ded0cd6feba0a8e7d21dd79e0672a3b7aee6346bd86e50aad1fb91d08d43297dN

Sharing

Copy URL Twitter E-mail

General

Target

ded0cd6feba0a8e7d21dd79e0672a3b7aee6346bd86e50aad1fb91d08d43297dN
Size

7.9MB
MD5

9fab358796328a822b238d01c41bcff0
SHA1

e954b8ccc429ee9f644975f61c24f4165072b3e0
SHA256

ded0cd6feba0a8e7d21dd79e0672a3b7aee6346bd86e50aad1fb91d08d43297d
SHA512

268569d3f7176b521928e7ba6d73b48e23fbfae541b0d7be3e0e42b3cda3beed5973c5aa83794b8ba78a3e1a7896d9f4228e4940fd2f25c66cc508643b7f26da
SSDEEP

49152:YbfKZ6TDHE65GLavLHVPVGsX9OmBQ/6f6tWSHpi99bHh+jkKM1teGLHpHcuLL7jh:OeJGF9+I1CGLlcuL/j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ded0cd6feba0a8e7d21dd79e0672a3b7aee6346bd86e50aad1fb91d08d43297dN

Files

ded0cd6feba0a8e7d21dd79e0672a3b7aee6346bd86e50aad1fb91d08d43297dN
.dll windows:6 windows x64 arch:x64

d1985b0e36282a868a8479411baee648

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

ws2_32

closesocket
connect
ioctlsocket
htonl
htons
inet_ntoa
listen
recv
recvfrom
select
send
sendto
setsockopt
socket
gethostbyname
WSAStartup
WSAGetLastError
bind
accept

python39

PyEval_GetBuiltins
_Py_TrueStruct
PyFloat_Type
PyDict_Type
PyCFunction_Type
PyModule_Type
PyMethod_Type
PyInstanceMethod_Type
PyCapsule_Type
PySlice_Type
PyProperty_Type
PyExc_StopIteration
PyExc_BufferError
PyExc_ImportError
PyExc_IndexError
PyExc_MemoryError
PyExc_OverflowError
PyExc_RuntimeError
PyExc_SystemError
PyExc_TypeError
PyExc_ValueError
PyExc_FutureWarning
_Py_NotImplementedStruct
Py_GetVersion
PyModule_Create2
PyModule_AddObject
PyThread_tss_get
PyThread_tss_set
PyThread_tss_create
PyThread_tss_alloc
PyErr_WriteUnraisable
PyErr_Format
PyException_SetContext
PyException_SetCause
PyException_SetTraceback
PyErr_NormalizeException
PyErr_Restore
PyErr_Fetch
PyErr_Clear
PyErr_Occurred
PyErr_SetString
PyWeakref_NewRef
PyErr_WarnEx
PyThreadState_DeleteCurrent
PyGILState_Check
_PyThreadState_UncheckedGet
PyGILState_GetThisThreadState
PyGILState_Release
PyGILState_Ensure
PyThreadState_Get
PyThreadState_Clear
PyThreadState_New
PySlice_Unpack
PyFrame_GetCode
PyFrame_GetLineNumber
PyCapsule_SetContext
PyCapsule_SetName
PyCapsule_SetPointer
_Py_NoneStruct
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_New
PyInstanceMethod_New
PyCMethod_New
PyObject_GenericGetDict
PyDict_DelItemString
PyDict_Copy
PyDict_Size
PyDict_Next
PyDict_GetItemWithError
PyDict_New
PyList_GetItem
PyList_Size
PyList_New
PyTuple_SetItem
PyTuple_GetItem
PyTuple_Size
PyTuple_New
PyFloat_AsDouble
PyFloat_FromDouble
PyLong_AsUnsignedLongLong
PyLong_AsLongLong
PyLong_FromLongLong
PyLong_AsUnsignedLong
PyLong_AsLong
PyLong_FromSsize_t
PyLong_FromSize_t
PyUnicode_AsUTF8AndSize
PyUnicode_DecodeLatin1
PyUnicode_DecodeUTF16
PyUnicode_DecodeUTF32
PyUnicode_AsUTF8String
PyUnicode_DecodeUTF8
PyUnicode_AsEncodedString
PyUnicode_FromFormat
PyUnicode_FromString
PyBytes_AsStringAndSize
PyBytes_AsString
PyBytes_Size
PyByteArray_AsString
PyByteArray_Size
PyObject_GC_UnTrack
PyObject_Malloc
PyMem_Calloc
PyMem_Free
_PyObject_NextNotImplemented
_PyObject_GetDictPtr
_PyType_Lookup
_Py_Dealloc
PyObject_ClearWeakRefs
PyObject_GenericSetDict
PyObject_SetAttr
PyObject_HasAttrString
PyObject_SetAttrString
PyObject_GetAttrString
PyObject_Str
PyObject_Repr
PyType_Ready
PyType_IsSubtype
PyByteArray_Type
PyBaseObject_Type
PyType_Type
PyFrame_GetBack
PyBuffer_Release
PyObject_IsInstance
PySequence_Tuple
PySequence_GetItem
PySequence_Size
PySequence_Check
PyNumber_Float
PyNumber_Long
PyIndex_Check
PyNumber_Check
PyObject_SetItem
PyObject_CallFunctionObjArgs
PyObject_CallObject
PyEval_AcquireThread
PyCapsule_GetContext
PyEval_SaveThread
_Py_FalseStruct

kernel32

RtlUnwind
SetEndOfFile
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapSize
OutputDebugStringW
FlushFileBuffers
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
HeapReAlloc
SetFilePointerEx
DeleteFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlUnwindEx
InterlockedFlushSList
InterlockedPushEntrySList
GetCPInfo
GetStringTypeW
LCMapStringEx
MultiByteToWideChar
DecodePointer
EncodePointer
InitializeCriticalSectionEx
WideCharToMultiByte
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FindClose
BuildCommDCBA
SetCommTimeouts
SetCommConfig
PurgeComm
GetCommConfig
ClearCommError
WriteFile
ReadFile
CreateFileA
CreateThread
GetSystemTime
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindNextFileA
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
GetLastError
CloseHandle
GetFileAttributesA
FindFirstFileA
CreateDirectoryA

Exports

Exports

PyInit_pyrtklib5

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 551KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1985b0e36282a868a8479411baee648

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ws2_32

python39

kernel32

Exports

Exports

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 551KB - Virtual size: 551KB

.data Size: 280KB - Virtual size: 1.8MB

.pdata Size: 342KB - Virtual size: 342KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 551KB - Virtual size: 551KB

.data
Size: 280KB - Virtual size: 1.8MB

.pdata
Size: 342KB - Virtual size: 342KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 9KB