903bdf43aeca68a8749ba4e93659ab5f08c8f3d68b433e7038201de592ddeefeN

Sharing

Copy URL

Twitter E-mail

General

Target

903bdf43aeca68a8749ba4e93659ab5f08c8f3d68b433e7038201de592ddeefeN
Size

24KB
MD5

986b1d3722d0b424381b5434767ea230
SHA1

c2cf39d45713b376d9f144f73e0a8bfaf0410541
SHA256

903bdf43aeca68a8749ba4e93659ab5f08c8f3d68b433e7038201de592ddeefe
SHA512

b0bc63c9d1192f4bdb0a7f39f3b61511a910c2a063ce60aa4968b7e56259da93778350101df3afb901f508538af0b8250a4f4df34dfc1c4a6f0eda6fd3ff31a1
SSDEEP

768:X+My3MVtIDliUNk0DrMPERB7gbw/HCiG:XXToiEmK7gbwvI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
903bdf43aeca68a8749ba4e93659ab5f08c8f3d68b433e7038201de592ddeefeN

Files

903bdf43aeca68a8749ba4e93659ab5f08c8f3d68b433e7038201de592ddeefeN
.dll windows:6 windows x86 arch:x86

9406dc0cc0f8a4e484be9128d0d28f8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.9\Release\win32ras.pdb

Imports

rasapi32

RasGetEntryDialParamsW
RasSetEntryDialParamsW
RasEditPhonebookEntryW
RasCreatePhonebookEntryW
RasHangUpW
RasGetErrorStringW
RasGetConnectStatusW
RasEnumEntriesW
RasEnumConnectionsW
RasDialW

user32

IsWindow

python39

PyType_Ready
PyExc_TypeError
PyObject_GenericGetAttr
PyObject_GenericSetAttr
PyCallable_Check
_PyTraceMalloc_NewReference
_Py_Dealloc
PyUnicode_AsUTF8
PyLong_FromLong
PyLong_AsLong
PyLong_FromVoidPtr
PyExc_RuntimeError
PyExc_MemoryError
PyExc_AttributeError
_Py_NoneStruct
_Py_tracemalloc_config
PyMapping_HasKey
PySequence_Tuple
PyEval_InitThreads
PyEval_RestoreThread
PyEval_SaveThread
PyEval_CallObjectWithKeywords
PyErr_Print
PyModule_Create2
PyModule_AddIntConstant
Py_BuildValue
PyArg_ParseTuple
PyErr_Format
PyErr_NoMemory
PyErr_Clear
PyErr_Occurred
PyErr_SetString
PyErr_SetObject
PyGILState_Release
PyGILState_Ensure
PyModule_GetDict
PyDict_SetItemString
PyDict_DelItem
PyDict_SetItem
PyExc_ValueError
PyDict_GetItem
PyDict_New
PyList_New
PyTuple_New
PyBool_FromLong

pywintypes39

?PyWinExc_ApiError@@3PAU_object@@A
?PyWinGlobals_Ensure@@YAHXZ
?PyWinLong_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinObject_AsHANDLE@@YAHPAU_object@@PAPAX@Z
?PyWinLong_FromVoidPtr@@YAPAU_object@@PBX@Z
?PyWinLong_AsVoidPtr@@YAHPAU_object@@PAPAX@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinCoreString_FromString@@YAPAU_object@@PBDH@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z

kernel32

GetLastError
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
FormatMessageW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_type_info_destroy_list
__telemetry_main_invoke_trigger
memset
__CxxFrameHandler3
__telemetry_main_return_trigger
_CxxThrowException
_except_handler4_common

api-ms-win-crt-string-l1-1-0

wcsncpy

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_initialize_narrow_environment
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_seh_filter_dll
_execute_onexit_table
_initterm
_initterm_e

Exports

Exports

PyInit_win32ras
ReturnRasError

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9406dc0cc0f8a4e484be9128d0d28f8b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rasapi32

user32

python39

pywintypes39

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 76B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 76B

.reloc
Size: 1KB - Virtual size: 1KB