04ca1b6273574bb217b5668c2e6924555344eca884864598ad1d744dc462594aN

Sharing

Copy URL Twitter E-mail

General

Target

04ca1b6273574bb217b5668c2e6924555344eca884864598ad1d744dc462594aN
Size

4.0MB
MD5

35328eaaaad9dab87662c7bb45587b10
SHA1

4f6b4661b74fb7dac3ffa83369b56ee41732faf2
SHA256

04ca1b6273574bb217b5668c2e6924555344eca884864598ad1d744dc462594a
SHA512

bbacc9ff960883b1eedaedeed3d4239f5a07f05d8e5cf0e5526ea6068c8bec6abb53e9681b9f1651115e958c28abad40318e32a77567f3129e80d163766df7f6
SSDEEP

49152:urp8nxnWslkUjtIaaEBXatZJfqIf+orwhMsrcHbgyxj1TOuhDIlJBApJxHU+f5Te:um6zkJBApJxHrJ1aj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04ca1b6273574bb217b5668c2e6924555344eca884864598ad1d744dc462594aN

Files

04ca1b6273574bb217b5668c2e6924555344eca884864598ad1d744dc462594aN
.dll windows:6 windows x64 arch:x64

a35be64e60f2190b4074478ee5639309

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vk3p32ca\execroot\org_tensorflow\bazel-out\x64_windows-opt\bin\tensorflow\python\platform\_pywrap_tf2.pdb

Imports

python310

PyBaseObject_Type
PyByteArray_AsString
PyByteArray_Size
PyByteArray_Type
PyBytes_AsString
PyBytes_AsStringAndSize
PyBytes_Size
PyCFunction_Type
PyCMethod_New
PyCapsule_GetContext
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_New
PyCapsule_SetContext
PyCapsule_SetPointer
PyCapsule_Type
PyDict_Copy
PyDict_DelItemString
PyDict_GetItemWithError
PyDict_New
PyDict_Next
PyDict_Size
PyDict_Type
PyErr_Clear
PyErr_Fetch
PyErr_Format
PyErr_NormalizeException
PyErr_Occurred
PyErr_Restore
PyErr_SetString
PyErr_WriteUnraisable
PyEval_AcquireThread
PyEval_SaveThread
PyExc_ImportError
PyExc_IndexError
PyExc_MemoryError
PyExc_OverflowError
PyExc_RuntimeError
PyExc_SystemError
PyExc_TypeError
PyExc_ValueError
PyException_SetCause
PyException_SetContext
PyException_SetTraceback
PyFrame_GetBack
PyFrame_GetCode
PyFrame_GetLineNumber
PyGILState_Ensure
PyGILState_GetThisThreadState
PyGILState_Release
PyInstanceMethod_New
PyInstanceMethod_Type
PyInterpreterState_Get
PyInterpreterState_GetDict
PyMem_Calloc
PyMem_Free
PyModule_AddObject
PyModule_Create2
PyObject_CallFunctionObjArgs
PyObject_CallObject
PyObject_ClearWeakRefs
PyObject_GC_UnTrack
PyObject_GetAttrString
PyObject_HasAttrString
PyObject_IsInstance
PyObject_Repr
PyObject_SetAttrString
PyObject_SetItem
PyObject_Str
PyProperty_Type
PyThreadState_Clear
PyThreadState_DeleteCurrent
PyThreadState_Get
PyThreadState_New
PyThread_tss_create
PyThread_tss_get
PyThread_tss_set
PyTuple_GetItem
PyTuple_New
PyTuple_SetItem
PyTuple_Size
PyType_IsSubtype
PyType_Ready
PyType_Type
PyUnicode_AsEncodedString
PyUnicode_AsUTF8AndSize
PyUnicode_AsUTF8String
PyUnicode_FromString
PyWeakref_NewRef
Py_GetVersion
_PyObject_GetDictPtr
_PyThreadState_UncheckedGet
_PyType_Lookup
_Py_Dealloc
_Py_FalseStruct
_Py_NoneStruct
_Py_NotImplementedStruct
_Py_TrueStruct

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0ios_base@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1ios_base@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?good@ios_base@std@@QEBA_NXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uncaught_exception@std@@YA_NXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
_Cnd_broadcast
_Cnd_destroy_in_situ
_Cnd_do_broadcast_at_thread_exit
_Cnd_init_in_situ
_Cnd_signal
_Cnd_wait
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
_Mtx_unlock
_Query_perf_counter
_Query_perf_frequency
_Thrd_id
_Thrd_join
_Thrd_yield
_Xtime_get_ticks

shlwapi

PathIsDirectoryW
PathMatchSpecW

kernel32

AcquireSRWLockExclusive
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWork
CreateEventA
CreateFileMappingA
CreateFileW
CreateThreadpoolTimer
CreateThreadpoolWork
DeleteFileW
DisableThreadLibraryCalls
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesExW
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLogicalProcessorInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathA
InitOnceBeginInitialize
InitOnceComplete
InitializeConditionVariable
InitializeSListHead
InitializeSRWLock
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
LocalFree
MapViewOfFileEx
MoveFileExW
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ReleaseSRWLockExclusive
RemoveDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetFilePointer
SetThreadpoolTimer
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SubmitThreadpoolWork
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__RTDynamicCast
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
_purecall
memchr
memcmp
memcpy
memmove
memset
strchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf
_write
fclose
fflush
fopen
fwrite

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll
abort
fegetround
fesetround
strerror
terminate

api-ms-win-crt-math-l1-1-0

_dsign
_dtest
_fdtest
frexp
ldexp

api-ms-win-crt-time-l1-1-0

_localtime64
strftime

api-ms-win-crt-string-l1-1-0

_strdup
isalpha
strcmp
strlen
strncmp
wcslen

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wmkdir
_wstat64
_wunlink

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtod
strtol
strtoll
strtoul
strtoull

Exports

Exports

PyInit__pywrap_tf2

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 843KB - Virtual size: 842KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

malloc_h
Size: 512B - Virtual size: 359B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a35be64e60f2190b4074478ee5639309

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

python310

msvcp140

shlwapi

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 843KB - Virtual size: 842KB

.data Size: 145KB - Virtual size: 172KB

.pdata Size: 131KB - Virtual size: 131KB

.tls Size: 2KB - Virtual size: 2KB

malloc_h Size: 512B - Virtual size: 359B

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 843KB - Virtual size: 842KB

.data
Size: 145KB - Virtual size: 172KB

.pdata
Size: 131KB - Virtual size: 131KB

.tls
Size: 2KB - Virtual size: 2KB

malloc_h
Size: 512B - Virtual size: 359B

.reloc
Size: 42KB - Virtual size: 41KB