aa11c665d7c29f68b276682ae9109baaddf59b5ff8a60fa409216ff7527d9565N

Sharing

Copy URL

Twitter E-mail

General

Target

aa11c665d7c29f68b276682ae9109baaddf59b5ff8a60fa409216ff7527d9565N
Size

2.6MB
MD5

cc0c8235f98da0fb1bd8e7a0a498f890
SHA1

2166a13a8d4a855642b3614cf1b248617fd8241a
SHA256

aa11c665d7c29f68b276682ae9109baaddf59b5ff8a60fa409216ff7527d9565
SHA512

077138b4e0e4340275e104c3811836c2bc88ef08bd7abc5cb494452f4b0a8d1693758b005ab21a0d3fad4c5fd5dd9dddf56833cfa2ed3fd837d12995762d32a9
SSDEEP

49152:XBoyLuzV2J2DORWnDFjQV7gNDhdCsQqsJGA7xOZIKkeMqMuiCLvf6skRrZ159pgn:XBoyYD2qsJGA7xOaCis2159pguZp0/02

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa11c665d7c29f68b276682ae9109baaddf59b5ff8a60fa409216ff7527d9565N

Files

aa11c665d7c29f68b276682ae9109baaddf59b5ff8a60fa409216ff7527d9565N
.dll windows:6 windows x64 arch:x64

6c9e75d01a18a76d495eccecf6bebefc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vk3p32ca\execroot\org_tensorflow\bazel-out\x64_windows-opt\bin\tensorflow\python\framework\_pywrap_python_op_gen.pdb

Imports

python312

PyBaseObject_Type
PyByteArray_AsString
PyByteArray_Size
PyByteArray_Type
PyBytes_AsString
PyBytes_AsStringAndSize
PyBytes_FromStringAndSize
PyBytes_Size
PyCFunction_Type
PyCMethod_New
PyCapsule_GetContext
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_New
PyCapsule_SetContext
PyCapsule_SetPointer
PyCapsule_Type
PyDict_Copy
PyDict_DelItemString
PyDict_GetItemWithError
PyDict_New
PyDict_Next
PyDict_Size
PyDict_Type
PyErr_Clear
PyErr_Fetch
PyErr_Format
PyErr_NormalizeException
PyErr_Occurred
PyErr_Restore
PyErr_SetString
PyErr_WriteUnraisable
PyEval_AcquireThread
PyEval_SaveThread
PyExc_ImportError
PyExc_IndexError
PyExc_MemoryError
PyExc_OverflowError
PyExc_RuntimeError
PyExc_SystemError
PyExc_TypeError
PyExc_ValueError
PyException_SetCause
PyException_SetContext
PyException_SetTraceback
PyFrame_GetBack
PyFrame_GetCode
PyFrame_GetLineNumber
PyGILState_Ensure
PyGILState_GetThisThreadState
PyGILState_Release
PyInstanceMethod_New
PyInstanceMethod_Type
PyInterpreterState_Get
PyInterpreterState_GetDict
PyList_Size
PyMem_Calloc
PyMem_Free
PyModule_AddObject
PyModule_Create2
PyObject_CallFunctionObjArgs
PyObject_CallObject
PyObject_ClearWeakRefs
PyObject_GC_UnTrack
PyObject_GenericGetDict
PyObject_GenericSetDict
PyObject_GetAttrString
PyObject_HasAttrString
PyObject_IsInstance
PyObject_Repr
PyObject_SetAttrString
PyObject_SetItem
PyObject_Str
PyProperty_Type
PyThreadState_Clear
PyThreadState_DeleteCurrent
PyThreadState_Get
PyThreadState_New
PyThread_tss_create
PyThread_tss_get
PyThread_tss_set
PyTuple_GetItem
PyTuple_New
PyTuple_SetItem
PyTuple_Size
PyType_IsSubtype
PyType_Ready
PyType_Type
PyUnicode_AsEncodedString
PyUnicode_AsUTF8AndSize
PyUnicode_AsUTF8String
PyUnicode_FromString
PyWeakref_NewRef
Py_GetVersion
_PyObject_GetDictPtr
_PyThreadState_UncheckedGet
_PyType_Lookup
_Py_Dealloc
_Py_NoneStruct
_Py_NotImplementedStruct

_pywrap_tensorflow_internal.pyd

?GetPythonWrappers@tensorflow@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBD_K@Z

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0ios_base@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1ios_base@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?good@ios_base@std@@QEBA_NXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uncaught_exception@std@@YA_NXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
_Mtx_unlock

kernel32

AcquireSRWLockExclusive
DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitOnceBeginInitialize
InitOnceComplete
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
ReleaseSRWLockExclusive
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
SleepConditionVariableSRW
TerminateProcess
UnhandledExceptionFilter
WakeAllConditionVariable

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__RTDynamicCast
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
_purecall
memchr
memcmp
memcpy
memmove
memset
strchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf
fflush

api-ms-win-crt-math-l1-1-0

_dtest
_fdtest

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_crt_atexit
_errno
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll
abort

api-ms-win-crt-string-l1-1-0

_strdup
strcmp
strlen
strncmp

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-convert-l1-1-0

strtod
strtol
strtoll
strtoul
strtoull

Exports

Exports

PyInit__pywrap_python_op_gen

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 417B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c9e75d01a18a76d495eccecf6bebefc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

python312

_pywrap_tensorflow_internal.pyd

msvcp140

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 526KB - Virtual size: 526KB

.data Size: 98KB - Virtual size: 108KB

.pdata Size: 90KB - Virtual size: 89KB

.tls Size: 512B - Virtual size: 417B

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 526KB - Virtual size: 526KB

.data
Size: 98KB - Virtual size: 108KB

.pdata
Size: 90KB - Virtual size: 89KB

.tls
Size: 512B - Virtual size: 417B

.reloc
Size: 28KB - Virtual size: 27KB