a43966bc05cb4423953dd1a6981f1ae3b683ebb57700eb00c663530bd6191a9eN

Sharing

Copy URL Twitter E-mail

General

Target

a43966bc05cb4423953dd1a6981f1ae3b683ebb57700eb00c663530bd6191a9eN
Size

128KB
MD5

7022f6c3718fc008927ae5313525d810
SHA1

05739965efd3f39d77c4aaf46c8c0d19534bfefe
SHA256

a43966bc05cb4423953dd1a6981f1ae3b683ebb57700eb00c663530bd6191a9e
SHA512

f638e135d261b717a499eb6609b4693a418eaa3cbd6ae4d32b252814595ceeb65813716914d73e88401d0a50863cdd7165ff0e0ddea59a5b8154eca43eb4a2f2
SSDEEP

3072:Myy/D//xj9dSFCw2EAdf/Fs+VkZ3OU/6E0AFIFyPqQ:Dmz/h/Soff/FhW3j0AB

Score

1^/10

Malware Config

Signatures

Files

a43966bc05cb4423953dd1a6981f1ae3b683ebb57700eb00c663530bd6191a9eN
.dll windows:6 windows x64 arch:x64

d706190026553171b406a80e0c3b7b00

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/01/2022, 00:00

Not After

15/01/2025, 23:59

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:ae:bd:bf:34:53:bf:3c:6f:7c:ab:96:c0:64:40:3f:fe:0f:ad:e8:16:0d:d9:aa:14:c8:b0:04:d5:48:b2:93
Signer

Actual PE Digest

d8:ae:bd:bf:34:53:bf:3c:6f:7c:ab:96:c0:64:40:3f:fe:0f:ad:e8:16:0d:d9:aa:14:c8:b0:04:d5:48:b2:93

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\b\bin\amd64\_ctypes.pdb

Imports

libffi-8

ffi_type_sint8
ffi_type_uint8
ffi_type_float
ffi_type_uint64
ffi_type_uint32
ffi_type_double
ffi_type_uint16
ffi_type_sint32
ffi_call
ffi_type_sint64
ffi_type_void
ffi_prep_cif
ffi_prep_closure
ffi_type_sint16
ffi_type_pointer

ole32

ProgIDFromCLSID

oleaut32

SysStringLen
SysFreeString
GetErrorInfo
SysAllocStringLen

kernel32

GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetSystemInfo
VirtualAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
LoadLibraryExW
FreeLibrary
LocalFree
QueryPerformanceCounter
FormatMessageW
DisableThreadLibraryCalls
GetProcAddress
SetLastError
GetLastError

python313

PyObject_GetTypeData
PyObject_CallFunction
PyErr_WriteUnraisable
PyErr_SetRaisedException
_PyArg_UnpackKeywords
PyExc_ValueError
_Py_CheckRecursiveCall
PyUnicode_InternInPlace
PyDict_Next
PyErr_Format
PyDict_Type
PyModule_AddType
PyExc_BaseException
PyType_IsSubtype
PyExc_OverflowError
_Py_Dealloc
PyLong_AsUnsignedLongMask
PyTuple_GetItem
PySequence_GetSlice
PyDescr_NewGetSet
PyErr_ExceptionMatches
PySequence_SetItem
PyObject_CallFunctionObjArgs
PyUnicode_AsUTF8
PyUnicode_FromFormat
PyObject_GetBuffer
PySys_Audit
PyList_New
PyObject_GetAttrString
PyErr_NewException
PyDict_SetItem
PyDict_New
_PyLong_Sign
PyObject_VectorcallMethod
PyObject_IsInstance
PyMem_Free
PyLong_FromVoidPtr
PyObject_GetOptionalAttr
PyUnicode_AsWideChar
PyErr_NoMemory
_PyRuntime
PyLong_AsVoidPtr
PyObject_CallObject
PyModuleDef_Init
PyIndex_Check
PyBytes_FromStringAndSize
PyDict_DelItem
PyDict_GetItemRef
PyType_GetModuleByDef
PyNumber_AsSsize_t
_PyObject_MakeTpCall
_PyArg_BadArgument
_PyWeakref_ProxyType
PyExc_TypeError
PyType_FromMetaclass
PyTuple_Pack
PyCallable_Check
PyMem_Malloc
PyExc_IndexError
PyArg_UnpackTuple
PyExc_SystemError
PyWeakref_GetRef
PyErr_FormatUnraisable
_PyThreadState_GetCurrent
PyUnicode_FromString
PyBuffer_Release
PyType_Type
PyArg_ParseTuple
PyModule_Add
PySequence_Tuple
PyEval_RestoreThread
PyUnicode_FromStringAndSize
PyErr_WarnEx
PyExc_RuntimeWarning
PyOS_vsnprintf
PyImport_ImportModule
PySys_GetObject
PyGILState_Release
Py_Initialize
PyObject_GC_Del
PyLong_AsLong
PyObject_Vectorcall
_PyType_GetDict
Py_IsInitialized
PyErr_Clear
PyFile_WriteString
_PyImport_GetModuleAttrString
PyErr_SetString
PyGILState_Ensure
_PyObject_GC_NewVar
PyErr_Print
PyMem_Calloc
PyErr_SetObject
PyObject_CallOneArg
PyLong_AsUnsignedLong
PyType_GetName
PyCapsule_IsValid
PyBytes_AsString
PyUnicode_AppendAndDel
PyErr_SetFromWindowsErr
PyObject_GetAttr
PyUnicode_FromFormatV
PyFloat_FromDouble
PyTuple_Type
PyCapsule_GetPointer
PyUnicode_AsWideCharString
PyThreadState_GetDict
PyCapsule_New
PyUnicode_Type
_PyTraceback_Add
_PyUnicode_IsPrintable
PyExc_OSError
PyMem_Realloc
PyObject_Str
_PyObject_GC_New
PyExc_FileNotFoundError
PyObject_Call
PyBool_FromLong
PyLong_FromUnsignedLongLong
PyFloat_AsDouble
PyLong_FromLongLong
PyLong_FromUnsignedLong
PyLong_AsUnsignedLongLongMask
PyFloat_Unpack4
PyFloat_Pack4
PyObject_IsTrue
PyFloat_Pack8
PyByteArray_Type
PyFloat_Unpack8
PyOS_snprintf
PyObject_HasAttrWithError
PySequence_Fast
PyTuple_Size
PyLong_AsInt
_Py_CheckFunctionResult
PyUnicode_New
PyTuple_GetSlice
PyExc_AttributeError
PyMemoryView_FromObject
PyDict_SetItemString
PyType_GetModule
PyTuple_New
_Py_NoneStruct
PyErr_GetRaisedException
PyDict_Contains
PyDict_GetItemWithError
Py_BuildValue
PyBuffer_IsContiguous
PyUnicode_Concat
PyObject_GC_UnTrack
PySlice_Unpack
PyLong_FromLong
PyObject_SetAttrString
PyExc_RuntimeError
PyEval_SaveThread
PyUnicode_AsUTF8AndSize
_PyWeakref_CallableProxyType
_PyUnicode_EqualToASCIIString
PyLong_FromSsize_t
PyWeakref_NewProxy
PyErr_Occurred
PyDict_Update
PySequence_GetItem
PySlice_Type
PyType_GetDict
PyLong_AsSsize_t
_PyArg_NoKeywords
_PyNumber_Index
PyExc_Exception
PySlice_AdjustIndices
PyDescr_NewClassMethod
PyUnicode_InternFromString
PyObject_SetAttr
PySequence_Size
Py_GenericAlias
PyObject_GC_Track
PyUnicode_FromWideChar
PyObject_IsSubclass

vcruntime140

memcmp
__std_type_info_destroy_list
__C_specific_handler
strchr
memcpy
memset
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_errno
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit

api-ms-win-crt-string-l1-1-0

iswctype

Exports

Exports

DllCanUnloadNow
DllGetClassObject
PyInit__ctypes

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d706190026553171b406a80e0c3b7b00

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:ddCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d8:ae:bd:bf:34:53:bf:3c:6f:7c:ab:96:c0:64:40:3f:fe:0f:ad:e8:16:0d:d9:aa:14:c8:b0:04:d5:48:b2:93Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libffi-8

ole32

oleaut32

kernel32

python313

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 9KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 944B

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d8:ae:bd:bf:34:53:bf:3c:6f:7c:ab:96:c0:64:40:3f:fe:0f:ad:e8:16:0d:d9:aa:14:c8:b0:04:d5:48:b2:93
Signer

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 9KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 944B