dceb94aee32874740e9591d4142f41a05102597372152fa9fd9055035acdf280N

Sharing

Copy URL Twitter E-mail

General

Target

dceb94aee32874740e9591d4142f41a05102597372152fa9fd9055035acdf280N
Size

168KB
MD5

5eb6492de2345399f6ab5e49e4616cb0
SHA1

e51eb8fd435429d467cc4b1c6b32db72c48bb8d1
SHA256

dceb94aee32874740e9591d4142f41a05102597372152fa9fd9055035acdf280
SHA512

c9258e566ef5d17bb425c70cf3a359551e1e9bab00a3639510e1216a6422f62ef40c89bf1c1b79a525bf23fdbe6c4faf61899fccb04d38ff18b90f168eed8229
SSDEEP

3072:3R8FP1UduivnPNf0MmrCOB+PDgRkcROGR3qxiJvc6Pxs8r6rpGj/HLa:3RmP1UduivnPNfhE1RkcROGRJP7m8j2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dceb94aee32874740e9591d4142f41a05102597372152fa9fd9055035acdf280N

Files

dceb94aee32874740e9591d4142f41a05102597372152fa9fd9055035acdf280N
.dll windows:6 windows x86 arch:x86

225bf448ea7edbe12cdd2716ce69bd5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.7\Release\win32gui.pdb

Imports

gdi32

EqualRgn
ExtFloodFill
FillRgn
FrameRgn
GetROP2
GetBkColor
GetBkMode
GetCurrentObject
GetCurrentPositionEx
GetGraphicsMode
GetMapMode
GetObjectType
GetPixel
GetPolyFillMode
GetRgnBox
GetStockObject
GetStretchBltMode
GetTextCharacterExtra
GetTextAlign
GetTextColor
GetTextExtentPoint32W
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
InvertRgn
LineTo
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
Rectangle
RestoreDC
RoundRect
SaveDC
SelectObject
SetBkColor
SetBkMode
SetGraphicsMode
SetMapMode
EnumFontFamiliesW
SetPixelV
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
GetTextMetricsW
AbortPath
ArcTo
BeginPath
CloseFigure
EndPath
FillPath
FlattenPath
GetPath
PathToRegion
SetArcDirection
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
ExtCreatePen
GetMiterLimit
GetArcDirection
GetObjectW
MoveToEx
ExtTextOutW
CreatePolygonRgn
Polygon
Polyline
PolyBezier
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
GetTextFaceW
Ellipse
DeleteObject
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateFontIndirectW
CreateEllipticRgnIndirect
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CombineRgn
Chord
BitBlt
SetPixel
Arc

user32

GetFocus
GetCapture
SetCapture
ReleaseCapture
EnableWindow
GetNextDlgGroupItem
CreateAcceleratorTableW
DestroyAcceleratorTable
TranslateAcceleratorW
LoadMenuW
GetMenu
SetMenu
GetMenuState
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
CheckMenuItem
EnableMenuItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
DeleteMenu
SetMenuItemBitmaps
TrackPopupMenu
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
GetMenuDefaultItem
SetMenuDefaultItem
GetMenuItemRect
DragDetect
DrawIcon
DrawTextW
UpdateWindow
SetActiveWindow
GetForegroundWindow
PaintDesktop
SetForegroundWindow
WindowFromDC
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRgn
SetWindowRgn
GetWindowRgn
InvalidateRect
InvalidateRgn
ValidateRgn
RedrawWindow
ScrollWindowEx
EnumPropsExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
MessageBoxW
MessageBeep
SetCursor
GetCursorPos
GetActiveWindow
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
WindowFromPoint
ChildWindowFromPoint
ChildWindowFromPointEx
GetSysColor
GetSysColorBrush
DrawFocusRect
FillRect
FrameRect
InvertRect
PtInRect
GetWindowLongW
SetWindowLongW
GetClassLongW
SetClassLongW
GetDesktopWindow
GetParent
SetParent
EnumChildWindows
FindWindowW
FindWindowExW
EnumWindows
EnumThreadWindows
GetClassNameW
GetWindow
CheckMenuRadioItem
LoadCursorW
LoadIconW
DestroyIcon
CreateIconFromResource
LoadImageW
DrawIconEx
CreateIconIndirect
CopyIcon
GetIconInfo
IsDialogMessageW
SetScrollInfo
GetScrollInfo
SystemParametersInfoW
GetCursorInfo
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
GetDlgItem
EndDialog
DialogBoxIndirectParamW
DialogBoxParamW
CreateDialogIndirectParamW
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
CloseWindow
FlashWindow
ShowWindow
DestroyWindow
IsChild
SetFocus
DefDlgProcW
GetDlgCtrlID
GetCursor
GetNextDlgTabItem
IsWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
SetDoubleClickTime
GetDoubleClickTime
CallWindowProcW
PostQuitMessage
DefWindowProcW
WaitMessage
ReplyMessage
PostThreadMessageW
PostMessageW
UnregisterDeviceNotification
RegisterDeviceNotificationW
SendMessageTimeoutW
SendMessageW
RegisterHotKey
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawAnimatedRects
DrawEdge
RegisterWindowMessageW
IsWindowEnabled

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

comctl32

_TrackMouseEvent
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControlsEx
ord17

shell32

ExtractIconExW
ExtractIconW
DragAcceptFiles
Shell_NotifyIconW

python37

PyObject_AsReadBuffer
PyObject_AsWriteBuffer
_Py_FalseStruct
_Py_TrueStruct
PyExc_AttributeError
PyExc_MemoryError
PyExc_TypeError
PyExc_PendingDeprecationWarning
PyEval_InitThreads
PyObject_CallObject
PyEval_RestoreThread
PyObject_Call
PyEval_CallObjectWithKeywords
PyErr_Print
PyModule_Create2
PyArg_ParseTupleAndKeywords
PyErr_Format
PyErr_NoMemory
PyErr_Fetch
PyErr_Clear
PyErr_WarnEx
PyGILState_Release
PyGILState_Ensure
PyModule_GetDict
PyDict_SetItemString
PyEval_SaveThread
PyDict_DelItem
PyDict_SetItem
PyDict_GetItem
PyDict_New
PyTuple_GetItem
PyLong_AsUnsignedLongMask
PyTuple_Size
PyTuple_New
PyFloat_FromDouble
PyBool_FromLong
PyLong_AsLongLong
PyLong_AsLong
PyLong_FromSsize_t
PyUnicode_AsUTF8
PyUnicode_AsUnicode
PyBytes_AsStringAndSize
PyBytes_FromString
PyCallable_Check
PyObject_IsTrue
PyObject_GenericSetAttr
PyObject_GenericGetAttr
PyObject_GetAttrString
PyType_Ready
PyExc_ValueError
PyExc_NotImplementedError
_Py_NoneStruct
PySequence_Tuple
Py_BuildValue
PyArg_ParseTuple
PyErr_Occurred
PyErr_SetString
PyList_Append
PyList_New
PyLong_AsUnsignedLong
PyLong_FromUnsignedLong
PyLong_FromLong
PyBytes_FromStringAndSize
PyLong_FromVoidPtr
PySys_WriteStderr

pywintypes37

?PyHANDLEType@@3U_typeobject@@A
?PyWinExc_ApiError@@3PAU_object@@A
??1PyHANDLE@@UAE@XZ
??0PyHANDLE@@QAE@PAX@Z
?PyWinObject_FromMSG@@YAPAU_object@@PBUtagMSG@@@Z
?PyWinObject_AsMSG@@YAHPAU_object@@PAUtagMSG@@@Z
?PyWinLong_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinObject_AsHANDLE@@YAHPAU_object@@PAPAX@Z
?PyWinObject_AsDEVMODE@@YAHPAU_object@@PAPAU_devicemodeW@@H@Z
?PyWinObject_FromRECT@@YAPAU_object@@PAUtagRECT@@@Z
?PyWinObject_AsRECT@@YAHPAU_object@@PAUtagRECT@@@Z
?PyWinObject_AsPARAM@@YAHPAU_object@@PAI@Z
?PyWinObject_AsDWORDArray@@YAHPAU_object@@PAPAKPAKH@Z
?PyWinObject_AsPOINT@@YAHPAU_object@@PAUtagPOINT@@@Z
?PyWinLong_FromVoidPtr@@YAPAU_object@@PBX@Z
?PyWinLong_AsVoidPtr@@YAHPAU_object@@PAPAX@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_WH@Z
?PyWinSequence_Tuple@@YAPAU_object@@PAU1@PAK@Z
?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z
?PyBuffer_FromMemory@@YAPAU_object@@PAXH@Z
?PyBuffer_New@@YAPAU_object@@H@Z
?PyWinObject_FreeResourceId@@YAXPA_W@Z
?PyWinObject_AsResourceIdW@@YAHPAU_object@@PAPA_WH@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinObject_AsReadBuffer@@YAHPAU_object@@PAPAXPAKH@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinGlobals_Ensure@@YAHXZ

kernel32

IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsBadStringPtrW
IsBadWritePtr
IsBadReadPtr
GetModuleHandleW
LoadLibraryW
SetLastError
GetLastError
GetProcAddress
GlobalFree
GlobalUnlock
GlobalLock
GlobalReAlloc
GetStartupInfoW
GlobalAlloc

vcruntime140

__std_terminate
memcpy
__CxxFrameHandler3
memset
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-string-l1-1-0

wcsncpy

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initterm

Exports

Exports

PyInit_win32gui
_DllMain@12

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

225bf448ea7edbe12cdd2716ce69bd5b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

user32

comdlg32

comctl32

shell32

python37

pywintypes37

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 7KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 76B

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 7KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 76B

.reloc
Size: 14KB - Virtual size: 14KB