5783e73187d6d942184bd573ae5658cb377d683b5ae313786fdc2ce29f3dd590

Sharing

Copy URL

Twitter E-mail

General

Target

5783e73187d6d942184bd573ae5658cb377d683b5ae313786fdc2ce29f3dd590
Size

114KB
MD5

d946445c82baaedc3ec3390b50438e52
SHA1

4b21ccb5fa4722940165b73b6fe2b65db4be2bfb
SHA256

5783e73187d6d942184bd573ae5658cb377d683b5ae313786fdc2ce29f3dd590
SHA512

e8367eaf038731f679e79ff884f1d4dd2fb4d125d76c6277a2af82306166a7c920083e21bc68905a50d032cf56b24cedc29da7e8e6c5d73bd86e527686d21420
SSDEEP

3072:eviLLLLLpPTlz+5z9tNc8Me1iL2srRcOli7hZtbVqQHT2m:dLLLLLAz9tNc8jtsdChLQoT2m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5783e73187d6d942184bd573ae5658cb377d683b5ae313786fdc2ce29f3dd590

Files

5783e73187d6d942184bd573ae5658cb377d683b5ae313786fdc2ce29f3dd590
.dll windows:6 windows x86 arch:x86

b6f56fd967ed6685108a89f057fa5c3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.5\Release\propsys.pdb

Imports

propsys

PropVariantChangeType
PropVariantToStringAlloc
StgDeserializePropVariant
StgSerializePropVariant
PSGetNamedPropertyFromPropertyStorage
PSGetPropertyFromPropertyStorage
PSGetPropertySystem
PSGetNameFromPropertyKey
PSGetPropertyKeyFromName
PSUnregisterPropertySchema
PSRegisterPropertySchema
PSCreateMemoryPropertyStore
PSGetItemPropertyHandler
PSLookupPropertyHandlerCLSID
PSGetPropertyDescription
PSCreateSimplePropertyChange
PSCreatePropertyChangeArray

ole32

PropVariantClear
PropVariantCopy
CoTaskMemFree
CoTaskMemAlloc

python35

PyLong_FromLong
Py_BuildValue
_Py_FalseStruct
_Py_TrueStruct
PyBool_FromLong
PyObject_GenericGetAttr
PyObject_GenericSetAttr
PyObject_IsTrue
PyLong_AsLong
PyFloat_AsDouble
PyErr_SetString
PyErr_NoMemory
PyErr_Occurred
PyExc_TypeError
PyExc_ValueError
PyGILState_Ensure
PyExc_NotImplementedError
_Py_NoneStruct
PyEval_RestoreThread
PyEval_SaveThread
PyModule_Create2
_Py_BuildValue_SizeT
_PyArg_ParseTuple_SizeT
PyGILState_Release
PyModule_GetDict
PyLong_AsUnsignedLong
PyLong_FromUnsignedLong
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyErr_Format
PyType_Ready
PyBytes_FromStringAndSize
PyDict_SetItemString

pythoncom35

?PyObject_AsCurrency@@YAHPAU_object@@PATtagCY@@@Z
?PyObject_AsPROPVARIANT@@YAHPAU_object@@PAUtagPROPVARIANT@@@Z
?PyObject_FromPROPVARIANT@@YAPAU_object@@PAUtagPROPVARIANT@@@Z
PyCom_InterfaceFromPyObject
?type@PyIUnknown@@2VPyComTypeObject@@A
?setattr@PyIBase@@UAEHPADPAU_object@@@Z
?repr@PyIUnknown@@UAEPAU_object@@XZ
?iternext@PyIBase@@UAEPAU_object@@XZ
?iter@PyIBase@@UAEPAU_object@@XZ
?DeleteMemberByDispID@PyGatewayBase@@UAGJJ@Z
?PyCom_RegisterExtensionSupport@@YAHPAU_object@@PBUPyCom_InterfaceSupportInfo@@H@Z
?ThisAsIID@PyGatewayBase@@UAEPAXU_GUID@@@Z
?QueryInterface@PyGatewayBase@@UAGJABU_GUID@@PAPAX@Z
?Release@PyGatewayBase@@UAGKXZ
?AddRef@PyGatewayBase@@UAGKXZ
??1PyGatewayBase@@MAE@XZ
??0PyGatewayBase@@IAE@PAU_object@@@Z
?PyCom_BuildPyException@@YAPAU_object@@JPAUIUnknown@@ABU_GUID@@@Z
PyCom_PyObjectFromIUnknown
?PyCom_InterfaceFromPyInstanceOrObject@@YAHPAU_object@@ABU_GUID@@PAPAXH@Z
?getattr@PyIBase@@UAEPAU_object@@PAD@Z
?compare@PyIUnknown@@UAEHPAU_object@@@Z
??1PyIUnknown@@MAE@XZ
??0PyIUnknown@@IAE@PAUIUnknown@@@Z
?GetI@PyIUnknown@@SAPAUIUnknown@@PAU_object@@@Z
?DeleteMemberByName@PyGatewayBase@@UAGJPA_WK@Z
??1PyComTypeObject@@QAE@XZ
??0PyComTypeObject@@QAE@PBDPAV0@HPAUPyMethodDef@@P6APAVPyIUnknown@@PAUIUnknown@@@Z@Z
?Unwrap@PyGatewayBase@@UAGJPAPAU_object@@@Z
?InvokeViaPolicy@PyGatewayBase@@MAAJPBDPAPAU_object@@0ZZ
?InvokeEx@PyGatewayBase@@UAGJJKGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAUIServiceProvider@@@Z
?Invoke@PyGatewayBase@@UAGJJABU_GUID@@KGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAI@Z
?InterfaceSupportsErrorInfo@PyGatewayBase@@UAGJABU_GUID@@@Z
?GetTypeInfoCount@PyGatewayBase@@UAGJPAI@Z
?GetTypeInfo@PyGatewayBase@@UAGJIKPAPAUITypeInfo@@@Z
?GetNextDispID@PyGatewayBase@@UAGJKJPAJ@Z
?GetNameSpaceParent@PyGatewayBase@@UAGJPAPAUIUnknown@@@Z
?GetMemberProperties@PyGatewayBase@@UAGJJKPAK@Z
?GetMemberName@PyGatewayBase@@UAGJJPAPA_W@Z
?GetIDsOfNames@PyGatewayBase@@UAGJABU_GUID@@PAPA_WIKPAJ@Z
?GetDispID@PyGatewayBase@@UAGJPA_WKPAJ@Z
?PyCom_SetAndLogCOMErrorFromPyExceptionEx@@YAJPAU_object@@PBDABU_GUID@@@Z

pywintypes35

?PyWinObject_AsFILETIME@@YAHPAU_object@@PAU_FILETIME@@@Z
?PyWinObject_AsDATE@@YAHPAU_object@@PAN@Z
?PyWinObject_AsULARGE_INTEGER@@YAHPAU_object@@PAT_ULARGE_INTEGER@@@Z
?PyWinObject_AsLARGE_INTEGER@@YAHPAU_object@@PAT_LARGE_INTEGER@@@Z
?PyWinObject_AsTaskAllocatedWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinSequence_Tuple@@YAPAU_object@@PAU1@PAK@Z
?PyWinObject_FromBstr@@YAPAU_object@@QA_WH@Z
?PyWinObject_AsBstr@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinExc_COMError@@3PAU_object@@A
?PyWinGlobals_Ensure@@YAHXZ
?PyWinObject_AsHANDLE@@YAHPAU_object@@PAPAX@Z
?PyWinObject_FromIID@@YAPAU_object@@ABU_GUID@@@Z
?PyWinObject_AsIID@@YAHPAU_object@@PAU_GUID@@@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinObject_AsReadBuffer@@YAHPAU_object@@PAPAXPAKH@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z

kernel32

GetModuleHandleW
TerminateProcess
GetCurrentProcess
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetProcAddress
RaiseException
GetLastError
GetSystemInfo

vcruntime140

__telemetry_main_invoke_trigger
memcpy
__CxxFrameHandler3
__std_terminate
__telemetry_main_return_trigger
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_crt_atexit
_initialize_onexit_table
_cexit
_initterm
_initterm_e
_initialize_narrow_environment
terminate
_crt_at_quick_exit
_seh_filter_dll

Exports

Exports

??0PyPROPVARIANT@@QAE@ABUtagPROPVARIANT@@@Z
??0PyPROPVARIANT@@QAE@PAUtagPROPVARIANT@@@Z
??0PyPROPVARIANT@@QAE@XZ
??1PyPROPVARIANT@@IAE@XZ
??4PyPROPVARIANT@@QAEAAV0@ABV0@@Z
?ChangeType@PyPROPVARIANT@@SAPAU_object@@PAU2@0@Z
?GetValue@PyPROPVARIANT@@SAPAU_object@@PAU2@0@Z
?PyPROPVARIANTType@@3U_typeobject@@A
?ToString@PyPROPVARIANT@@SAPAU_object@@PAU2@0@Z
?deallocFunc@PyPROPVARIANT@@SAXPAU_object@@@Z
?members@PyPROPVARIANT@@2PAUPyMemberDef@@A
?methods@PyPROPVARIANT@@2PAUPyMethodDef@@A
?tp_new@PyPROPVARIANT@@SAPAU_object@@PAU_typeobject@@PAU2@1@Z
PyInit_propsys

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6f56fd967ed6685108a89f057fa5c3a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

propsys

ole32

python35

pythoncom35

pywintypes35

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 4KB - Virtual size: 7KB

.gfids Size: 512B - Virtual size: 76B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 4KB - Virtual size: 7KB

.gfids
Size: 512B - Virtual size: 76B

.reloc
Size: 7KB - Virtual size: 6KB