26787435754976e1f1e375706782121422ecc76971cffb6b63b558abb81c21eaN

Sharing

Copy URL Twitter E-mail

General

Target

26787435754976e1f1e375706782121422ecc76971cffb6b63b558abb81c21eaN
Size

34KB
MD5

4d0f08ab3081d476d230c63b586de030
SHA1

df407b077e0c057e0da7843b1c1971a30a521535
SHA256

26787435754976e1f1e375706782121422ecc76971cffb6b63b558abb81c21ea
SHA512

41a65122c46639050508ed5dfcc4e961a7c82a7a4cf060dd687a82de30ce824a24e7242f7f30ea8785ad64ae21923d9c44a892858f4a036b37e668478573a9aa
SSDEEP

768:3ZZhr3ArUHuCSx2cdQXBBNaSCaK6vdNItuZ:3hrQ4W2qQXBBVXItuZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26787435754976e1f1e375706782121422ecc76971cffb6b63b558abb81c21eaN

Files

26787435754976e1f1e375706782121422ecc76971cffb6b63b558abb81c21eaN
.dll windows:6 windows x64 arch:x64

1b3b36a50ae2b0d20e812c9c34e4280f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win-amd64-3.6\Release\win32cred.pdb

Imports

advapi32

CredWriteW
CredReadW
CredEnumerateW
CredWriteDomainCredentialsW
CredReadDomainCredentialsW
CredDeleteW
CredRenameW
CredGetTargetInfoW
CredMarshalCredentialW
CredUnmarshalCredentialW
CredIsMarshaledCredentialW
CredFree

credui

CredUIParseUserNameW
CredUICmdLinePromptForCredentialsW
CredUIConfirmCredentialsW
CredUIStoreSSOCredW
CredUIReadSSOCredW
CredUIPromptForCredentialsW

python36

PyBytes_AsStringAndSize
PyLong_FromUnsignedLong
PyBytes_FromStringAndSize
PyExc_ValueError
PyExc_TypeError
PyExc_NotImplementedError
PyExc_MemoryError
_Py_NoneStruct
PyModule_Create2
PyModule_AddIntConstant
Py_BuildValue
PyArg_ParseTupleAndKeywords
PyErr_Format
PyErr_SetString
PyModule_GetDict
PyTuple_New
PyBool_FromLong

pywintypes36

?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z
?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z
?PyWinObject_FreeWCHAR@@YAXPEA_W@Z
?PyWinObject_AsReadBuffer@@YAHPEAU_object@@PEAPEAXPEAKH@Z
?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z
?PyWinObject_FromFILETIME@@YAPEAU_object@@AEBU_FILETIME@@@Z
?PyWinObject_AsDWORDArray@@YAHPEAU_object@@PEAPEAKPEAKH@Z
?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z
?PyWinGlobals_Ensure@@YAHXZ
?PyWinObject_AsFILETIME@@YAHPEAU_object@@PEAU_FILETIME@@@Z

kernel32

LocalFree
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW

vcruntime140

__telemetry_main_invoke_trigger
memset
memcpy
__C_specific_handler
__std_type_info_destroy_list
__telemetry_main_return_trigger

api-ms-win-crt-string-l1-1-0

wcsncpy

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initterm_e
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initterm
_initialize_narrow_environment

Exports

Exports

PyInit_win32cred

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b3b36a50ae2b0d20e812c9c34e4280f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

credui

python36

pywintypes36

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 24B

.rsrc Size: 1024B - Virtual size: 852B

.reloc Size: 512B - Virtual size: 288B

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 24B

.rsrc
Size: 1024B - Virtual size: 852B

.reloc
Size: 512B - Virtual size: 288B