35c4f0cf531b99e2b0ca52cf65fc661c537b24c5b054de658124ffb110d892faN

Sharing

Copy URL

Twitter E-mail

General

Target

35c4f0cf531b99e2b0ca52cf65fc661c537b24c5b054de658124ffb110d892faN
Size

49KB
MD5

22a02805fa26695b1d8ea99e49d3b0d0
SHA1

6b19e601b5da30e8469653b6446ac9b35be36bb3
SHA256

35c4f0cf531b99e2b0ca52cf65fc661c537b24c5b054de658124ffb110d892fa
SHA512

d57d8cae44224e1003b8044166d12b5ebc0f5b067840f44f011450740ae8c1f119bcfe5fa8f46794774b844dff17e068189903a0cb1ece16c511bd9a9a04b6bc
SSDEEP

768:PAnQcuzDsl535JiGkMOcesAdHaOPIdo9YZM3+fJixobJ2NELqg34fFHy1ObS:+Ysl5NdOcesAhwuncHoELqjtTb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35c4f0cf531b99e2b0ca52cf65fc661c537b24c5b054de658124ffb110d892faN

Files

35c4f0cf531b99e2b0ca52cf65fc661c537b24c5b054de658124ffb110d892faN
.dll windows:6 windows x86 arch:x86

a4051bcc08f9b3ac75a0eea92f3b8434

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.9\Release\PyISAPI_loader.pdb

Imports

advapi32

RegisterEventSourceW
ReportEventA
RegCloseKey
RegCreateKeyExW
RegSetValueExW
DeregisterEventSource

python39

PyEval_InitThreads
Py_IsInitialized
Py_Initialize
PyErr_Print
_Py_VaBuildValue_SizeT
PyErr_ExceptionMatches
PyErr_Occurred
PyList_Insert
PyList_GetItem
PyList_Size
PyTuple_New
PyObject_RichCompare
PyBytes_Size
PyExc_ValueError
PyExc_TypeError
PyExc_RuntimeError
PyExc_AttributeError
_Py_NoneStruct
_Py_tracemalloc_config
PyObject_Call
PyImport_ImportModule
PyEval_RestoreThread
PyEval_SaveThread
_Py_BuildValue_SizeT
PyUnicode_AsUTF8String
PyErr_Format
PyErr_NoMemory
PyErr_Clear
PyErr_SetString
PyErr_SetObject
PyGILState_Release
PyGILState_Ensure
PyDict_DelItem
PyBytes_AsString
PySys_GetObject
PyDict_SetItem
PyDict_GetItem
_PyObject_CallMethod_SizeT
PyDict_New
PyImport_ReloadModule
PyTuple_Size
PyBool_FromLong
PyLong_FromVoidPtr
PySys_WriteStderr
PyLong_AsLong
PyLong_FromLong
PyUnicode_AsUnicode
PyUnicode_FromWideChar
PyBytes_FromString
PyBytes_FromStringAndSize
_Py_Dealloc
_PyTraceMalloc_NewReference
PyCallable_Check
PyObject_GenericSetAttr
PyObject_GenericGetAttr
_PyArg_ParseTuple_SizeT
PyObject_GetAttrString
PyType_Ready
PySys_SetObject
_Py_TrueStruct

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameA
OutputDebugStringW
GetModuleFileNameW
FormatMessageA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
GetLastError

vcruntime140

__std_exception_destroy
__std_exception_copy
__telemetry_main_return_trigger
__telemetry_main_invoke_trigger
memset
__CxxFrameHandler3
_except_handler4_common
__std_type_info_destroy_list
_CxxThrowException

api-ms-win-crt-string-l1-1-0

_stricmp
wcsncmp
strncpy
strncmp

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_splitpath
_wsplitpath

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_initterm
_initterm_e
terminate
_initialize_narrow_environment
_seh_filter_dll
_execute_onexit_table

Exports

Exports

GetExtensionVersion
GetFilterVersion
HttpExtensionProc
HttpFilterProc
PyISAPISetOptions
TerminateExtension
TerminateFilter
WriteEventLogMessage

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4051bcc08f9b3ac75a0eea92f3b8434

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

python39

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 76B

.rsrc Size: 1024B - Virtual size: 704B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 76B

.rsrc
Size: 1024B - Virtual size: 704B

.reloc
Size: 3KB - Virtual size: 2KB