cfa734bc26cb02e3c4e577fe3a7d0a5e73fb0fd2d55793ca9f297ca0e5cc821cN

Sharing

Copy URL Twitter E-mail

General

Target

cfa734bc26cb02e3c4e577fe3a7d0a5e73fb0fd2d55793ca9f297ca0e5cc821cN
Size

27KB
MD5

cbc2f0e4ee7c28f559b6e53f3f3ff0d0
SHA1

ca97faa59a6d08482e1117b401835c97399e373a
SHA256

cfa734bc26cb02e3c4e577fe3a7d0a5e73fb0fd2d55793ca9f297ca0e5cc821c
SHA512

e17e3ecc14bafb743ff837013c0b7e9b9a7040c388ab79ddbbb633e19e46dfd8fdd9bf30eee64e853f3ad27224ccc499f07c7c7a472749875e7a6bfbdda56d2c
SSDEEP

384:0rWHsVTKtK6s7ndp/iQItEbM+oTiyJLuQXom3ReaXxWdiWohe4nGIiWv:kWMVTES7nrKQItEbhyJactIyWTIZi+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfa734bc26cb02e3c4e577fe3a7d0a5e73fb0fd2d55793ca9f297ca0e5cc821cN

Files

cfa734bc26cb02e3c4e577fe3a7d0a5e73fb0fd2d55793ca9f297ca0e5cc821cN
.dll windows:6 windows x86 arch:x86

a4af793161af10671a39fdc255c250a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.5\Release\win32pdh.pdb

Imports

python35

PyExc_TypeError
PyExc_RuntimeError
PyExc_MemoryError
PyObject_IsTrue
_Py_NoneStruct
PyEval_RestoreThread
PyEval_SaveThread
PyEval_CallObjectWithKeywords
PyErr_Print
PyModule_Create2
PyModule_AddIntConstant
Py_BuildValue
PyArg_ParseTupleAndKeywords
PyArg_ParseTuple
PyErr_NewException
PyErr_Format
PyExc_ValueError
PyErr_Occurred
PyErr_SetString
PyErr_SetObject
PyGILState_Release
PyGILState_Ensure
PyModule_GetDict
PyDict_SetItemString
PyDict_SetItem
PyDict_New
PyList_New
PyFloat_FromDouble
PyLong_FromLongLong
PyLong_FromVoidPtr
PyLong_AsLong
PyLong_FromLong
PyCallable_Check
PyErr_NoMemory

pywintypes35

?PyWinExc_ApiError@@3PAU_object@@A
?PyWinLong_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinObject_AsHANDLE@@YAHPAU_object@@PAPAX@Z
?PyWinLong_AsVoidPtr@@YAHPAU_object@@PAPAX@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinObject_FromMultipleString@@YAPAU_object@@PA_W@Z
?PyWinSequence_Tuple@@YAPAU_object@@PAU1@PAK@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z
?PyWin_RegisterErrorMessageModule@@YAHKKPAUHINSTANCE__@@@Z
?PyWinGlobals_Ensure@@YAHXZ

kernel32

UnhandledExceptionFilter
LoadLibraryW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetProcAddress

vcruntime140

__CxxFrameHandler3
memset
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_type_info_destroy_list
_except_handler4_common
__std_terminate

api-ms-win-crt-string-l1-1-0

wcsncpy

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initterm_e
_crt_at_quick_exit
terminate
_cexit
_initterm

Exports

Exports

PyInit_win32pdh

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4af793161af10671a39fdc255c250a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

python35

pywintypes35

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 28B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 28B

.reloc
Size: 2KB - Virtual size: 1KB