General
-
Target
ValoPy-v1.0.zip
-
Size
12.4MB
-
MD5
4c98d1a9ea065e0918cc619b931e5e12
-
SHA1
35088fa0673af4fa922804873b7d3722754496d0
-
SHA256
ce5701143934dc8880f15dc245001c7f91deb92bb78e6a08e36c6a24524649bb
-
SHA512
5662d9237fcea99c47c79c11a6285c09a48f81ccaf1099ff568fb1a62f2e1df5a02e5d4c66d8a5a9b7f53d7d55728d7f5d95d57c511ca8458b940361cf86c0af
-
SSDEEP
196608:QH2NvyaLS1PGEC88yiQ8f6W6Jf6Dly3WpP+7xTzcIr28UfTNVIXgiD4CE+Z8fkKT:QHTaLEl8Bt6WcfCMX721ZaXcCE+Wfb3D
Malware Config
Signatures
-
Detects Pyinstaller 1 IoCs
resource yara_rule static1/unpack001/ValoPy-v1.0.exe pyinstaller -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/ValoPy-v1.0.exe
Files
-
ValoPy-v1.0.zip.zip
Password: vladut
-
ValoPy-v1.0.exe.exe windows:6 windows x86 arch:x86
Password: vladut
ae6bddd56a15f2920903d98ee2b77698
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
shell32
SHGetFolderPathW
kernel32
InitializeCriticalSectionAndSpinCount
HeapSize
WriteFile
CreateFileW
SetFileAttributesW
CloseHandle
CreateProcessW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetProcessHeap
RtlUnwind
RaiseException
GetLastError
SetLastError
WriteConsoleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
Sections
.text Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12.8MB - Virtual size: 12.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
main.pyc
-
config.json
-
x1188 Hotmail UHQ Private.txt