385c9e01b68397b316e2b5a972d902856159f3b8879615014799d6cba142ea75

Sharing

Copy URL

Twitter E-mail

General

Target

385c9e01b68397b316e2b5a972d902856159f3b8879615014799d6cba142ea75
Size

39KB
MD5

f704737c4481a677bd139be747ff9305
SHA1

76771173074c8f66d09aa40683f69d500bc4391e
SHA256

385c9e01b68397b316e2b5a972d902856159f3b8879615014799d6cba142ea75
SHA512

91f09fb16385531abf317f476d08616627e7861d0184e9a9cf53e7d9c0068ab66fcb03fec59de58a8e53c71aaf48cc4656dc45cdb04c98748a6fce7ee76aed3f
SSDEEP

768:+3HWTbedVUUjsqJ6EWPKKhYutDQ4llm+aaFwlSpB1qVkv2/pSUQQTmEEGeshG0:gHWTbe8UwqJ6EYKKhYu6cl5RFwlKw/90

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
385c9e01b68397b316e2b5a972d902856159f3b8879615014799d6cba142ea75

Files

385c9e01b68397b316e2b5a972d902856159f3b8879615014799d6cba142ea75
.dll windows:4 windows x86 arch:x86

8b348822e64037a58c4fa65b9fca4cc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libpython3.9

PyBuffer_IsContiguous
PyBuffer_Release
PyBytes_AsString
PyBytes_FromStringAndSize
PyBytes_Size
PyCapsule_GetPointer
PyCapsule_IsValid
PyCodec_LookupError
PyCodec_StrictErrors
PyErr_Clear
PyErr_Format
PyErr_NoMemory
PyErr_Occurred
PyErr_SetString
PyExc_AttributeError
PyExc_IndexError
PyExc_RuntimeError
PyExc_TypeError
PyExc_UnicodeEncodeError
PyExc_UnicodeError
PyExc_ValueError
PyFloat_Type
PyLong_AsSsize_t
PyLong_FromSsize_t
PyLong_Type
PyMem_Free
PyMem_Malloc
PyModule_AddType
PyModule_Create2
PyObject_Free
PyObject_GC_UnTrack
PyObject_GenericGetAttr
PyObject_GetAttrString
PyObject_GetBuffer
PyObject_Str
PyObject_VectorcallMethod
PySequence_Check
PySequence_GetItem
PySequence_Size
PyThreadState_Get
PyTuple_New
PyType_IsSubtype
PyType_Ready
PyUnicodeDecodeError_Create
PyUnicodeDecodeError_SetEnd
PyUnicodeDecodeError_SetReason
PyUnicodeDecodeError_SetStart
PyUnicodeEncodeError_SetEnd
PyUnicodeEncodeError_SetReason
PyUnicodeEncodeError_SetStart
PyUnicode_Append
PyUnicode_AsUTF8
PyUnicode_AsUTF8AndSize
PyUnicode_DecodeUTF8
PyUnicode_FromOrdinal
PyUnicode_FromString
PyUnicode_New
PyUnicode_Splitlines
PyUnicode_Substring
_PyArg_BadArgument
_PyArg_CheckPositional
_PyArg_ParseTupleAndKeywords_SizeT
_PyArg_ParseTuple_SizeT
_PyArg_UnpackKeywords
_PyBytes_Resize
_PyLong_AsByteArray
_PyLong_AsInt
_PyLong_FromByteArray
_PyObject_CallFunction_SizeT
_PyObject_CallMethod_SizeT
_PyObject_MakeTpCall
_PyObject_New
_PyUnicodeWriter_Dealloc
_PyUnicodeWriter_Finish
_PyUnicodeWriter_Init
_PyUnicodeWriter_WriteChar
_PyUnicodeWriter_WriteStr
_PyUnicode_FromId
_PyUnicode_Ready
_Py_BuildValue_SizeT
_Py_CheckFunctionResult
_Py_Dealloc
_Py_NoneStruct

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
memcpy
realloc
strcmp
strlen
strncmp
vfprintf

Exports

Exports

PyInit__multibytecodec

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 140B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b348822e64037a58c4fa65b9fca4cc2

Headers

DLL Characteristics

File Characteristics

Imports

libpython3.9

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 3KB

.eh_fram Size: 5KB - Virtual size: 4KB

.bss Size: - Virtual size: 140B

.edata Size: 512B - Virtual size: 109B

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 3KB

.eh_fram
Size: 5KB - Virtual size: 4KB

.bss
Size: - Virtual size: 140B

.edata
Size: 512B - Virtual size: 109B

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1KB - Virtual size: 1KB