85d6de00e3970a7d1198965c6e2b190fbfcbe9380acc9729151a0ff32564e348

Sharing

Copy URL Twitter E-mail

General

Target

85d6de00e3970a7d1198965c6e2b190fbfcbe9380acc9729151a0ff32564e348
Size

21KB
MD5

4e92f1a271f48325481c20fa4eca5f4d
SHA1

0e00f02c4b2703a5e80b110b1f7f54d6819c98d9
SHA256

85d6de00e3970a7d1198965c6e2b190fbfcbe9380acc9729151a0ff32564e348
SHA512

221d3675a16f8d8897bafa4f56db8d7243d7cecbd908e0b2b5181a3402637be2da3b08bf84b6a059a05786ef961d39a6c936ee111a2f63e49808140e1bb386b5
SSDEEP

384:PD0N3c5/U95IGly2g6U/mzp0EsIomEzE0CLlhpNfRm/lbv:PDa3w/U95IGA36U0p0EIE0YhRMlL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85d6de00e3970a7d1198965c6e2b190fbfcbe9380acc9729151a0ff32564e348

Files

85d6de00e3970a7d1198965c6e2b190fbfcbe9380acc9729151a0ff32564e348
.dll windows:6 windows x86 arch:x86

1d95b056c5a9f500df86ea390b5b9c17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.8\Release\perfmon.pdb

Imports

python38

PyObject_GenericSetAttr
_PyTraceMalloc_NewReference
_Py_Dealloc
PyModule_Create2
PyModule_GetDict
PyExc_ValueError
PyType_Ready
PyExc_RuntimeError
PyExc_TypeError
PyLong_FromLong
PyObject_GenericGetAttr
PyExc_MemoryError
_Py_NoneStruct
_Py_tracemalloc_config
PySequence_GetItem
PySequence_Size
PyArg_ParseTuple
PyErr_SetString

pywintypes38

?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinGlobals_Ensure@@YAHXZ
?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z

kernel32

IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
GetProcAddress
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersionExW
CloseHandle

vcruntime140

__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
_except_handler4_common
__CxxFrameHandler3
__std_terminate
memset

api-ms-win-crt-string-l1-1-0

wcsncpy

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_initialize_narrow_environment
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initterm
_execute_onexit_table
_initterm_e
_seh_filter_dll

Exports

Exports

PyInit_perfmon

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d95b056c5a9f500df86ea390b5b9c17

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

python38

pywintypes38

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 76B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 76B

.reloc
Size: 1KB - Virtual size: 1KB