f7375f6e97acd4abd6a8250b4bfb2466b0dbebc0192a6147e67b2362888139fcN

Sharing

Copy URL

Twitter E-mail

General

Target

f7375f6e97acd4abd6a8250b4bfb2466b0dbebc0192a6147e67b2362888139fcN
Size

116KB
MD5

90e68b77c46e2a6857dade11307f3930
SHA1

84fb4d2974c0e6993e4e8feedf27c15d0df4ddcf
SHA256

f7375f6e97acd4abd6a8250b4bfb2466b0dbebc0192a6147e67b2362888139fc
SHA512

058e02ecc49fd7b1a04bb9a586aae145eca17674b959ed10ff62178ae6690108cddb69a542bff1c2de16341ae9cfbc0dfe5a360eeb78ec1b3eb7182d11cd053e
SSDEEP

3072:7tvBBUKXrgHiLOCZ1RDt8uS51Y3VlAdHkhCocN:pBBLsHiLOI5hekh6N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7375f6e97acd4abd6a8250b4bfb2466b0dbebc0192a6147e67b2362888139fcN

Files

f7375f6e97acd4abd6a8250b4bfb2466b0dbebc0192a6147e67b2362888139fcN
.dll windows:6 windows x86 arch:x86

548fe4b6ae429566e0afff736c52a7f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.8\Release\exchange.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegOpenKeyExA
RegConnectRegistryA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey

netapi32

DsGetDcNameW
NetApiBufferFree

oleaut32

SysStringLen
SysFreeString

python38

PyBytes_FromStringAndSize
PyLong_FromLong
PyList_New
PyList_Append
Py_BuildValue
PyExc_ValueError
_Py_Dealloc
_Py_TrueStruct
_Py_FalseStruct
PySequence_GetItem
PyErr_SetString
PySequence_Size
PySequence_Check
PyExc_TypeError
PyDict_SetItemString
PyModule_GetDict
PyBytes_FromString
PyGILState_Ensure
PyGILState_Release
PyErr_WarnEx
PyErr_Format
PyArg_ParseTuple
PyExc_RuntimeWarning
PyModule_Create2
PyEval_SaveThread
PyEval_RestoreThread
_Py_NoneStruct
PyExc_NotImplementedError
PyExc_MemoryError
PyBytes_Size
PyBytes_AsString
PyUnicode_FromWideChar
PyUnicode_DecodeMBCS
PyLong_FromUnsignedLong
PyLong_AsLong
PyLong_AsUnsignedLong
PyFloat_FromDouble
PyFloat_AsDouble
PyTuple_New
PyTuple_SetItem
PyList_SetItem
PyErr_Occurred
PyErr_Clear

pywintypes38

?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_AsString@@YAHPAU_object@@PAPADHPAK@Z
?PyWinObject_FreeString@@YAXPAD@Z
?PyWinCoreString_FromString@@YAPAU_object@@PBDH@Z
?PyWinObject_AsFILETIME@@YAHPAU_object@@PAU_FILETIME@@@Z
?PyWinObject_AsDATE@@YAHPAU_object@@PAN@Z
?PyWinObject_FromDATE@@YAPAU_object@@N@Z
?PyWinObject_FromFILETIME@@YAPAU_object@@ABU_FILETIME@@@Z
?PyWinObject_AsIID@@YAHPAU_object@@PAU_GUID@@@Z
?PyWinObject_FromLARGE_INTEGER@@YAPAU_object@@ABT_LARGE_INTEGER@@@Z
?PyWinObject_FromIID@@YAPAU_object@@ABU_GUID@@@Z
?PyWinObject_AsBstr@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_FreeBstr@@YAXPA_W@Z
?PyWinObject_AsLARGE_INTEGER@@YAHPAU_object@@PAT_LARGE_INTEGER@@@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z

pythoncom38

?iternext@PyIBase@@UAEPAU_object@@XZ
PyCom_InterfaceFromPyObject
?PyCom_InterfaceFromPyInstanceOrObject@@YAHPAU_object@@ABU_GUID@@PAPAXH@Z
PyCom_PyObjectFromIUnknown
?PyCom_BuildPyException@@YAPAU_object@@JPAUIUnknown@@ABU_GUID@@@Z
?PyCom_RegisterClientType@@YAHPAU_typeobject@@PBU_GUID@@@Z
??0PyComTypeObject@@QAE@PBDPAV0@HPAUPyMethodDef@@P6APAVPyIUnknown@@PAUIUnknown@@@Z@Z
?GetI@PyIUnknown@@SAPAUIUnknown@@PAU_object@@@Z
??0PyIUnknown@@IAE@PAUIUnknown@@@Z
??1PyIUnknown@@MAE@XZ
?compare@PyIUnknown@@UAEHPAU_object@@@Z
?getattr@PyIBase@@UAEPAU_object@@PAD@Z
?type@PyIUnknown@@2VPyComTypeObject@@A
?setattr@PyIBase@@UAEHPADPAU_object@@@Z
?repr@PyIUnknown@@UAEPAU_object@@XZ
?iter@PyIBase@@UAEPAU_object@@XZ
??1PyComTypeObject@@QAE@XZ

kernel32

TerminateProcess
GetCurrentProcess
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
GlobalFree
GetSystemTime
SystemTimeToFileTime
GetCurrentProcessId
IsDBCSLeadByte
lstrcpyW
FindFirstFileA
lstrcmpA
FindNextFileA
FindClose
GetLastError
WriteFile
lstrcpyA
IsBadReadPtr
IsBadStringPtrA
IsBadStringPtrW
OpenFile
GetFileSize
ReadFile
CreateFileA
CloseHandle
lstrlenA
lstrlenW
LoadLibraryW
LoadLibraryA
GetModuleHandleExW
FreeLibrary
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetProcAddress

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__telemetry_main_return_trigger
__telemetry_main_invoke_trigger
strrchr
memmove
memcmp
memset
memcpy
__CxxFrameHandler3

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_p
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
__stdio_common_vfscanf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vswscanf
__stdio_common_vswprintf_p
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
__stdio_common_vfwscanf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwprintf
__stdio_common_vswprintf_s
__stdio_common_vsprintf
__stdio_common_vfprintf
__stdio_common_vsscanf
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

strlen
wcscspn
_wcsnicmp
_stricmp
strcpy
strncpy
strcat
_strnicmp
wcslen
wcscpy
_wcsicmp
wcscpy_s
wcsncpy
strcspn

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
terminate
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_cexit

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

user32

wsprintfA

Exports

Exports

PyInit_exchange

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

548fe4b6ae429566e0afff736c52a7f9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

netapi32

oleaut32

python38

pywintypes38

pythoncom38

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

version

user32

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 3KB - Virtual size: 5KB

.gfids Size: 1024B - Virtual size: 788B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 3KB - Virtual size: 5KB

.gfids
Size: 1024B - Virtual size: 788B

.reloc
Size: 7KB - Virtual size: 6KB