ba5feeec2aa7bffd9f88c597091942598b3d4f3f3a5f9d2f6b16d7b49996434dN

Sharing

Copy URL Twitter E-mail

General

Target

ba5feeec2aa7bffd9f88c597091942598b3d4f3f3a5f9d2f6b16d7b49996434dN
Size

3.9MB
MD5

fd0bd5dc40f3889b69fa344905621890
SHA1

9cd99cfc11f8ca60d8b3ddd1c912d1d89c644a08
SHA256

ba5feeec2aa7bffd9f88c597091942598b3d4f3f3a5f9d2f6b16d7b49996434d
SHA512

3cfa7a7c4e135520338837a19ed5e738e69d2c14489e1ae3918c1234308a911d4bad3c6506e88bbf39b699f5ab8e9c816c5979110f5022b46ee2836540a8c61f
SSDEEP

49152:oaOUuaZF7aZMzmzA+m+RKgdBvcouzPPojd6HMUEFFY9XefeW9gDg8:eZMjGq4UEF7eW9g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba5feeec2aa7bffd9f88c597091942598b3d4f3f3a5f9d2f6b16d7b49996434dN

Files

ba5feeec2aa7bffd9f88c597091942598b3d4f3f3a5f9d2f6b16d7b49996434dN
.dll windows:6 windows x64 arch:x64

129512288dcc564763d338d574f74b11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libscipy_openblas64_-caad452230ae4ddb57899b8b3a33c55c

scipy_cblas_caxpy64_
scipy_cblas_cdotc_sub64_
scipy_cblas_cdotu_sub64_
scipy_cblas_cgemm64_
scipy_cblas_cgemv64_
scipy_cblas_csyrk64_
scipy_cblas_daxpy64_
scipy_cblas_ddot64_
scipy_cblas_dgemm64_
scipy_cblas_dgemv64_
scipy_cblas_dsyrk64_
scipy_cblas_saxpy64_
scipy_cblas_sdot64_
scipy_cblas_sgemm64_
scipy_cblas_sgemv64_
scipy_cblas_ssyrk64_
scipy_cblas_zaxpy64_
scipy_cblas_zdotc_sub64_
scipy_cblas_zdotu_sub64_
scipy_cblas_zgemm64_
scipy_cblas_zgemv64_
scipy_cblas_zsyrk64_

python39

PyCapsule_Import
PyBytes_FromString
PyDict_Copy
PyDict_Merge
PyDictProxy_New
_PyErr_BadInternalCall
Py_EnterRecursiveCall
Py_LeaveRecursiveCall
PySequence_Tuple
PyMapping_GetItemString
PyBaseObject_Type
PyDictProxy_Type
PyExc_UnicodeDecodeError
PyCapsule_IsValid
PyCapsule_SetName
PyGILState_Ensure
PyGILState_Release
Py_IsInitialized
PyType_GetFlags
PyArg_UnpackTuple
PyLong_FromVoidPtr
PyList_Append
PyList_AsTuple
PySlice_New
PySlice_Unpack
PySlice_AdjustIndices
PyObject_Not
PyUnicode_AsLatin1String
PyComplex_FromCComplex
PyObject_AsFileDescriptor
_PyArg_VaParseTupleAndKeywords_SizeT
PyEval_GetBuiltins
PyExc_IOError
PyType_GenericNew
PyUnicode_InternFromString
PyModule_GetDict
PyExc_UserWarning
PyErr_SetFromErrno
PyContextVar_New
PyModule_Create2
PyExc_Exception
PyIndex_Check
PyMem_RawRealloc
PyLong_FromUnicodeObject
PyFloat_FromString
PyExc_UnicodeEncodeError
PyThread_allocate_lock
PyThread_free_lock
PyThread_acquire_lock
PyThread_release_lock
_Py_NewReference
PyUnicode_AsEncodedString
_PyUnicode_IsWhitespace
PyOS_string_to_double
_Py_ascii_whitespace
PyMem_Realloc
_PyObject_NextNotImplemented
PyErr_FormatV
PyNumber_Negative
PyNumber_Lshift
PyNumber_Or
PyExc_ImportError
PyExc_ImportWarning
PyList_Size
PyList_GetItem
PyObject_Type
PyExc_NotImplementedError
PyExc_FloatingPointError
PyExc_NameError
PyDict_DelItemString
_PyObject_GC_New
PyObject_GC_UnTrack
PyObject_GC_Del
PyObject_GC_Track
PyModule_AddObject
PyModule_AddIntConstant
PyModule_AddStringConstant
PyNumber_FloorDivide
PyNumber_Remainder
PyNumber_Power
PyNumber_Positive
PyNumber_Absolute
PyNumber_Invert
PyNumber_Rshift
PyNumber_And
PyNumber_Xor
PyLong_AsLongLongAndOverflow
_PyUnicode_IsLowercase
_PyUnicode_IsUppercase
_PyUnicode_IsTitlecase
_PyUnicode_IsDecimalDigit
_PyUnicode_IsDigit
_PyUnicode_IsNumeric
_PyUnicode_IsAlpha
PyMem_RawCalloc
PyIter_Next
PyExc_SystemError
PyCapsule_Type
PyErr_SetNone
PyDict_GetItemWithError
PyUnicode_CompareWithASCIIString
PyExc_OSError
PyMem_Calloc
PyLong_AsSsize_t
PyUnicode_Format
PyUnicode_Concat
PyMethodDescr_Type
PyMemberDescr_Type
PyGetSetDescr_Type
PyCFunction_Type
Py_OptimizeFlag
PyType_Type
PySequence_GetItem
PyDict_GetItemString
PyComplex_ImagAsDouble
PyComplex_RealAsDouble
PyFloat_AsDouble
PyUnicode_AsUTF8
PyUnicode_Compare
PyNumber_TrueDivide
PyObject_SetAttrString
PyNumber_AsSsize_t
PyObject_Realloc
_PyObject_MakeTpCall
_Py_CheckFunctionResult
PyObject_IsInstance
PyImport_Import
PyArg_ParseTupleAndKeywords
PyArg_ParseTuple
PyThreadState_Get
PyMethod_New
PyDict_DelItem
PyList_New
PyUnicode_Replace
PyUnicode_Tailmatch
PyVectorcall_Call
PyObject_GenericGetDict
Py_BuildValue
PyException_SetContext
_PyObject_New
PyTuple_SetItem
_PyObject_NewVar
PyExc_FutureWarning
PyExc_RecursionError
PyExc_MemoryError
PyExc_KeyError
PyObject_IsSubclass
PySequence_Fast
PySequence_Size
PyErr_CheckSignals
PyDict_Contains
PyLong_AsVoidPtr
PyObject_CheckBuffer
PyErr_Print
PySeqIter_New
PyObject_Print
PyObject_ClearWeakRefs
PyTraceMalloc_Untrack
PyTraceMalloc_Track
PyContextVar_Set
PyContextVar_Get
PyType_Ready
PyNumber_Index
PyLong_AsLongAndOverflow
_PyObject_CallMethod_SizeT
PyCallable_Check
PyExc_RuntimeError
PyExc_BufferError
PyExc_AttributeError
PySlice_Type
_Py_EllipsisObject
PyFrozenSet_Type
PySet_Type
PyDict_Type
PyList_Type
PyTuple_Type
PyFloat_Type
_Py_TrueStruct
PyLong_Type
PyUnicode_Type
PyBytes_Type
_Py_NotImplementedStruct
PySequence_InPlaceRepeat
PySequence_InPlaceConcat
PySequence_Contains
PySequence_Repeat
PySequence_Concat
PyNumber_Check
PyObject_Format
PyObject_SetItem
PyObject_GetItem
PyObject_Size
PyObject_CallFunctionObjArgs
PyObject_CallObject
PyObject_Call
PyImport_ImportModule
_Py_BuildValue_SizeT
_PyArg_ParseTupleAndKeywords_SizeT
_PyArg_ParseTuple_SizeT
PyOS_snprintf
PyErr_WriteUnraisable
PyErr_ExceptionMatches
Py_GenericAlias
PyCapsule_SetContext
PyCapsule_GetContext
PyCapsule_GetPointer
PyDict_Size
PyTuple_GetSlice
PyMemoryView_FromObject
PyLong_FromDouble
PyLong_FromSsize_t
PyUnicode_FromKindAndData
PyUnicode_AsUCS4Copy
PyUnicode_FromString
PyUnicode_FromStringAndSize
_Py_HashDouble
PyObject_InitVar
PyObject_Init
PyObject_Free
PyObject_Malloc
PyMem_Free
PyMem_Malloc
PyObject_Hash
PyObject_GenericSetAttr
PyObject_GenericGetAttr
PyObject_SelfIter
PyObject_GetAttr
PyObject_GetAttrString
PyObject_RichCompare
PyExc_IndexError
PyEval_RestoreThread
PyEval_SaveThread
PyExc_RuntimeWarning
PyExc_DeprecationWarning
PyExc_ValueError
PyExc_TypeError
PyExc_OverflowError
PyMemoryView_Type
PyComplex_Type
_Py_FalseStruct
PyBool_Type
_Py_NoneStruct
PyBuffer_Release
PyObject_GetBuffer
PySequence_Check
PyNumber_Float
PyNumber_Long
PyNumber_Multiply
PyNumber_Subtract
PyNumber_Add
PyErr_Format
PyErr_NoMemory
PyException_SetCause
PyException_SetTraceback
PyErr_NormalizeException
PyErr_Restore
PyErr_Fetch
PyErr_Clear
PyErr_Occurred
PyErr_SetString
PyErr_SetObject
PyErr_WarnFormat
PyErr_WarnEx
PyCapsule_New
PyDict_SetItemString
PyDict_Next
PyDict_SetItem
PyDict_GetItem
PyDict_New
PyTuple_Pack
PyTuple_GetItem
PyTuple_Size
PyTuple_New
PyComplex_AsCComplex
PyComplex_FromDoubles
PyFloat_FromDouble
PyBool_FromLong
PyOS_strtol
PyOS_strtoul
PyLong_AsUnsignedLongLong
PyLong_AsLongLong
PyLong_FromUnsignedLongLong
PyLong_FromLongLong
PyLong_AsUnsignedLong
PyLong_AsLong
PyLong_FromUnsignedLong
PyLong_FromLong
PyUnicode_AsASCIIString
PyUnicode_AsUTF8String
PyUnicode_FromFormat
PyUnicode_FromEncodedObject
PyUnicode_GetLength
PyUnicode_AsUCS4
PyUnicode_Substring
PyBytes_AsStringAndSize
PyBytes_AsString
PyBytes_FromStringAndSize
PyMem_RawFree
PyMem_RawMalloc
_Py_Dealloc
PyObject_IsTrue
PyObject_RichCompareBool
PyObject_Bytes
PyObject_Str
PyType_IsSubtype
PyObject_GetIter
PyUnicode_Contains
PyObject_LengthHint
_PyObject_CallFunction_SizeT
PyObject_HasAttrString
PyErr_GivenExceptionMatches
_PyDict_GetItemStringWithError
PyBytes_Size
PyUnicode_AsUTF8AndSize
PyInterpreterState_Main

msvcp140-23ebcc0b37c8e3d074511f362feac48b

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__std_exception_destroy
memchr
memcmp
memcpy
memset
memmove
strrchr
__std_exception_copy
_CxxThrowException
__C_specific_handler
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

_lseeki64
__stdio_common_vsprintf
__stdio_common_vfscanf
ungetc
_ftelli64
fflush
fclose
fwrite
fgetc
fread
__stdio_common_vfprintf
__acrt_iob_func
_fseeki64
getc

api-ms-win-crt-runtime-l1-1-0

abort
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_errno
strerror
fetestexcept
feclearexcept
_set_thread_local_invalid_parameter_handler
_cexit

api-ms-win-crt-math-l1-1-0

_fdpcomp
copysign
hypot
ldexp
frexp
modf
nextafter
fminf
fmaxf
fmin
fmax
copysignf
ctanhl
ctanl
csinhl
csinl
cpowl
cexpl
ccoshl
ccosl
cargl
cabsl
ctanhf
ctanf
csinhf
csinf
cpowf
cexpf
ccoshf
ccosf
cargf
cabsf
ctanh
ctan
csinh
csin
cpow
cexp
ccosh
ccos
carg
nextafterf
modff
tanf
_fdsign
sqrtf
sinf
sin
expf
cosf
cos
truncl
rintl
log1pl
expm1l
exp2l
_dpcomp
atanhl
asinhl
acoshl
truncf
rintf
log2f
log1pf
exp2f
expm1f
cbrtf
atanhf
copysignl
acoshf
trunc
rint
log2
log1p
expm1
exp2
cbrt
atanh
asinhf
acosh
tanhf
tanh
sqrt
sinhf
sinh
logf
log10f
log10
log
fabs
exp
coshf
cosh
ceilf
atanf
atan
asinf
asin
acosf
acos
nextafterl
floorf
_dsign
_cabs
_hypotf
atan2
_fdclass
atan2f
_fdopen
fmod
fmodf
pow
powf
_dclass
cbrtl
floor
ceil
tan
asinh

api-ms-win-crt-string-l1-1-0

strcmp
strtok
strpbrk
strncmp
strncat
isalpha
strcspn
isdigit
strncpy
isspace
tolower

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

calloc
realloc
free
malloc
_callnewh

api-ms-win-crt-convert-l1-1-0

strtoull
strtol
strtoll

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

localeconv

kernel32

InitializeSListHead
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
IsDebuggerPresent
RtlVirtualUnwind
UnhandledExceptionFilter
QueryPerformanceCounter
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId

Exports

Exports

PyInit__multiarray_umath

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

129512288dcc564763d338d574f74b11

Headers

DLL Characteristics

File Characteristics

Imports

libscipy_openblas64_-caad452230ae4ddb57899b8b3a33c55c

python39

msvcp140-23ebcc0b37c8e3d074511f362feac48b

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 499KB - Virtual size: 499KB

.data Size: 145KB - Virtual size: 273KB

.pdata Size: 118KB - Virtual size: 117KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 499KB - Virtual size: 499KB

.data
Size: 145KB - Virtual size: 273KB

.pdata
Size: 118KB - Virtual size: 117KB

.reloc
Size: 9KB - Virtual size: 8KB