215ff74a244e8ec2498f6d018382b4f36b238bac2c700c625b92666f2b416ff0

Sharing

Copy URL

Twitter E-mail

General

Target

215ff74a244e8ec2498f6d018382b4f36b238bac2c700c625b92666f2b416ff0
Size

222KB
MD5

de557c1a0e206525a1488fc91e754c45
SHA1

c42ab6a1d91e3fb6985d8466e9eedc8c59cc1a22
SHA256

215ff74a244e8ec2498f6d018382b4f36b238bac2c700c625b92666f2b416ff0
SHA512

f2829f5b7d1e212fd3238b45fb9eeed4089fea64fb850e672dd809375202664122e075dd609df62b3dbfbb35ad5d8490c4265744c5cfcefdecc7bbe9b678cd4c
SSDEEP

3072:YRfi+6+tkl3MfJKkcCygHdTcFssqYuSoP2AeDPzZZcyr7H7yGeoaD:YRqzl3U9ygH9GHru9P2AoyGeo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
215ff74a244e8ec2498f6d018382b4f36b238bac2c700c625b92666f2b416ff0

Files

215ff74a244e8ec2498f6d018382b4f36b238bac2c700c625b92666f2b416ff0
.dll windows:6 windows x64 arch:x64

d7a7ae2185b45a702325e1166a266387

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\src\pywin32\build\temp.win-amd64-3.5\Release\win32gui.pdb

Imports

gdi32

EqualRgn
ExtFloodFill
FillRgn
FrameRgn
GetROP2
GetBkColor
GetBkMode
GetCurrentObject
GetCurrentPositionEx
GetGraphicsMode
GetMapMode
GetObjectType
GetPixel
GetPolyFillMode
GetRgnBox
GetStockObject
GetStretchBltMode
GetTextCharacterExtra
GetTextAlign
GetTextColor
GetTextExtentPoint32W
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
InvertRgn
LineTo
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
Rectangle
RestoreDC
RoundRect
SaveDC
SelectObject
SetBkColor
SetBkMode
SetGraphicsMode
SetMapMode
EnumFontFamiliesW
SetPixelV
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
GetTextMetricsW
AbortPath
ArcTo
BeginPath
CloseFigure
EndPath
FillPath
FlattenPath
GetPath
PathToRegion
SetArcDirection
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
ExtCreatePen
GetMiterLimit
GetArcDirection
GetObjectW
MoveToEx
ExtTextOutW
CreatePolygonRgn
Polygon
Polyline
PolyBezier
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
GetTextFaceW
Ellipse
DeleteObject
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateFontIndirectW
CreateEllipticRgnIndirect
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CombineRgn
Chord
BitBlt
SetPixel
Arc

user32

GetCapture
SetCapture
ReleaseCapture
EnableWindow
IsWindowEnabled
CreateAcceleratorTableW
GetNextDlgTabItem
TranslateAcceleratorW
LoadMenuW
GetMenu
SetMenu
GetMenuState
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
CheckMenuItem
EnableMenuItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
DeleteMenu
SetMenuItemBitmaps
TrackPopupMenu
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
GetMenuDefaultItem
SetMenuDefaultItem
GetMenuItemRect
DragDetect
DrawIcon
DrawTextW
UpdateWindow
SetActiveWindow
GetForegroundWindow
PaintDesktop
SetForegroundWindow
WindowFromDC
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRgn
SetWindowRgn
GetWindowRgn
InvalidateRect
ValidateRect
InvalidateRgn
ValidateRgn
RedrawWindow
ScrollWindowEx
EnumPropsExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
MessageBoxW
MessageBeep
SetCursor
GetCursorPos
GetCursor
GetFocus
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
WindowFromPoint
ChildWindowFromPoint
ChildWindowFromPointEx
GetSysColor
GetSysColorBrush
DrawFocusRect
FillRect
FrameRect
InvertRect
PtInRect
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetClassLongW
GetClassLongPtrW
SetClassLongPtrW
GetDesktopWindow
GetParent
SetParent
EnumChildWindows
FindWindowW
FindWindowExW
EnumWindows
EnumThreadWindows
GetClassNameW
GetWindow
CheckMenuRadioItem
LoadCursorW
LoadIconW
DestroyIcon
CreateIconFromResource
LoadImageW
DrawIconEx
CreateIconIndirect
CopyIcon
GetIconInfo
IsDialogMessageW
SetScrollInfo
GetScrollInfo
SystemParametersInfoW
GetCursorInfo
GetNextDlgGroupItem
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
GetDlgItem
EndDialog
DialogBoxIndirectParamW
DialogBoxParamW
CreateDialogIndirectParamW
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
CloseWindow
FlashWindow
ShowWindow
DestroyWindow
GetActiveWindow
SetFocus
DefDlgProcW
CreateCaret
GetDlgCtrlID
IsChild
IsWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
SetDoubleClickTime
GetDoubleClickTime
CallWindowProcW
PostQuitMessage
DefWindowProcW
WaitMessage
ReplyMessage
PostThreadMessageW
PostMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
SendMessageTimeoutW
SendMessageW
RegisterHotKey
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawAnimatedRects
DrawEdge
RegisterWindowMessageW
DestroyAcceleratorTable

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

comctl32

_TrackMouseEvent
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControlsEx
ord17

shell32

ExtractIconExW
ExtractIconW
DragAcceptFiles
Shell_NotifyIconW

python35

PyObject_AsWriteBuffer
_Py_FalseStruct
_Py_TrueStruct
PyExc_AttributeError
PyExc_MemoryError
PyExc_TypeError
PyExc_PendingDeprecationWarning
PyEval_InitThreads
PyObject_AsReadBuffer
PyEval_RestoreThread
PyEval_SaveThread
PyObject_CallObject
PyErr_Print
PyModule_Create2
PyArg_ParseTupleAndKeywords
PyErr_Format
PyErr_NoMemory
PyErr_Fetch
PyErr_Clear
PyErr_WarnEx
PyGILState_Release
PyGILState_Ensure
PyObject_Call
PyModule_GetDict
PyDict_SetItemString
PyDict_DelItem
PyEval_CallObjectWithKeywords
PyDict_SetItem
PyDict_GetItem
PyDict_New
PyTuple_GetItem
PyLong_FromVoidPtr
PyTuple_Size
PyTuple_New
PyFloat_FromDouble
PyBool_FromLong
PyLong_AsUnsignedLongMask
PyLong_AsLong
PyLong_FromSsize_t
PyUnicode_AsUTF8
PyUnicode_AsUnicode
PyBytes_AsStringAndSize
PyBytes_FromString
PyCallable_Check
PyObject_IsTrue
PyObject_GenericSetAttr
PyObject_GenericGetAttr
PyObject_GetAttrString
PyType_Ready
PyExc_ValueError
PyExc_NotImplementedError
_Py_NoneStruct
PySequence_Tuple
Py_BuildValue
PyArg_ParseTuple
PyErr_Occurred
PyErr_SetString
PyList_Append
PyList_New
PyLong_AsUnsignedLong
PyLong_FromUnsignedLong
PyLong_FromLong
PyBytes_FromStringAndSize
PyLong_AsLongLong
PySys_WriteStderr

pywintypes35

?PyHANDLEType@@3U_typeobject@@A
?PyWinExc_ApiError@@3PEAU_object@@EA
??1PyHANDLE@@UEAA@XZ
?PyWinGlobals_Ensure@@YAHXZ
?PyWinObject_FromMSG@@YAPEAU_object@@PEBUtagMSG@@@Z
?PyWinObject_AsMSG@@YAHPEAU_object@@PEAUtagMSG@@@Z
?PyWinLong_FromHANDLE@@YAPEAU_object@@PEAX@Z
?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z
?PyWinObject_AsDEVMODE@@YAHPEAU_object@@PEAPEAU_devicemodeW@@H@Z
?PyWinObject_FromRECT@@YAPEAU_object@@PEAUtagRECT@@@Z
?PyWinObject_AsRECT@@YAHPEAU_object@@PEAUtagRECT@@@Z
?PyWinObject_AsPARAM@@YAHPEAU_object@@PEA_K@Z
?PyWinObject_AsDWORDArray@@YAHPEAU_object@@PEAPEAKPEAKH@Z
?PyWinObject_AsPOINT@@YAHPEAU_object@@PEAUtagPOINT@@@Z
?PyWinLong_FromVoidPtr@@YAPEAU_object@@PEBX@Z
?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_WH@Z
?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z
?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z
?PyBuffer_FromMemory@@YAPEAU_object@@PEAX_J@Z
?PyBuffer_New@@YAPEAU_object@@_J@Z
?PyWinObject_FreeResourceId@@YAXPEA_W@Z
?PyWinObject_AsResourceIdW@@YAHPEAU_object@@PEAPEA_WH@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z
?PyWinObject_AsReadBuffer@@YAHPEAU_object@@PEAPEAXPEAKH@Z
?PyWinObject_FreeWCHAR@@YAXPEA_W@Z
?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z
??0PyHANDLE@@QEAA@PEAX@Z

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsBadStringPtrW
IsBadWritePtr
IsBadReadPtr
LoadLibraryW
GetProcAddress
GetModuleHandleW
SetLastError
GetLastError
GlobalFree
GlobalLock
GlobalUnlock
GlobalReAlloc
IsDebuggerPresent
GlobalAlloc

vcruntime140

__std_terminate
memcpy
__CxxFrameHandler3
memset
__C_specific_handler
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

strcmp
wcsncpy

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initterm

Exports

Exports

DllMain
PyInit_win32gui

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7a7ae2185b45a702325e1166a266387

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

user32

comdlg32

comctl32

shell32

python35

pywintypes35

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 125KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 14KB - Virtual size: 14KB

.pdata Size: 13KB - Virtual size: 12KB

.gfids Size: 512B - Virtual size: 52B

.rsrc Size: 1024B - Virtual size: 852B

.reloc Size: 512B - Virtual size: 372B

.text
Size: 125KB - Virtual size: 125KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 14KB - Virtual size: 14KB

.pdata
Size: 13KB - Virtual size: 12KB

.gfids
Size: 512B - Virtual size: 52B

.rsrc
Size: 1024B - Virtual size: 852B

.reloc
Size: 512B - Virtual size: 372B