ba75fe982b02209df5aa5527ce5540692a81b43a6dc526e418f167449309e829N

Sharing

Copy URL

Twitter E-mail

General

Target

ba75fe982b02209df5aa5527ce5540692a81b43a6dc526e418f167449309e829N
Size

31KB
MD5

6813f04efd71cfc85b2fbd020a315ff0
SHA1

fe4e46860b0337725c3404ae7cbcf896ed845034
SHA256

ba75fe982b02209df5aa5527ce5540692a81b43a6dc526e418f167449309e829
SHA512

17d478931124e7e2ea99aa5bb821b91905210a15d9f37044fd832f6e9bcd2a15636c8c38cbcc1c339e5d1e4832e98454217cd6f9733c53c4dc5640d637d2ead0
SSDEEP

768:wfCSaWtqv13PGrs1vW0zodEkXXt95q/2rL:w6SaWEvIrs1vW0zoOkt95q/2rL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba75fe982b02209df5aa5527ce5540692a81b43a6dc526e418f167449309e829N

Files

ba75fe982b02209df5aa5527ce5540692a81b43a6dc526e418f167449309e829N
.dll windows:6 windows x86 arch:x86

019b39e6ccff04b08b277e29e9f633f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\src\pywin32\build\temp.win32-3.6\Release\odbc.pdb

Imports

odbc32

ord110
ord111
ord119
ord108
ord157
ord141
ord72
ord23
ord20
ord49
ord48
ord18
ord43
ord16
ord31
ord1
ord14
ord13
ord9
ord4
ord3
ord2
ord150

python36

PyType_IsSubtype
PyType_Ready
PyFloat_Type
PyObject_Str
PyObject_GetAttrString
PyObject_GenericGetAttr
PyObject_GenericSetAttr
PyObject_Free
_PyObject_New
PyObject_CallMethod
PyObject_CallFunction
PyImport_ImportModule
PyEval_RestoreThread
PyEval_SaveThread
PyModule_Create2
PyModule_AddIntConstant
_Py_NoneStruct
Py_BuildValue
PyArg_ParseTuple
PyErr_NewException
PyErr_Format
PyErr_NoMemory
PyErr_Clear
PyErr_Occurred
PyErr_SetString
PyErr_SetObject
PyModule_GetDict
PyDict_SetItemString
PyDict_SetItem
PyList_Append
PyList_New
PyTuple_New
PyFloat_AsDouble
PyFloat_FromDouble
PySequence_Tuple
PySequence_GetItem
PyLong_AsLongLong
PyLong_FromLongLong
PyLong_AsUnsignedLong
PyExc_SystemError
PyModule_AddObject
PySequence_Check
PyLong_AsLong
PyLong_FromDouble
PyLong_FromLong
PyUnicode_GetSize
PyUnicode_AsUnicode
PyBytes_AsString
PyBytes_FromStringAndSize
PySequence_Size

pywintypes36

?PyWinGlobals_Ensure@@YAHXZ
?PyWinTime_Check@@YAHPAU_object@@@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_WH@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinObject_AsWriteBuffer@@YAHPAU_object@@PAPAXPAKH@Z
?PyWinObject_AsReadBuffer@@YAHPAU_object@@PAPAXPAKH@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyBuffer_New@@YAPAU_object@@H@Z

kernel32

OutputDebugStringA
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
OutputDebugStringW

vcruntime140

wcschr
_except_handler4_common
__std_type_info_destroy_list
memset
memcpy
__CxxFrameHandler3
__std_terminate

api-ms-win-crt-string-l1-1-0

isalnum
wcstok
wcsncpy
isdigit

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-math-l1-1-0

floor

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initterm_e
_initterm
_initialize_narrow_environment

Exports

Exports

PyInit_odbc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

019b39e6ccff04b08b277e29e9f633f1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

odbc32

python36

pywintypes36

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 2KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 28B

.rsrc Size: 1024B - Virtual size: 836B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 2KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 28B

.rsrc
Size: 1024B - Virtual size: 836B

.reloc
Size: 2KB - Virtual size: 1KB