997751de906e2a5adeb0dea9192c4d84721d969d64c0e2e9919e1c6c692e773cN

Sharing

Copy URL Twitter E-mail

General

Target

997751de906e2a5adeb0dea9192c4d84721d969d64c0e2e9919e1c6c692e773cN
Size

22KB
MD5

9821162a70dc044b001fc1982dab2970
SHA1

a2d771ddb10ee054729a10b7813ff17f05494a17
SHA256

997751de906e2a5adeb0dea9192c4d84721d969d64c0e2e9919e1c6c692e773c
SHA512

55369910cc1b0f9285e3398d13a6da86ec159bd432118cdbfef04397297df2823e1ae673e69eb06ae26217c30722126ec6eb53beadbced230133a8eff9e73751
SSDEEP

384:8Pf7Yde3xNak4SIYJ/R4YJ2uXnEOZKbEqA1ny74XKYx1wBgD0qPonip0yuPnQDU/:8s4ck4SJ9J2uXnEOZKbEqA1ny74XKYxg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
997751de906e2a5adeb0dea9192c4d84721d969d64c0e2e9919e1c6c692e773cN

Files

997751de906e2a5adeb0dea9192c4d84721d969d64c0e2e9919e1c6c692e773cN
.dll windows:6 windows x86 arch:x86

ef30d3f96a3e6546adf167e3ac0122a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.5\Release\win32job.pdb

Imports

user32

UserHandleGrantAccess

python35

PyArg_ParseTupleAndKeywords
PyErr_Format
PyErr_Occurred
PyErr_SetString
PyModule_GetDict
PyDict_SetItemString
PyTuple_New
PyBool_FromLong
PyLong_FromUnsignedLongLong
PyLong_AsUnsignedLongMask
PyLong_FromLong
Py_BuildValue
PyModule_Create2
PyEval_SaveThread
PyEval_RestoreThread
_Py_NoneStruct
PyDict_Type
PyExc_MemoryError
PyExc_NotImplementedError
PyExc_TypeError
PyArg_ParseTuple

pywintypes35

?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinExc_ApiError@@3PAU_object@@A
?PyWinGlobals_Ensure@@YAHXZ
?PyWinObject_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinObject_AsHANDLE@@YAHPAU_object@@PAPAX@Z
?PyWinObject_AsSECURITY_ATTRIBUTES@@YAHPAU_object@@PAPAU_SECURITY_ATTRIBUTES@@H@Z
?PyWinObject_FromIO_COUNTERS@@YAPAU_object@@PAU_IO_COUNTERS@@@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z

kernel32

OpenJobObjectW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetInformationJobObject
QueryInformationJobObject
TerminateJobObject
AssignProcessToJobObject
GetProcAddress
CreateJobObjectW
LoadLibraryW
GetLastError

vcruntime140

memset
__telemetry_main_return_trigger
__std_type_info_destroy_list
_except_handler4_common
__telemetry_main_invoke_trigger

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_initterm_e
_initterm
_initialize_onexit_table
_register_onexit_function
_crt_at_quick_exit
_cexit
terminate
_execute_onexit_table
_initialize_narrow_environment
_seh_filter_dll

Exports

Exports

PyInit_win32job

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef30d3f96a3e6546adf167e3ac0122a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

python35

pywintypes35

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 28B

.rsrc Size: 1024B - Virtual size: 852B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 28B

.rsrc
Size: 1024B - Virtual size: 852B

.reloc
Size: 1KB - Virtual size: 1KB