c3765891ae9cd1d95977b0f695fa8b9c1ac8a364f1fed51eb8d3e1c6ac0e9643N

Sharing

Copy URL Twitter E-mail

General

Target

c3765891ae9cd1d95977b0f695fa8b9c1ac8a364f1fed51eb8d3e1c6ac0e9643N
Size

124KB
MD5

e860b9cd23ca516dc2d126c09fe6b1e0
SHA1

637b6faf0fba33aa43b936ae013e2b913b5c341a
SHA256

c3765891ae9cd1d95977b0f695fa8b9c1ac8a364f1fed51eb8d3e1c6ac0e9643
SHA512

848094f4d461e6db04bf02ae4aa6a592a974dac4fb40945fe03080df9285d92a8721cec9884b495e2e38d9c5a064ab47bbe27911b05039c0f4c90a5af34bf01e
SSDEEP

3072:PmDanV9u4iJG1/vo7+8g8zcX2YvQ/0x8Dfg:Pm+nHu4r1/ACh8zkvQMx8Dfg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3765891ae9cd1d95977b0f695fa8b9c1ac8a364f1fed51eb8d3e1c6ac0e9643N

Files

c3765891ae9cd1d95977b0f695fa8b9c1ac8a364f1fed51eb8d3e1c6ac0e9643N
.dll windows:6 windows x64 arch:x64

4c3d33848a561c38568b79a415db2907

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

geode-viewables_qem_proxy

?initialize@ViewablesQEMProxyLibrary@geode@@SAXXZ
?simplify@geode@@YA_NAEAV?$TriangulatedSurface@$02@1@@Z

python311

PyUnicode_AsUTF8String
PyModule_Type
PyFrame_GetBack
PyFrame_GetCode
PyExc_IndexError
PyExc_ImportError
PyCapsule_SetPointer
_Py_TrueStruct
PyExc_SystemError
PyObject_SetItem
PyObject_IsInstance
PyInterpreterState_Get
PyDict_DelItemString
PyUnicode_FromString
PyEval_AcquireThread
_PyType_Lookup
PyGILState_GetThisThreadState
PyBuffer_Release
PyObject_Repr
PyByteArray_Type
PyType_Type
PySequence_Tuple
_PyObject_GetDictPtr
PyObject_Str
PyInstanceMethod_New
PyException_SetContext
PyList_GetItem
PyDict_New
PyBytes_Size
PyCapsule_GetName
PyCapsule_New
PyException_SetTraceback
PyDict_Copy
PyTuple_Size
PyErr_Clear
PyObject_GetAttrString
PyType_Ready
PyModule_Create2
PyList_New
PyUnicode_FromFormat
PyObject_ClearWeakRefs
PyObject_GenericGetDict
PyObject_CallFunctionObjArgs
PyErr_Fetch
PyModule_AddObject
PyCapsule_GetPointer
PyTuple_GetItem
_Py_Dealloc
PyExc_OverflowError
PyErr_Restore
PyType_IsSubtype
_Py_FalseStruct
PyThreadState_New
PyDict_Type
PyErr_Format
PyDict_Next
PyExc_ValueError
PyErr_WriteUnraisable
PyErr_SetString
PyByteArray_AsString
PyCapsule_Type
PyThreadState_Clear
PyList_Size
PyExc_TypeError
PyDict_Size
PyObject_GenericSetDict
PyTuple_New
PyThreadState_DeleteCurrent
PyCapsule_SetContext
PyGILState_Ensure
_Py_NoneStruct
PyByteArray_Size
_Py_NotImplementedStruct
PyProperty_Type
PyObject_HasAttrString
PyObject_CallObject
PyThread_tss_set
PyCMethod_New
PyTuple_SetItem
PyMem_Free
PyBytes_AsStringAndSize
PyThread_tss_get
PyGILState_Release
PyFrame_GetLineNumber
PyCapsule_GetContext
Py_GetVersion
PyDict_GetItemWithError
PyExc_MemoryError
PyInstanceMethod_Type
PyObject_GC_UnTrack
PyObject_SetAttrString
PyExc_RuntimeError
_PyThreadState_UncheckedGet
PyEval_SaveThread
PyUnicode_AsUTF8AndSize
PyUnicode_DecodeUTF8
PyErr_Occurred
PyErr_NormalizeException
PyBytes_AsString
PyObject_Malloc
PyThreadState_Get
PyWeakref_NewRef
PyCFunction_Type
PyObject_SetAttr
PyExc_BufferError
PyMem_Calloc
PyBaseObject_Type
PyInterpreterState_GetDict
PyUnicode_AsEncodedString
PyThread_tss_create
PyException_SetCause

msvcp140

?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
__std_type_info_destroy_list
strchr
__std_terminate
__std_type_info_name
__std_type_info_hash
_purecall
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
memmove
__current_exception_context
__C_specific_handler
_CxxThrowException
memset
memcpy
memcmp
memchr
__RTDynamicCast

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_aligned_free
_aligned_malloc
malloc

api-ms-win-crt-string-l1-1-0

_strdup
strcmp
strncmp

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn

kernel32

AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReleaseSRWLockExclusive

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

PyInit_geode_viewables_py_qem_proxy

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c3d33848a561c38568b79a415db2907

Headers

DLL Characteristics

File Characteristics

Imports

geode-viewables_qem_proxy

python311

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 188B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 188B