d000330767ed9573eb694195fa478ddcef2e7f11c69ad1fd8415611d317a3d90

Sharing

Copy URL Twitter E-mail

General

Target

d000330767ed9573eb694195fa478ddcef2e7f11c69ad1fd8415611d317a3d90
Size

2.7MB
MD5

0f5615625130bc2fd9e0a20dd55b3cbe
SHA1

b6cf4a7bf2d16313d508220acca05cb51b0de61b
SHA256

d000330767ed9573eb694195fa478ddcef2e7f11c69ad1fd8415611d317a3d90
SHA512

faeca88e91c3e59ac76d745739c72478c16bd037ced795460005baacab0d58f0ab41db556fdfc152e30efdabc3f6638d3c2f827b50df4e3cf876a6e543b9d96e
SSDEEP

49152:hi5Yd78FP3vfwO5WcDneZosocSeFqVPvGYw1+1:YCAkw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d000330767ed9573eb694195fa478ddcef2e7f11c69ad1fd8415611d317a3d90

Files

d000330767ed9573eb694195fa478ddcef2e7f11c69ad1fd8415611d317a3d90
.dll windows:6 windows x64 arch:x64

aed9f884989d59792dc6508c6abc3b3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python38

PyLong_FromLong
PyLong_AsLong
PyLong_FromVoidPtr
PyBool_FromLong
PyType_Type
PyTuple_New
PyTuple_SetItem
PyList_Append
PyDict_New
PyDict_GetItem
PyDict_SetItem
PyDict_SetItemString
PyModule_GetDict
PyCapsule_New
PyCapsule_GetPointer
PyCapsule_Import
PyErr_SetObject
PyErr_SetString
PyErr_Occurred
PyUnicode_AsUTF8AndSize
PyErr_Fetch
PyErr_Restore
PyErr_GivenExceptionMatches
PyErr_ExceptionMatches
PyErr_Format
PyErr_WriteUnraisable
PyArg_UnpackTuple
PyModule_AddObject
PyModule_Create2
PyImport_AddModule
PyObject_Call
PyObject_CallFunctionObjArgs
PyObject_GetIter
PyIter_Next
PySequence_Check
PySequence_Size
PySequence_GetItem
PyObject_IsInstance
PyType_Ready
PyObject_GenericGetAttr
PyObject_IsTrue
_Py_Dealloc
Py_DecRef
_PyObject_NextNotImplemented
PyUnicode_Concat
_PyObject_New
PyUnicode_FromString
PyUnicode_FromFormat
PyUnicode_InternFromString
PyErr_Clear
PyUnicode_DecodeUTF8
PyExc_IOError
PyExc_ZeroDivisionError
PyExc_ValueError
PyExc_TypeError
PyExc_SystemError
PyExc_SyntaxError
PyExc_RuntimeError
PyExc_OverflowError
PyExc_MemoryError
PyExc_IndexError
PyExc_AttributeError
PyExc_StopIteration
PyExc_Exception
PyBool_Type
_Py_NotImplementedStruct
_Py_NoneStruct
PyObject_Free
PyObject_SetAttr
PyObject_GetAttr
PyObject_GetAttrString
PyType_Modified

cgal_triangulation_3_cpp

?get_Polygon_2@Object@@QEAA?AVPolygon_2@@XZ
??0Object@@QEAA@XZ
?is_Point_2@Object@@QEAA_NXZ
?get_Point_2@Object@@QEAA?AVPoint_2@@XZ
?is_Point_3@Object@@QEAA_NXZ
?get_Point_3@Object@@QEAA?AVPoint_3@@XZ
?is_Triangle_2@Object@@QEAA_NXZ
?get_Triangle_2@Object@@QEAA?AVTriangle_2@@XZ
?is_Triangle_3@Object@@QEAA_NXZ
?get_Triangle_3@Object@@QEAA?AVTriangle_3@@XZ
?is_Segment_3@Object@@QEAA_NXZ
?get_Segment_3@Object@@QEAA?AVSegment_3@@XZ
?is_Segment_2@Object@@QEAA_NXZ
?get_Segment_2@Object@@QEAA?AVSegment_2@@XZ
?is_Line_3@Object@@QEAA_NXZ
?get_Line_3@Object@@QEAA?AVLine_3@@XZ
?is_Line_2@Object@@QEAA_NXZ
?get_Line_2@Object@@QEAA?AVLine_2@@XZ
?is_Plane_3@Object@@QEAA_NXZ
?get_Plane_3@Object@@QEAA?AVPlane_3@@XZ
?is_Ray_2@Object@@QEAA_NXZ
?get_Ray_2@Object@@QEAA?AVRay_2@@XZ
??4Object@@QEAAAEAV0@$$QEAV0@@Z
??0Object@@QEAA@AEBV0@@Z
??1Object@@QEAA@XZ
?empty@Object@@QEAA_NXZ
??0Object@@QEAA@AEBV0CGAL@@@Z
?is_Polygon_2@Object@@QEAA_NXZ
?get_Ray_3@Object@@QEAA?AVRay_3@@XZ
?is_Ray_3@Object@@QEAA_NXZ

mpir

__gmpn_copyi
__gmpn_sub_n
__gmpn_neg_n
__gmpn_sqr
__gmpn_mul
__gmpn_add_n

cgal_kernel_cpp

??0Point_3@@QEAA@XZ
??0Point_2@@QEAA@XZ
??0Segment_2@@QEAA@XZ
??0Plane_3@@QEAA@XZ
??4Weighted_point_3@@QEAAAEAV0@$$QEAV0@@Z
??0Segment_3@@QEAA@XZ
??0Line_3@@QEAA@XZ
??0Triangle_2@@QEAA@XZ
??0Triangle_3@@QEAA@XZ
??0Polygon_2@@QEAA@XZ
??1Polygon_2@@QEAA@XZ
??0Polygon_2@@QEAA@AEBV0@@Z
??4Polygon_2@@QEAAAEAV0@$$QEAV0@@Z
??0Weighted_point_3@@QEAA@AEBV?$Weighted_point_3@VEpick@CGAL@@@CGAL@@@Z
??0Weighted_point_3@@QEAA@XZ
??0Weighted_point_3@@QEAA@AEBV0@@Z
??0Tetrahedron_3@@QEAA@XZ

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?iword@ios_base@std@@QEAAAEAJH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xalloc@ios_base@std@@SAHXZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

vcruntime140

_purecall
__std_terminate
strstr
__std_exception_copy
_CxxThrowException
memcpy
memmove
memset
__C_specific_handler
__current_exception
__current_exception_context
__std_type_info_destroy_list
__std_exception_destroy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

terminate
abort
_configure_narrow_argv
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_seh_filter_dll
_initialize_narrow_environment
_initterm_e
exit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fclose
fflush
fgetc
fgetpos
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
__stdio_common_vfprintf
_get_stream_buffer_pointers
fputc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

strcmp
strncmp

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-math-l1-1-0

log
ldexp
ceilf

api-ms-win-crt-time-l1-1-0

_time64

kernel32

IsDebuggerPresent
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
ReleaseSRWLockExclusive
WakeAllConditionVariable
AcquireSRWLockExclusive
SleepConditionVariableSRW

Exports

Exports

PyInit__CGAL_Triangulation_3

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 863KB - Virtual size: 863KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aed9f884989d59792dc6508c6abc3b3a

Headers

DLL Characteristics

File Characteristics

Imports

python38

cgal_triangulation_3_cpp

mpir

cgal_kernel_cpp

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 863KB - Virtual size: 863KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 32KB - Virtual size: 31KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 863KB - Virtual size: 863KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB