2341a7de90688e82eba06674cec7a0f9e07400e745dcab5de68ab11615a6322c

Sharing

Copy URL Twitter E-mail

General

Target

2341a7de90688e82eba06674cec7a0f9e07400e745dcab5de68ab11615a6322c
Size

130KB
MD5

b4f666d11ddd14414fe537f09875297b
SHA1

50c200d7462afa650f70d9d07cef1031c3d4a211
SHA256

2341a7de90688e82eba06674cec7a0f9e07400e745dcab5de68ab11615a6322c
SHA512

6032e0ea93dc4a73dedd8f8678bd34ead6f188bdb5566a593af8fcc2788f8111d16c2a94cfdcde1dfc02c38a51add047ebf416f339b162f322df30ec67c1d20c
SSDEEP

1536:r9J9jxHBeGOpXF4HqoDFEg2VS7x+JxT/Uw7mVVPWMA1tY0GfUnuMQLr3A1eGhYk4:JJ9PAXFCqCFfr4buVeMpf4LQLTGh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2341a7de90688e82eba06674cec7a0f9e07400e745dcab5de68ab11615a6322c

Files

2341a7de90688e82eba06674cec7a0f9e07400e745dcab5de68ab11615a6322c
.dll windows:6 windows x64 arch:x64

b2e723d92e5dcbca75b1e602781cadc0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\programmierung\RoyalRenderGit_90\project\3rdparty\python2\temp\cpython_godal64\PCBuild\amd64\_ctypes.pdb

Imports

kernel32

GetProcAddress
SetLastError
GetLastError
DisableThreadLibraryCalls
LoadLibraryA
LocalFree
FreeLibrary
FormatMessageA
VirtualAlloc
GetSystemInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

ole32

ProgIDFromCLSID

oleaut32

SysAllocStringLen
SysFreeString
GetErrorInfo
SysStringLen

python27

_PyArg_ParseTuple_SizeT
PyObject_CallFunctionObjArgs
PyInt_FromSsize_t
PyObject_GetBuffer
PyList_New
PyType_Ready
PyObject_AsReadBuffer
PyObject_GetAttrString
PyErr_NewException
PyString_FromFormat
_PyObject_CallMethod_SizeT
PyErr_Clear
PyUnicodeUCS2_FromUnicode
PyBuffer_Type
PyObject_GenericSetAttr
PyDict_SetItem
PyDict_New
PyString_InternFromString
PyObject_IsInstance
PyMem_Free
PyLong_FromVoidPtr
PyErr_NoMemory
PyDict_GetItemString
PyDict_GetItem
PyLong_AsVoidPtr
PyObject_CallObject
PyEval_InitThreads
PyString_AsString
PyUnicodeUCS2_FromEncodedObject
PyDict_DelItem
PyUnicodeUCS2_FromWideChar
PyNumber_AsSsize_t
PyObject_IsSubclass
_PyWeakref_ProxyType
PyObject_AsWriteBuffer
PyExc_TypeError
PyCFunction_NewEx
_PySlice_AdjustIndices
PyTuple_Pack
PyCallable_Check
PyMem_Malloc
PyExc_IndexError
PyArg_UnpackTuple
PyInt_FromLong
PyInt_AsUnsignedLongMask
_PySlice_Unpack
PyString_Format
PyBuffer_Release
PyType_Type
PyErr_ExceptionMatches
PyString_FromStringAndSize
PyThreadState_Get
PyCode_NewEmpty
PyInt_AsLong
PyImport_ImportModuleNoBlock
PyErr_WarnEx
PyExc_RuntimeWarning
PyFrame_New
PyTraceBack_Here
PyObject_GC_UnTrack
PySys_GetObject
PyGILState_Release
PyObject_CallFunction
Py_Initialize
PyObject_GC_Del
Py_IsInitialized
PyFile_WriteString
PyObject_GC_Track
PyGILState_Ensure
_PyObject_GC_NewVar
PySequence_SetItem
PyErr_SetObject
PyLong_AsUnsignedLong
PyCapsule_IsValid
PyString_Type
PyErr_NormalizeException
PyLong_FromSsize_t
PyEval_SaveThread
Py_BuildValue
PyErr_SetFromWindowsErr
PyExc_WindowsError
PyTuple_Type
PyString_FromFormatV
PyObject_Free
PyCapsule_GetPointer
PyErr_Fetch
PyLong_AsLong
PyThreadState_GetDict
PyCapsule_New
PyObject_CallMethod
_PyObject_New
PyMem_Realloc
PyObject_Str
PyString_ConcatAndDel
PyArg_ParseTuple
PyEval_RestoreThread
PyBool_FromLong
_PyFloat_Pack4
PyLong_FromUnsignedLongLong
_PyFloat_Unpack4
PyFloat_AsDouble
PyLong_FromLongLong
PyString_Size
PyFloat_FromDouble
PyLong_FromUnsignedLong
PyFloat_Type
PyInt_AsUnsignedLongLongMask
_PyFloat_Unpack8
PyObject_IsTrue
_PyFloat_Pack8
Py_FatalError
_PyInt_AsInt
PyObject_GetAttr
PySequence_Fast
PyTuple_Size
PyObject_HasAttrString
PyModule_AddObject
PyDescr_NewGetSet
PySequence_GetSlice
PyTuple_GetItem
PyExc_OverflowError
PyType_IsSubtype
PyString_Concat
PyModule_AddStringConstant
PyDict_Type
PyErr_Format
PyDict_Next
_Py_CheckRecursiveCall
PyExc_ValueError
PyErr_WriteUnraisable
PyErr_SetString
PyTuple_GetSlice
PyExc_AttributeError
PyUnicodeUCS2_AsEncodedString
PyDict_Size
PyDict_SetItemString
PyTuple_New
_Py_NoneStruct
PyObject_SetAttrString
Py_InitModule4_64
PyMethod_New
PyExc_RuntimeError
PyErr_Print
_PyWeakref_CallableProxyType
PyWeakref_NewProxy
PyErr_Occurred
PyDict_Update
PySequence_GetItem
PyString_FromString
PySlice_Type
PyLong_AsSsize_t
_PyThreadState_Current
PyType_GenericNew
_PyObject_CallFunction_SizeT
_Py_BuildValue_SizeT
_Py_CheckRecursionLimit
PyDescr_NewClassMethod
PyObject_SetAttr
PySequence_Size
PyUnicodeUCS2_AsWideChar
PySequence_Tuple

vcruntime140

memcpy
memcmp
memset
strchr
__C_specific_handler
__std_type_info_destroy_list
__current_exception
__current_exception_context
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
terminate
_errno
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_crt_at_quick_exit
_cexit

api-ms-win-crt-string-l1-1-0

isspace
strcmp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
init_ctypes

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2e723d92e5dcbca75b1e602781cadc0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

oleaut32

python27

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 81KB - Virtual size: 80KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 14KB - Virtual size: 15KB

.pdata Size: 5KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 932B

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 14KB - Virtual size: 15KB

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 932B