30ff49343e5579bd00c4f8c20207d6a2b609d0eb66f118aabb6605249f92adc0N

Sharing

Copy URL Twitter E-mail

General

Target

30ff49343e5579bd00c4f8c20207d6a2b609d0eb66f118aabb6605249f92adc0N
Size

550KB
MD5

d1711f60ae9fff7d64a979126b5ac990
SHA1

ec21f4c3d44a6862785595b0c58b9afeecccd5b5
SHA256

30ff49343e5579bd00c4f8c20207d6a2b609d0eb66f118aabb6605249f92adc0
SHA512

4b23c70a58e3da22122a8843e01ffe35716c6b88ce11fb4ac011a870046b1c962dd4879d5fb20eced0ccc7c2cdc531d82fb5ec1daf60f7fdd17a3fd76f80c188
SSDEEP

6144:ntGXija9q7QpKY6BM+6zF7CYyN3bRIgFXuXwWwFVx05Tmg4pt5bRiSVFHS4w3pb5:ntzm9TKf/t7XozwFVS34ZRxFHqt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30ff49343e5579bd00c4f8c20207d6a2b609d0eb66f118aabb6605249f92adc0N

Files

30ff49343e5579bd00c4f8c20207d6a2b609d0eb66f118aabb6605249f92adc0N
.dll windows:6 windows x64 arch:x64

b6faeeca9289c57ed8aae43c40d5079b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

_kolo.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

python312

PyObject_GetItem
PyObject_SetItem
PyObject_DelItem
Py_IsInitialized
PyErr_SetString
PyBytes_AsString
PyObject_GetAttr
PyObject_SetAttr
PyObject_Call
PyDict_SetItem
PyBytes_FromStringAndSize
PyExc_ImportError
PyModule_GetNameObject
PyCMethod_New
PyList_New
PyList_Append
PyBaseObject_Type
PyObject_GenericGetDict
PyObject_GenericSetDict
PyType_FromSpec
PyErr_NewExceptionWithDoc
PyUnicode_AsEncodedString
PyType_GetName
PyObject_Repr
PyCallable_Check
PyLong_FromSsize_t
PyInterpreterState_Get
PyImport_Import
PyUnicode_InternInPlace
_Py_TrueStruct
_Py_FalseStruct
PyObject_GC_UnTrack
PyExc_BaseException
PyCode_Type
PyObject_Str
PyDict_GetItemWithError
PyDict_DelItem
PyExc_TypeError
PyErr_WriteUnraisable
PyDict_Update
PyLong_FromLong
PyLong_FromUnsignedLongLong
PyFloat_FromDouble
PyGILState_Release
PyEval_SetProfile
PyType_IsSubtype
PyObject_VectorcallMethod
PyObject_IsInstance
PyExc_KeyError
PyErr_GivenExceptionMatches
PyIter_Next
PyObject_SetAttrString
PyInterpreterState_GetID
PyModule_Create2
PyObject_GetIter
PySequence_Size
PySequence_Check
PyTuple_New
PyLong_AsLong
PyFloat_AsDouble
PyFloat_Type
PyType_GenericAlloc
PyDict_New
PyFrame_Type
_Py_NoneStruct
PyLong_AsUnsignedLongLong
PyNumber_Index
PyExc_OverflowError
PyException_SetCause
PyException_GetCause
PyBool_Type
PyGILState_Ensure
PyExc_RuntimeError
PyErr_Print
PyType_GetQualName
PyExc_ValueError
PyErr_PrintEx
PyException_SetTraceback
PyException_GetTraceback
PyErr_GetRaisedException
PyErr_SetRaisedException
_Py_Dealloc
PyUnicode_FromStringAndSize
PyExc_AttributeError
PyDict_Copy
PyExc_SystemError
PyUnicode_AsUTF8AndSize
PyBytes_Size
PyErr_SetObject

kernel32

GetSystemTimePreciseAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
HeapReAlloc
IsProcessorFeaturePresent
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetLastError
GetStdHandle
GetConsoleMode
WaitForSingleObject
CloseHandle
MultiByteToWideChar
WriteConsoleW
GetModuleHandleW
FormatMessageW
SetLastError
GetCurrentDirectoryW
lstrlenW
GetEnvironmentVariableW
RtlVirtualUnwind
WideCharToMultiByte
ReleaseMutex
CreateMutexA
GetCurrentProcessId
GetCurrentProcess
GetProcAddress
LoadLibraryA
WaitForSingleObjectEx
RtlLookupFunctionEntry
RtlCaptureContext
GetProcessHeap
HeapAlloc
HeapFree

ntdll

NtWriteFile
RtlNtStatusToDosError

vcruntime140

memcpy
memset
memcmp
memmove
_CxxThrowException
__CxxFrameHandler3
__std_type_info_destroy_list
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initterm_e
_initterm
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

PyInit__kolo

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6faeeca9289c57ed8aae43c40d5079b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

bcrypt

advapi32

python312

kernel32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 400KB - Virtual size: 400KB

.rdata Size: 117KB - Virtual size: 116KB

.data Size: 10KB - Virtual size: 10KB

.pdata Size: 19KB - Virtual size: 19KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 400KB - Virtual size: 400KB

.rdata
Size: 117KB - Virtual size: 116KB

.data
Size: 10KB - Virtual size: 10KB

.pdata
Size: 19KB - Virtual size: 19KB

.reloc
Size: 2KB - Virtual size: 1KB