8e8b53bbf649a159346610410d3a62727d4d5cc12389df08ea57855f08665826N

Sharing

Copy URL Twitter E-mail

General

Target

8e8b53bbf649a159346610410d3a62727d4d5cc12389df08ea57855f08665826N
Size

7.9MB
MD5

013bb8e7fbee8b5de19d1c6ac75b2570
SHA1

982ce65915312ca8737659325fb8b76f9ee3293e
SHA256

8e8b53bbf649a159346610410d3a62727d4d5cc12389df08ea57855f08665826
SHA512

488d9239d91a04a02c35479a44c5bd9c4ad95dc7d963e00b09d53eee2f82d32fdbeadc606e3f56c6f6c3e716c3214c8b49abb0735fea26e515607adb724a5969
SSDEEP

49152:IKZxMjVZFCSWBVED4XLXnROuV30dgzkgaacsYM22kO008nlr+HQG+F5stmuu9L2e:bbDYwKzn0iTG+1u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e8b53bbf649a159346610410d3a62727d4d5cc12389df08ea57855f08665826N

Files

8e8b53bbf649a159346610410d3a62727d4d5cc12389df08ea57855f08665826N
.dll windows:6 windows x64 arch:x64

f9f39c26d70e6e00f03c3ccf46a92be8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

ws2_32

closesocket
connect
ioctlsocket
htonl
htons
inet_ntoa
listen
recv
recvfrom
select
send
sendto
setsockopt
socket
gethostbyname
WSAStartup
WSAGetLastError
bind
accept

python310

PyErr_NormalizeException
_Py_TrueStruct
PyFloat_Type
PyDict_Type
PyCFunction_Type
PyModule_Type
PyMethod_Type
PyInstanceMethod_Type
PyCapsule_Type
PySlice_Type
PyProperty_Type
PyExc_StopIteration
PyExc_BufferError
PyExc_ImportError
PyExc_IndexError
PyExc_MemoryError
PyExc_OverflowError
PyExc_RuntimeError
PyExc_SystemError
PyExc_TypeError
PyExc_ValueError
PyExc_FutureWarning
_Py_NotImplementedStruct
PyErr_Restore
PyErr_Fetch
PyErr_Clear
PyErr_Occurred
PyErr_SetString
PyWeakref_NewRef
PyErr_WarnEx
PyBuffer_Release
PyObject_IsInstance
PySequence_Tuple
PySequence_GetItem
PySequence_Size
PySequence_Check
PyNumber_Float
PyNumber_Long
PyIndex_Check
PyNumber_Check
PyIter_Check
PyObject_SetItem
PyObject_CallFunctionObjArgs
PyObject_CallObject
PyThreadState_DeleteCurrent
PyGILState_Check
_PyThreadState_UncheckedGet
PyGILState_GetThisThreadState
PyGILState_Release
PyGILState_Ensure
PyThreadState_Get
PyThreadState_Clear
PyThreadState_New
PySlice_Unpack
PyFrame_GetCode
PyFrame_GetLineNumber
PyCapsule_SetContext
PyCapsule_SetName
_Py_NoneStruct
PyCapsule_GetContext
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_New
PyInstanceMethod_New
PyCMethod_New
PyObject_GenericGetDict
PyDict_DelItemString
PyDict_Copy
PyDict_Size
PyDict_Next
PyDict_GetItemWithError
PyDict_New
PyList_GetItem
PyList_Size
PyList_New
PyTuple_SetItem
PyTuple_GetItem
PyTuple_Size
PyTuple_New
PyFloat_AsDouble
PyFloat_FromDouble
PyLong_AsUnsignedLongLong
PyLong_AsLongLong
PyLong_FromLongLong
PyLong_AsUnsignedLong
PyLong_AsLong
PyLong_FromSsize_t
PyLong_FromSize_t
PyUnicode_DecodeLatin1
PyUnicode_DecodeUTF16
PyUnicode_DecodeUTF32
PyUnicode_AsUTF8AndSize
PyUnicode_AsUTF8String
PyUnicode_DecodeUTF8
PyUnicode_AsEncodedString
PyUnicode_FromFormat
PyUnicode_FromString
PyBytes_AsStringAndSize
PyBytes_AsString
PyBytes_Size
PyByteArray_AsString
PyByteArray_Size
PyObject_GC_UnTrack
PyObject_Malloc
_PyObject_GetDictPtr
_PyType_Lookup
_Py_Dealloc
PyObject_ClearWeakRefs
PyObject_GenericSetDict
PyObject_SetAttr
PyObject_HasAttrString
PyObject_SetAttrString
PyObject_GetAttrString
PyObject_Str
PyObject_Repr
PyType_Ready
PyType_IsSubtype
PyMem_Free
PyMem_Calloc
PyByteArray_Type
PyBaseObject_Type
PyType_Type
PyFrame_GetBack
PyEval_AcquireThread
PyEval_SaveThread
PyEval_GetBuiltins
Py_GetVersion
PyModule_Create2
PyModule_AddObject
PyThread_tss_get
PyThread_tss_set
PyThread_tss_create
PyThread_tss_alloc
PyErr_WriteUnraisable
PyErr_Format
PyException_SetContext
PyException_SetCause
PyCapsule_SetPointer
PyException_SetTraceback
_Py_FalseStruct

kernel32

RtlUnwind
SetEndOfFile
CreateFileW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapSize
OutputDebugStringW
FlushFileBuffers
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
HeapReAlloc
SetFilePointerEx
DeleteFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlUnwindEx
InterlockedFlushSList
InterlockedPushEntrySList
GetCPInfo
GetStringTypeW
LCMapStringEx
MultiByteToWideChar
DecodePointer
EncodePointer
InitializeCriticalSectionEx
WideCharToMultiByte
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FindClose
BuildCommDCBA
SetCommTimeouts
SetCommConfig
PurgeComm
GetCommConfig
ClearCommError
WriteFile
ReadFile
CreateFileA
CreateThread
GetSystemTime
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindNextFileA
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
GetLastError
CloseHandle
GetFileAttributesA
FindFirstFileA
CreateDirectoryA

Exports

Exports

PyInit_pyrtklib5

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 551KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9f39c26d70e6e00f03c3ccf46a92be8

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ws2_32

python310

kernel32

Exports

Exports

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 551KB - Virtual size: 550KB

.data Size: 280KB - Virtual size: 1.8MB

.pdata Size: 342KB - Virtual size: 342KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 551KB - Virtual size: 550KB

.data
Size: 280KB - Virtual size: 1.8MB

.pdata
Size: 342KB - Virtual size: 342KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 9KB