEAU_object@@PEAD@Z
??1PyComTypeObject@@QEAA@XZ
??0PyComTypeObject@@QEAA@PEBDPEAV0@_JPEAUPyMethodDef@@P6APEAVPyIUnknown@@PEAUIUnknown@@@Z@Z
??1PyIUnknown@@MEAA@XZ
??0PyIUnknown@@IEAA@PEAUIUnknown@@@Z
?GetI@PyIUnknown@@SAPEAUIUnknown@@PEAU_object@@@Z
?compare@PyIUnknown@@UEAAHPEAU_object@@@Z
?repr@PyIUnknown@@UEAAPEAU_object@@XZ
?PyCom_RegisterExtensionSupport@@YAHPEAU_object@@PEBUPyCom_InterfaceSupportInfo@@H@Z
PyCom_InterfaceFromPyObject
PyCom_PyObjectFromIUnknown
?iter@PyIBase@@UEAAPEAU_object@@XZ
?iternext@PyIBase@@UEAAPEAU_object@@XZ
?type@PyIUnknown@@2VPyComTypeObject@@A

python39

PyArg_ParseTuple
PyEval_RestoreThread
Py_BuildValue
PyBytes_AsStringAndSize
_Py_NoneStruct
PyEval_SaveThread
PyTuple_SetItem
PyTuple_New
PyBytes_FromStringAndSize
_Py_FalseStruct
PyType_Ready
PyModule_Create2
PyModule_GetDict
PyModule_AddIntConstant
PyExc_TypeError
_Py_NewReference
PyObject_GenericSetAttr
PyErr_SetString
PyObject_GenericGetAttr
_Py_TrueStruct
PyList_Append
PyList_New
_Py_Dealloc

pywintypes39

?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z
?PyWinObject_FromSYSTEMTIME@@YAPEAU_object@@AEBU_SYSTEMTIME@@@Z
?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z
?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z
?PyWinGlobals_Ensure@@YAHXZ
?PyWinObject_AsSYSTEMTIME@@YAHPEAU_object@@PEAU_SYSTEMTIME@@@Z
?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z
?PyWinLong_FromHANDLE@@YAPEAU_object@@PEAX@Z
?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z
?PyWinObject_FreeWCHAR@@YAXPEA_W@Z

kernel32

GetLocalTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead

vcruntime140

memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler3
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_configure_narrow_argv
_crt_atexit
_crt_at_quick_exit
_cexit
_initterm
_initterm_e
terminate
_seh_filter_dll
_execute_onexit_table

Exports

Exports

??0PyTASK_TRIGGER@@QEAA@PEAU_TASK_TRIGGER@@@Z
??0PyTASK_TRIGGER@@QEAA@XZ
??1PyTASK_TRIGGER@@IEAA@XZ
??4PyTASK_TRIGGER@@QEAAAEAV0@AEBV0@@Z
?PyTASK_TRIGGERType@@3U_typeobject@@A
?deallocFunc@PyTASK_TRIGGER@@SAXPEAU_object@@@Z
PyInit_taskscheduler

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26b99fedf1af3627972571e18eb9f998

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

pythoncom39

python39

pywintypes39

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 7KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 868B

.reloc Size: 1024B - Virtual size: 528B

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 868B

.reloc
Size: 1024B - Virtual size: 528B