PyInit_execute
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
cc0e78b5d284a7dfef356166bc4a382f9f9ae3b66de2cfb95abc9dbc2136a0c3.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cc0e78b5d284a7dfef356166bc4a382f9f9ae3b66de2cfb95abc9dbc2136a0c3.dll
Resource
win10v2004-20240802-en
General
-
Target
cc0e78b5d284a7dfef356166bc4a382f9f9ae3b66de2cfb95abc9dbc2136a0c3
-
Size
44KB
-
MD5
ab14eebbddde508667b1b1e9b7f1986a
-
SHA1
94a85c921f06f92434d0ec1afe255f614ae4e2c0
-
SHA256
cc0e78b5d284a7dfef356166bc4a382f9f9ae3b66de2cfb95abc9dbc2136a0c3
-
SHA512
765210301c019a89a14502e233cc88b10627cfed08b6f2ada0a5a8c57f8cb3c37662ad11e1f191ad5ab0267799b116afc1d2852cdf48c9097cff763274011ee8
-
SSDEEP
768:BmvsorugsJ69x5XtVufVnRjpn1eg3Sl50ltc5060:BMrugO69LXudRjpn1250c5060
Malware Config
Extracted
metasploit
windows/download_exec
http://134.175.219.23:7777/uNVC
- headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;ENIN)
Signatures
-
Metasploit family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cc0e78b5d284a7dfef356166bc4a382f9f9ae3b66de2cfb95abc9dbc2136a0c3
Files
-
cc0e78b5d284a7dfef356166bc4a382f9f9ae3b66de2cfb95abc9dbc2136a0c3.dll windows:6 windows x64 arch:x64
56aca6a76e9d8744847e478a105aa5ee
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
python38
_Py_FalseStruct
PyModule_NewObject
PyMethod_Type
_Py_Dealloc
PyTuple_GetItem
PyImport_GetModuleDict
PyModule_GetDict
PyObject_Free
PyErr_ExceptionMatches
PyObject_GC_Del
PyObject_ClearWeakRefs
PyObject_Not
PyUnicode_AsUTF8
PyUnicode_FromFormat
PyList_New
PyImport_AddModule
PyType_Ready
PyObject_GetAttrString
PyErr_Clear
PyUnicode_Decode
PyErr_Format
PyDict_SetItem
PyDict_New
_PyDict_GetItem_KnownHash
PyDict_GetItemString
PyModuleDef_Init
PyObject_GC_Track
PyBytes_FromStringAndSize
PyExc_TypeError
PyMem_Realloc
PyExc_NameError
PyTuple_Pack
PyMem_Malloc
PyExc_ImportError
_Py_TrueStruct
PyExc_SystemError
_PyObject_GC_New
PyEval_EvalFrameEx
PyUnicode_FromString
PyObject_Call
PyUnicode_FromStringAndSize
_PyObject_GetDictPtr
_Py_CheckRecursiveCall
PyEval_EvalCodeEx
PyErr_SetString
PyNumber_Multiply
PyTuple_GetSlice
PyExc_AttributeError
PyFrame_Type
PyDict_Size
PyDict_SetItemString
PyLong_FromString
PyTuple_New
_Py_NoneStruct
PyObject_GetAttr
Py_GetVersion
PyInterpreterState_GetID
PyObject_Hash
PyObject_GC_UnTrack
PyLong_FromLong
PyObject_SetAttrString
PyMethod_New
PyExc_RuntimeError
_PyThreadState_UncheckedGet
PyTraceBack_Here
PyLong_FromSsize_t
PyErr_Occurred
PyImport_ImportModuleLevelObject
PyFrame_New
PyFunction_Type
PyErr_WarnEx
PyCode_NewEmpty
_Py_CheckRecursionLimit
PyThreadState_Get
PyOS_snprintf
PyCFunction_Type
PyUnicode_InternFromString
PyCode_New
PyObject_SetAttr
kernel32
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
vcruntime140
__C_specific_handler
__std_type_info_destroy_list
memset
strchr
api-ms-win-crt-runtime-l1-1-0
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit
Exports
Exports
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ