80097bcb8fbcfb68a9d2f6054a47ad42013ac93cf65e824dd66772d6dbd9cefcN

Sharing

Copy URL

Twitter E-mail

General

Target

80097bcb8fbcfb68a9d2f6054a47ad42013ac93cf65e824dd66772d6dbd9cefcN
Size

50KB
MD5

0367e61ead417b85a478b74f97ad0e80
SHA1

557a5fb82e8955ce8090c79eaf3d20915221e144
SHA256

80097bcb8fbcfb68a9d2f6054a47ad42013ac93cf65e824dd66772d6dbd9cefc
SHA512

dddc6ed996872c21f592535d40fcffe5ffd64a7dc9681efebc9df0d3865ad5812f8fe8de79dde4dfe6e020e08aad090838a27f1603e0499be537cd45fd1cae46
SSDEEP

768:vGErFwI39a2uUbszuLY8DrY0Em3nxNpeM9U909tq7aJq:v3um9aUouLnY0EL0947

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80097bcb8fbcfb68a9d2f6054a47ad42013ac93cf65e824dd66772d6dbd9cefcN

Files

80097bcb8fbcfb68a9d2f6054a47ad42013ac93cf65e824dd66772d6dbd9cefcN
.dll windows:6 windows x64 arch:x64

829a29b3d48364c307487d20004b95c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win-amd64-3.5\Release\win32process.pdb

Imports

advapi32

CreateProcessAsUserW

user32

AttachThreadInput
GetWindowThreadProcessId

python35

PyErr_Print
PyObject_GenericGetAttr
PyObject_GenericSetAttr
PyCallable_Check
PyBytes_Size
PyBytes_AsString
PyUnicode_AsUnicode
PyUnicode_AsUTF8
PyLong_FromLong
PyLong_FromUnsignedLong
PyLong_AsLong
PyLong_AsUnsignedLongMask
PyLong_FromUnsignedLongLong
PyBool_FromLong
PyTuple_New
PyTuple_SetItem
PyExc_TypeError
PyExc_NotImplementedError
PyExc_RuntimeError
PyExc_MemoryError
PyExc_AttributeError
_Py_NoneStruct
PyMapping_Values
PyMapping_Keys
PyMapping_Size
PyMapping_Check
PyEval_InitThreads
PyEval_RestoreThread
PyEval_SaveThread
PyEval_CallObjectWithKeywords
PyType_Ready
PyModule_Create2
Py_BuildValue
PyArg_ParseTuple
PyErr_Format
PyErr_SetFromErrno
PyErr_Occurred
PyErr_SetString
PyGILState_Release
PyGILState_Ensure
PyModule_GetDict
PyDict_SetItemString
PyList_Append
PyList_GetItem
PyList_New

pywintypes35

?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z
?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z
?PyWinObject_FreeWCHAR@@YAXPEA_W@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_WH@Z
?PyWin_CopyString@@YAPEA_WPEB_W@Z
?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z
?PyWinObject_FromFILETIME@@YAPEAU_object@@AEBU_FILETIME@@@Z
?PyWinObject_FromIO_COUNTERS@@YAPEAU_object@@PEAU_IO_COUNTERS@@@Z
?PyWinObject_AsSECURITY_ATTRIBUTES@@YAHPEAU_object@@PEAPEAU_SECURITY_ATTRIBUTES@@H@Z
?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z
?PyWinObject_FromHANDLE@@YAPEAU_object@@PEAX@Z
?PyWinLong_FromHANDLE@@YAPEAU_object@@PEAX@Z
?PyWinGlobals_Ensure@@YAHXZ
?PyWinExc_ApiError@@3PEAU_object@@EA
?PyHANDLEType@@3U_typeobject@@A

kernel32

GetCurrentProcessId
GetCurrentProcess
GetLastError
TerminateProcess
GetExitCodeProcess
SetThreadPriority
GetThreadPriority
GetExitCodeThread
SuspendThread
ResumeThread
CreateProcessW
GetProcessVersion
GetStartupInfoW
SetPriorityClass
GetPriorityClass
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
SetThreadAffinityMask
LoadLibraryW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitProcess

vcruntime140

__telemetry_main_return_trigger
__C_specific_handler
__std_exception_copy
__telemetry_main_invoke_trigger
_CxxThrowException
__std_type_info_destroy_list
memset
__std_exception_destroy
__CxxFrameHandler3
__std_terminate

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-runtime-l1-1-0

_initterm
_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_beginthreadex
_initterm_e

api-ms-win-crt-string-l1-1-0

strcmp

Exports

Exports

PyInit_win32process

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

829a29b3d48364c307487d20004b95c7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

user32

python35

pywintypes35

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 3KB - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 52B

.reloc Size: 512B - Virtual size: 292B

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 3KB - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 52B

.reloc
Size: 512B - Virtual size: 292B