2ca93d7254dd8322d18de9be2ff2a5c064be233be414ea00fbb85a6ae899cb13

Sharing

Copy URL Twitter E-mail

General

Target

2ca93d7254dd8322d18de9be2ff2a5c064be233be414ea00fbb85a6ae899cb13
Size

67KB
MD5

901294df7941c52ced426df49eaf121e
SHA1

0621c7686cba7d245f7e323a99b088f972e4c6cb
SHA256

2ca93d7254dd8322d18de9be2ff2a5c064be233be414ea00fbb85a6ae899cb13
SHA512

672a537e351b1628f811ca0a77cd23996357e268bea1d9cdb33236dffdc95f571a4a7807e3b3953d3faf4818ce3fc4ead284171d6cab6bddbc5f522ccee6dda7
SSDEEP

1536:sKD/RSVkv+/vIOt38B9B0qlueqH5e0eaychSevSNEa3Uf:3qYOdNSueqZSevSuKUf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ca93d7254dd8322d18de9be2ff2a5c064be233be414ea00fbb85a6ae899cb13

Files

2ca93d7254dd8322d18de9be2ff2a5c064be233be414ea00fbb85a6ae899cb13
.dll windows:6 windows x86 arch:x86

91849b8e35277173c8580d30e22a11bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.6\Release\win32net.pdb

Imports

netapi32

NetShareEnum
NetShareGetInfo
NetShareSetInfo
NetShareDel
NetShareCheck
NetServerEnum
NetServerGetInfo
NetServerSetInfo
NetServerDiskEnum
NetServerComputerNameAdd
NetServerComputerNameDel
NetWkstaGetInfo
NetWkstaSetInfo
NetWkstaUserEnum
NetWkstaTransportAdd
NetWkstaTransportDel
NetWkstaTransportEnum
NetStatisticsGet
NetLocalGroupDelMembers
NetGetDCName
NetGetAnyDCName
NetShareAdd
NetMessageNameEnum
NetMessageNameDel
NetMessageBufferSend
NetSessionEnum
NetSessionDel
NetSessionGetInfo
NetUseAdd
NetUseDel
NetUseEnum
NetUseGetInfo
NetUserAdd
NetUserEnum
NetUserGetInfo
NetUserSetInfo
NetUserDel
NetUserGetGroups
NetUserGetLocalGroups
NetUserModalsGet
NetUserModalsSet
NetUserChangePassword
NetLocalGroupAddMembers
NetLocalGroupSetMembers
NetLocalGroupGetMembers
NetLocalGroupDel
NetLocalGroupSetInfo
NetLocalGroupGetInfo
NetLocalGroupEnum
NetLocalGroupAdd
NetGroupSetUsers
NetGroupGetUsers
NetGroupDelUser
NetGroupDel
NetGroupSetInfo
NetGroupGetInfo
NetGroupEnum
NetGroupAddUser
NetGroupAdd
NetApiBufferFree
NetFileGetInfo
NetFileEnum
NetMessageNameAdd
NetFileClose

advapi32

GetLengthSid
GetSecurityDescriptorLength

python36

PyErr_Occurred
PyList_New
PyList_Append
PyErr_SetString
PyArg_ParseTuple
Py_BuildValue
PyEval_SaveThread
PyEval_RestoreThread
_Py_NoneStruct
PyExc_ValueError
PyBytes_FromStringAndSize
PyLong_FromUnsignedLong
PyTuple_New
PyTuple_SetItem
PyList_SetItem
PyDict_New
PyDict_SetItemString
PyErr_Clear
PyErr_Format
PyArg_ParseTupleAndKeywords
PyExc_NotImplementedError
PyExc_RuntimeError
PyExc_MemoryError
_Py_TrueStruct
_Py_FalseStruct
PyMapping_SetItemString
PyMapping_GetItemString
PyMapping_Check
PyModule_Create2
PyErr_NoMemory
PyExc_TypeError
PyModule_GetDict
PyLong_FromVoidPtr
PyLong_AsUnsignedLongMask
PyLong_AsLong
PyLong_FromLong
PyUnicode_FromWideChar
PyBytes_AsString
PyBytes_Size
PyObject_IsTrue

pywintypes36

?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_WH@Z
?PyWinObject_FromLARGE_INTEGER@@YAPAU_object@@ABT_LARGE_INTEGER@@@Z
?PyWinObject_FromFILETIME@@YAPAU_object@@ABU_FILETIME@@@Z
?SetBstr@PyWin_AutoFreeBstr@@QAEXPA_W@Z
??1PyWin_AutoFreeBstr@@QAE@XZ
??0PyWin_AutoFreeBstr@@QAE@PA_W@Z
?PyWinObject_AsBstr@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinExc_ApiError@@3PAU_object@@A
?PyWinGlobals_Ensure@@YAHXZ
?PyWinObject_FromSID@@YAPAU_object@@PAX@Z
?PyWinObject_AsSID@@YAHPAU_object@@PAPAXH@Z
?PyWinObject_FromSECURITY_DESCRIPTOR@@YAPAU_object@@PAX@Z
?PyWinObject_AsSECURITY_DESCRIPTOR@@YAHPAU_object@@PAPAXH@Z
?PyWinLong_AsVoidPtr@@YAHPAU_object@@PAPAX@Z
?PyWinSequence_Tuple@@YAPAU_object@@PAU1@PAK@Z
?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z
?PyWin_RegisterErrorMessageModule@@YAHKKPAUHINSTANCE__@@@Z

kernel32

IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
TerminateProcess
GetSystemTimeAsFileTime
CompareStringW

vcruntime140

_except_handler4_common
__std_exception_copy
__std_type_info_destroy_list
__telemetry_main_return_trigger
__telemetry_main_invoke_trigger
__CxxFrameHandler3
memcpy
_except_handler3
memset
__std_exception_destroy
_CxxThrowException

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_register_onexit_function

Exports

Exports

PyInit_win32net

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91849b8e35277173c8580d30e22a11bd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

advapi32

python36

pywintypes36

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 10KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 76B

.rsrc Size: 1024B - Virtual size: 852B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 10KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 76B

.rsrc
Size: 1024B - Virtual size: 852B

.reloc
Size: 4KB - Virtual size: 4KB