_testcapi[.]pyd

Sharing

Copy URL Twitter E-mail

General

Target

_testcapi.pyd
Size

141KB
MD5

297ebc291155870a2671fb043f249572
SHA1

d8762c667c7e42dc2b93c59c1540c47a7fd06101
SHA256

8497e0e22e54b287136781752cc471ad53000b546e46799448af4fbbbfe58569
SHA512

fadea37f8b67983c951e8cdec21221f1f531c31e59e862f20172bcba40cdd61dbb73ff29f7097ee5ecafc4427e30b490396388e5db7785f0299e1d36ae92b3b8
SSDEEP

3072:2gzPsiUnAdQ+MtELYbplWu4xQpisE8eEOw5C3fEdN0LNtfzBpas/5VVgu7Fb8iDY:fPYAKtHpaypkks8sBrJbVqfQj0ELu

Score

1^/10

Malware Config

Signatures

Files

_testcapi.pyd
.dll windows:6 windows x64 arch:x64

493e6eabc233a33c62041ebbc43d63a5

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/01/2022, 00:00

Not After

15/01/2025, 23:59

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:4a:13:b6:e9:89:df:55:7d:ed:b2:c4:60:e3:da:ba:fe:f7:2e:1c:ce:a2:37:a7:7c:d5:9a:30:c5:20:3d:6f
Signer

Actual PE Digest

77:4a:13:b6:e9:89:df:55:7d:ed:b2:c4:60:e3:da:ba:fe:f7:2e:1c:ce:a2:37:a7:7c:d5:9a:30:c5:20:3d:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\b\bin\amd64\_testcapi.pdb

Imports

python311

PyUnicode_AsUTF8AndSize
PyCapsule_GetDestructor
PyEval_SaveThread
_PyThreadState_UncheckedGet
PyExc_RuntimeError
PyMethod_New
PyThreadState_LeaveTracing
_PyObject_FastCall
PyObject_SetAttrString
PyLong_FromLong
PyObject_GC_UnTrack
PyUnicode_FromUnicode
PyObject_Hash
_PyErr_SetKeyError
PyInstanceMethod_Type
PyErr_SetNone
_PyErr_WriteUnraisableMsg
Py_BuildValue
PyLong_FromUnsignedLongLong
PyFloat_Unpack2
PyCapsule_GetContext
PyThread_allocate_lock
PyFrame_GetLineNumber
PyLong_AsUnsignedLongLong
PyBytes_FromString
PyMem_RawMalloc
PyGILState_Release
_PyMem_GetCurrentAllocatorName
_Py_NoneStruct
PyLong_AsLongLong
PyTuple_New
PyLong_FromString
PyObject_GenericSetDict
PyObject_Calloc
PyVectorcall_Call
PyThread_tss_delete
PyDict_SetItemString
PyDict_Size
PyLong_FromLongLong
PyThread_acquire_lock
PyFrame_Type
PyUnicode_AsUCS4
PyFloat_FromDouble
PyBuffer_FillInfo
PyGC_Disable
PyErr_SetHandledException
_PyTraceMalloc_GetTraceback
PyUnicode_New
PyUnicode_FromWideChar
PyMarshal_ReadObjectFromFile
PyErr_SetString
PyErr_WriteUnraisable
PyNumber_Add
PyEval_EvalCodeEx
PyExc_ValueError
PyMarshal_WriteLongToFile
PyLong_FromUnsignedLong
PyDict_Next
_PyArg_ParseTupleAndKeywords_SizeT
PyErr_Format
PyDict_Type
PyMem_RawCalloc
PyLong_AsUnsignedLongLongMask
PyTuple_Type
_Py_FalseStruct
PySequence_SetSlice
PyOS_string_to_double
_PyObject_LookupSpecialId
Py_Is
PyFloat_Unpack4
_PyTime_AsSecondsDouble
PyMarshal_ReadLongFromFile
PyLong_Type
PyErr_SetFromErrno
PyBuffer_SizeFromFormat
PyType_IsSubtype
PyNumber_Subtract
PyErr_Restore
PyFloat_Pack4
PyFrame_GetLasti
PyMapping_HasKey
PyExc_OverflowError
Py_XNewRef
_Py_Dealloc
PyTraceMalloc_Untrack
PyLong_AsUnsignedLongMask
_PyTime_FromSeconds
PyObject_Free
PyMarshal_ReadShortFromFile
PyErr_ExceptionMatches
_PyUnicode_FromId
PyThread_release_lock
_PyTime_ObjectToTimespec
PyCapsule_GetPointer
PyUnicode_FindChar
PyModule_AddObject
PySequence_SetItem
_PyArg_ParseTuple_SizeT
_PyTime_FromNanosecondsObject
PyObject_GC_Del
PyErr_Fetch
PyLong_AsLong
PyObject_GenericGetDict
PyObject_ClearWeakRefs
PyObject_Vectorcall
PyCode_Type
_PyTime_FromNanoseconds
PyUnicode_AsUTF8
PyUnicode_AsWideCharString
PyUnicode_FromFormat
PyObject_GetBuffer
Py_Version
PyList_New
PyNumber_Rshift
PyModule_Create2
PyRun_SimpleStringFlags
_PyObject_IsFreed
PyType_Ready
PyThreadState_EnterTracing
PyObject_GetAttrString
PyErr_NewException
Py_CompileStringExFlags
PyType_FromSpecWithBases
_PyTime_ObjectToTimeval
PyCode_GetVarnames
PyErr_Clear
PyList_Append
PyEval_SetTrace
PyBytes_Type
PyState_AddModule
PyObject_GenericGetAttr
PyObject_RichCompareBool
PyUnicode_Decode
PyTuple_Size
PyThreadState_GetDict
PyThread_tss_get
PyLong_AsDouble
PyUnicode_FSConverter
PyLong_AsLongLongAndOverflow
PyCapsule_New
PyMapping_Keys
PyMapping_Check
PyCapsule_GetName
PyFrame_GetBuiltins
PyObject_VectorcallDict
PyObject_GenericSetAttr
PyDict_SetItem
PyDict_New
PyFunction_GetGlobals
PyCapsule_SetDestructor
_PyLong_Sign
PyThread_tss_free
PyNumber_ToBase
PyErr_NewExceptionWithDoc
PyThread_free_lock
_PyContext_NewHamtForTests
_PyDict_GetItem_KnownHash
PyObject_VectorcallMethod
PyCode_GetCode
PyMem_Free
PyCode_GetCellvars
PyLong_FromVoidPtr
PyUnicode_AsWideChar
PyCapsule_Import
PyLong_AsLongAndOverflow
PyCMethod_New
PyNumber_Negative
PyList_Type
PyErr_NoMemory
PyObject_Realloc
Py_NewRef
PyThread_tss_set
PyUnicode_Fill
PyExc_OSError
PyList_Reverse
PyGC_IsEnabled
PyLong_AsVoidPtr
PyObject_GetItem
PyCodec_IncrementalDecoder
Py_DecRef
Py_EndInterpreter
PyUnicode_FromKindAndData
PyBytes_FromStringAndSize
PyFloat_Pack2
PyType_FromSpec
_PyTime_ObjectToTime_t
PyGILState_Ensure
PyCapsule_SetContext
_PyArg_UnpackStack
PyMem_SetAllocator
PyCode_GetFreevars
PyNumber_Long
PyThread_tss_alloc
PyUnicode_Compare
PyArg_ParseTupleAndKeywords
PyErr_SetExcInfo
PyODict_Type
_Py_NewReference
_PyObject_New
PyExc_TypeError
PyNumber_Lshift
PyMem_Realloc
PyFrame_GetGenerator
PyMapping_Values
PyThreadState_GetInterpreter
PyObject_Str
PyFrame_GetGlobals
PyTuple_Pack
_PyByteArray_empty_string
PyModule_Type
PyCallable_Check
PyMem_Malloc
_PyTime_AsTimeval_clamp
PyThread_tss_is_created
PyCapsule_SetPointer
PyGen_Type
PyState_FindModule
_PyThreadState_GetDict
_Py_TrueStruct
PyArg_UnpackTuple
PyExc_SystemError
PyMarshal_ReadLastObjectFromFile
PyExc_AssertionError
PyMem_RawFree
PyFunction_GetCode
PyType_GetSlot
PyStructSequence_NewType
_Py_fopen_obj
PyErr_Print
Py_AddPendingCall
Py_NewInterpreter
PyThreadState_GetID
PyThreadState_Swap
Py_IncRef
PyErr_GetExcInfo
_Py_FatalErrorFunc
PyFloat_Pack8
PyUnicode_FromString
PyMemoryView_FromBuffer
PyObject_Size
PyComplex_FromCComplex
PyBuffer_FromContiguous
PyBuffer_Release
PyObject_CallNoArgs
PyMem_RawRealloc
PyObject_Repr
PyByteArray_Type
PyUnicode_CompareWithASCIIString
PyType_Type
PyErr_Display
_PyLong_NumBits
_PyTime_AsNanosecondsObject
PyMarshal_WriteObjectToFile
PySequence_DelSlice
_PyTime_AsTimeval
PyCapsule_SetName
PyTraceMalloc_Track
PyEval_RestoreThread
PyUnicode_FromStringAndSize
PyFloat_Unpack8
PyTraceBack_Print
_PyUnicode_EqualToASCIIString
PyLong_FromSsize_t
PyErr_GetHandledException
PyEval_GetFuncName
PyErr_Occurred
PyUnicode_AsUnicode
PySequence_GetItem
PyBytes_AsString
PyImport_ImportModule
PyMapping_HasKeyString
PyFrame_GetLocals
PyType_GetQualName
_PyLong_FromTime_t
PyEval_GetFuncDesc
PyLong_AsSsize_t
_Py_ascii_whitespace
PyThread_start_new_thread
PyFrame_New
PyType_GenericNew
PyThreadState_GetFrame
PyType_GetName
PyMapping_Items
PyModule_AddIntConstant
PyObject_Malloc
PyLong_AsUnsignedLong
_Py_BuildValue_SizeT
PyMem_GetAllocator
PyCodec_IncrementalEncoder
_PyTime_AsMilliseconds
PyCode_NewEmpty
PyBool_FromLong
PyErr_SetObject
_PyTime_FromSecondsObject
PyException_GetTraceback
PyExc_Exception
PyThreadState_Get
PyObject_GC_IsTracked
PyGC_Enable
_PyTime_AsMicroseconds
PyFunction_GetModule
PyMem_Calloc
PyBaseObject_Type
PyObject_Bytes
PyUnicode_CopyCharacters
_PyArg_Parse_SizeT
PyLong_AsSize_t
PyThread_tss_create

vcruntime140

memcpy
__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fclose
ftell

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_wassert
raise
_errno
_cexit

kernel32

GetCurrentProcessId
RtlLookupFunctionEntry
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlCaptureContext
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind

api-ms-win-crt-string-l1-1-0

strcmp

Exports

Exports

PyInit__testcapi

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

493e6eabc233a33c62041ebbc43d63a5

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:ddCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

77:4a:13:b6:e9:89:df:55:7d:ed:b2:c4:60:e3:da:ba:fe:f7:2e:1c:ce:a2:37:a7:7c:d5:9a:30:c5:20:3d:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

python311

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 19KB - Virtual size: 21KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

77:4a:13:b6:e9:89:df:55:7d:ed:b2:c4:60:e3:da:ba:fe:f7:2e:1c:ce:a2:37:a7:7c:d5:9a:30:c5:20:3d:6f
Signer

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 19KB - Virtual size: 21KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB