66e74cc6a29814408d4d780e6c102e5e42f58fdd80ecfe9a57b00538f77076be

Sharing

Copy URL

Twitter E-mail

General

Target

66e74cc6a29814408d4d780e6c102e5e42f58fdd80ecfe9a57b00538f77076be
Size

176KB
MD5

561b615e01dbc8cb3c5605562480b692
SHA1

7593ad86ecaf10224ab30297547f9dc65860a93f
SHA256

66e74cc6a29814408d4d780e6c102e5e42f58fdd80ecfe9a57b00538f77076be
SHA512

1178781fb8f610a7686a8aac9508edba103c56f45b8749eba9372e2652eafeb036480c82609c7dcfb2c827a8f878335962a88ec56104da4921301e73a54b22f0
SSDEEP

3072:aWKFfdtEqcmD1c7QIXARCwOaEN23zk/8buALpFCFbg8Lx8DnjEP:aWkdtBcE1omRCHacizW8boFEox8DnjE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66e74cc6a29814408d4d780e6c102e5e42f58fdd80ecfe9a57b00538f77076be

Files

66e74cc6a29814408d4d780e6c102e5e42f58fdd80ecfe9a57b00538f77076be
.dll windows:6 windows x64 arch:x64

6259717a5256035618fc2439f63e22f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

geode-numerics_scalar_function

?compute_scalar_function@?$FDMCurvatureMinimization@$02@geode@@QEAAXV?$basic_string_view@DU?$char_traits@D@std@@@std@@@Z
?use_scalar_function_preconditioning@?$FDMCurvatureMinimization@$02@geode@@QEAAXAEBV?$ComputationGrid@$02@2@V?$basic_string_view@DU?$char_traits@D@std@@@std@@@Z
?use_constraint_value_preconditioning@?$FDMCurvatureMinimization@$02@geode@@QEAAXXZ
??1?$FDMCurvatureMinimization@$02@geode@@QEAA@XZ
??0?$FDMCurvatureMinimization@$02@geode@@QEAA@AEAV?$ComputationGrid@$02@1@AEBV?$DataConstraintsManager@$02@1@@Z
?save_data_points_manager@?$DataPointsManager@$01@geode@@QEBAXV?$basic_string_view@DU?$char_traits@D@std@@@std@@@Z
?change_data_point_weight@?$DataPointsManager@$01@geode@@QEAAXIN@Z
?change_data_point_value@?$DataPointsManager@$01@geode@@QEAAXIN@Z
?remove_data_point@?$DataPointsManager@$01@geode@@QEAAXI@Z
?add_data_point@?$DataPointsManager@$01@geode@@QEAAIV?$Point@$01@2@NN@Z
?load_data_points@?$DataPointsManager@$01@geode@@QEAAXV?$basic_string_view@DU?$char_traits@D@std@@@std@@@Z
??0?$DataPointsManager@$01@geode@@QEAA@XZ
??0?$ComputationGrid@$01@geode@@QEAA@V?$Point@$01@1@V?$array@I$01@std@@V?$array@N$01@4@@Z
??0?$ComputationGrid@$02@geode@@QEAA@V?$Point@$02@1@V?$array@I$02@std@@V?$array@N$02@4@@Z
?compute_scalar_function@?$FDMCurvatureMinimization@$01@geode@@QEAAXV?$basic_string_view@DU?$char_traits@D@std@@@std@@@Z
?use_scalar_function_preconditioning@?$FDMCurvatureMinimization@$01@geode@@QEAAXAEBV?$ComputationGrid@$01@2@V?$basic_string_view@DU?$char_traits@D@std@@@std@@@Z
?use_constraint_value_preconditioning@?$FDMCurvatureMinimization@$01@geode@@QEAAXXZ
??1?$FDMCurvatureMinimization@$01@geode@@QEAA@XZ
??0?$FDMCurvatureMinimization@$01@geode@@QEAA@AEAV?$ComputationGrid@$01@1@AEBV?$DataConstraintsManager@$01@1@@Z
?save_data_points_manager@?$DataPointsManager@$02@geode@@QEBAXV?$basic_string_view@DU?$char_traits@D@std@@@std@@@Z
?change_data_point_weight@?$DataPointsManager@$02@geode@@QEAAXIN@Z
?change_data_point_value@?$DataPointsManager@$02@geode@@QEAAXIN@Z
?remove_data_point@?$DataPointsManager@$02@geode@@QEAAXI@Z
?add_data_point@?$DataPointsManager@$02@geode@@QEAAIV?$Point@$02@2@NN@Z
?load_data_points@?$DataPointsManager@$02@geode@@QEAAXV?$basic_string_view@DU?$char_traits@D@std@@@std@@@Z
??0?$DataPointsManager@$02@geode@@QEAA@XZ
?initialize@NumericsScalarFunctionLibrary@geode@@SAXXZ

python39

PyProperty_Type
PyIndex_Check
_Py_NotImplementedStruct
PyByteArray_Size
PyGILState_Ensure
PyCapsule_SetContext
PyTuple_Size
PyNumber_Long
PyThreadState_DeleteCurrent
PyExc_TypeError
PyThreadState_Clear
PyCapsule_Type
PyDict_Copy
PyObject_Str
PyUnicode_AsUTF8String
PyModule_Type
PyFrame_GetBack
PyFrame_GetCode
PyExc_IndexError
PyExc_ImportError
PyCapsule_SetPointer
_Py_TrueStruct
PyExc_SystemError
PyObject_SetItem
PyException_SetCause
PyInterpreterState_Get
PyDict_DelItemString
PyUnicode_FromString
PyLong_FromSize_t
PyEval_AcquireThread
_PyType_Lookup
PyGILState_GetThisThreadState
PyBuffer_Release
PyObject_Repr
PyByteArray_Type
PyNumber_Float
PyType_Type
PySequence_Tuple
_PyObject_GetDictPtr
PyObject_HasAttrString
PyObject_CallObject
PyErr_Clear
PyObject_GetAttrString
PyType_Ready
PyModule_Create2
PyList_New
PyUnicode_FromFormat
PyObject_ClearWeakRefs
PyObject_GenericGetDict
PyObject_CallFunctionObjArgs
PyErr_Fetch
PyCapsule_GetPointer
PyTuple_GetItem
_Py_Dealloc
PyExc_OverflowError
PyErr_Restore
PyType_IsSubtype
PyFloat_Type
_Py_FalseStruct
PyThreadState_New
PyDict_Type
PyErr_Format
PyDict_Next
PyExc_ValueError
PyErr_WriteUnraisable
PyErr_SetString
PyByteArray_AsString
PyList_Size
PyFloat_FromDouble
PyDict_Size
PyObject_GenericSetDict
PyTuple_New
_Py_NoneStruct
PyBytes_AsStringAndSize
PyThread_tss_set
PyCMethod_New
PyGILState_Release
PyTuple_SetItem
PyFloat_AsDouble
PyFrame_GetLineNumber
PyMem_Free
PyObject_IsInstance
PyCapsule_GetContext
PyInstanceMethod_New
PyException_SetContext
PySequence_Check
PyList_GetItem
PyDict_New
PyBytes_Size
PyCapsule_GetName
PyCapsule_New
PyException_SetTraceback
Py_GetVersion
PyList_Append
PyThread_tss_get
PyDict_GetItemWithError
PyExc_MemoryError
PyInstanceMethod_Type
PyObject_GC_UnTrack
PyObject_SetAttrString
PyExc_RuntimeError
_PyThreadState_UncheckedGet
PyEval_SaveThread
PyUnicode_AsUTF8AndSize
PyUnicode_DecodeUTF8
PyErr_Occurred
PySequence_GetItem
PyErr_NormalizeException
PyBytes_AsString
PyImport_ImportModule
PyObject_Malloc
PyLong_AsUnsignedLong
PyThreadState_Get
PyWeakref_NewRef
PyCFunction_Type
PyObject_SetAttr
PyExc_BufferError
PyMem_Calloc
PyBaseObject_Type
PyInterpreterState_GetDict
PyUnicode_AsEncodedString
PySequence_Size
PyThread_tss_create
PyNumber_Check

msvcp140

?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
__std_type_info_destroy_list
strchr
__std_terminate
__std_type_info_name
__C_specific_handler
_purecall
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
__RTDynamicCast
__current_exception_context
_CxxThrowException
memset
__std_type_info_hash
memchr
memcmp
memcpy
memmove

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_malloc
_callnewh
free
malloc

api-ms-win-crt-string-l1-1-0

_strdup
strcmp
strncmp

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn

kernel32

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
IsDebuggerPresent
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

PyInit_geode_numerics_py_scalar_function

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6259717a5256035618fc2439f63e22f4

Headers

DLL Characteristics

File Characteristics

Imports

geode-numerics_scalar_function

python39

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 212B

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 212B