cb7ddade909e4a48e6126dd1a84ba0cc2cdf55ceb26b9d7dd6c8e00c64e486eeN

Sharing

Copy URL Twitter E-mail

General

Target

cb7ddade909e4a48e6126dd1a84ba0cc2cdf55ceb26b9d7dd6c8e00c64e486eeN
Size

121KB
MD5

80cd91584fdf368d40e668531aee5220
SHA1

6dd3462d11267e4aa3020e57986caebf73ca270f
SHA256

cb7ddade909e4a48e6126dd1a84ba0cc2cdf55ceb26b9d7dd6c8e00c64e486ee
SHA512

bce51a723066c420d14c8be823a343f5032e8c83822cd8b65d718a6e63bbac8e7cc548d115030ce0cda8284bfc1f0f96e0ae62e4c2917da00d2e4ddf5040d2bc
SSDEEP

3072:Hpcd4XU/VdavH1r468JDkUenfS0UehU+8shvvkpZYFtFhHJnRZzYfrXTE:H8/VdavH1r468JDkUenfS0UehU+8shv0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb7ddade909e4a48e6126dd1a84ba0cc2cdf55ceb26b9d7dd6c8e00c64e486eeN

Files

cb7ddade909e4a48e6126dd1a84ba0cc2cdf55ceb26b9d7dd6c8e00c64e486eeN
.dll windows:6 windows x86 arch:x86

4716302c5a67aae6f91047a9797c7e4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.5\Release\win32file.pdb

Imports

python35

PyBytes_AsString
_PyBytes_Resize
PyBytes_AsStringAndSize
PyBytes_FromString
PyUnicode_FromWideChar
PyBytes_FromStringAndSize
_PyObject_New
PyObject_Free
PyCallable_Check
PyObject_IsTrue
PyObject_GenericGetAttr
PyLong_FromLong
PyLong_AsLong
PyLong_AsUnsignedLong
PyLong_AsUnsignedLongMask
PyBool_FromLong
PyObject_SelfIter
PyType_Ready
PyUnicode_AsUnicode
PyModule_Create2
PyMemoryView_FromBuffer
PyTuple_New
PyList_New
PyList_Append
PyDict_New
PyExc_AttributeError
PyUnicode_AsUTF8
PyObject_GenericSetAttr
PyExc_IOError
PyExc_ValueError
PyExc_TypeError
PyExc_SystemError
PyExc_NotImplementedError
PyExc_RuntimeError
PyExc_MemoryError
PyExc_StopIteration
_Py_NoneStruct
PySequence_GetSlice
PySequence_GetItem
PySequence_Size
PySequence_Check
PyBuffer_FillInfo
PyObject_AsReadBuffer
PyObject_CallMethod
PyObject_Call
PyEval_RestoreThread
PyEval_SaveThread
PyType_IsSubtype
Py_BuildValue
PyArg_ParseTupleAndKeywords
PyArg_ParseTuple
PyOS_snprintf
PyErr_Format
PyErr_SetFromErrno
PyErr_NoMemory
PyErr_Clear
PyErr_Occurred
PyErr_SetString
PyErr_SetNone
PyGILState_Release
PyGILState_Ensure
PyCapsule_Import
PyCapsule_SetContext
PyCapsule_IsValid
PyCapsule_GetContext
PyCapsule_GetDestructor
PyCapsule_GetPointer
PyCapsule_New
PyModule_GetDict
PyDict_SetItemString
PyDict_SetItem

pywintypes35

?PyBuffer_New@@YAPAU_object@@H@Z
?PyBuffer_FromMemory@@YAPAU_object@@PAXH@Z
?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_AsString@@YAHPAU_object@@PAPADHPAK@Z
?PyWinObject_FreeString@@YAXPAD@Z
?PyWinObject_AsReadBuffer@@YAHPAU_object@@PAPAXPAKH@Z
?PyWinObject_AsWriteBuffer@@YAHPAU_object@@PAPAXPAKH@Z
?PyWinObject_FromMultipleString@@YAPAU_object@@PA_W@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_WH@Z
?PyWinLong_AsVoidPtr@@YAHPAU_object@@PAPAX@Z
?PyWinLong_FromVoidPtr@@YAPAU_object@@PBX@Z
?PyWinObject_AsLARGE_INTEGER@@YAHPAU_object@@PAT_LARGE_INTEGER@@@Z
?PyWinObject_AsULARGE_INTEGER@@YAHPAU_object@@PAT_ULARGE_INTEGER@@@Z
?PyWinObject_FromLARGE_INTEGER@@YAPAU_object@@AAT_LARGE_INTEGER@@@Z
?PyWinObject_FromULARGE_INTEGER@@YAPAU_object@@AAT_ULARGE_INTEGER@@@Z
?PyWinObject_AsOVERLAPPED@@YAHPAU_object@@PAPAU_OVERLAPPED@@H@Z
?PyWinObject_AsPyOVERLAPPED@@YAHPAU_object@@PAPAVPyOVERLAPPED@@H@Z
?PyWinMethod_NewOVERLAPPED@@YAPAU_object@@PAU1@0@Z
?PyWinObject_AsIID@@YAHPAU_object@@PAU_GUID@@@Z
?PyWinObject_FromFILETIME@@YAPAU_object@@ABU_FILETIME@@@Z
?PyWinObject_FromTimeStamp@@YAPAU_object@@ABT_LARGE_INTEGER@@@Z
?PyWinObject_AsFILETIME@@YAHPAU_object@@PAU_FILETIME@@@Z
?PyObject_FromWIN32_FIND_DATAW@@YAPAU_object@@PAU_WIN32_FIND_DATAW@@@Z
?PyWinObject_AsSECURITY_ATTRIBUTES@@YAHPAU_object@@PAPAU_SECURITY_ATTRIBUTES@@H@Z
?PyWinObject_AsSID@@YAHPAU_object@@PAPAXH@Z
?PyWinObject_FromSID@@YAPAU_object@@PAX@Z
?PyWinObject_AsHANDLE@@YAHPAU_object@@PAPAX@Z
?PyWinObject_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinLong_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinObject_CloseHANDLE@@YAHPAU_object@@@Z
?PySocket_AsSOCKET@@YAHPAU_object@@PAI@Z
?PyWinGlobals_Ensure@@YAHXZ
?PyWinExc_ApiError@@3PAU_object@@A

mswsock

AcceptEx
GetAcceptExSockaddrs

ws2_32

getsockopt
htonl
htons
inet_addr
inet_ntoa
ntohl
ntohs
gethostbyaddr
gethostbyname
getservbyport
getservbyname
WSASetLastError
WSAGetLastError
WSAAsyncSelect
WSAEnumNetworkEvents
WSAEventSelect
WSAIoctl
WSARecv
WSASend

kernel32

GetOverlappedResult
ReadFile
WriteFile
GetFileSize
GetFileType
GetFileInformationByHandle
UnlockFileEx
LockFileEx
UnlockFile
LockFile
GetLogicalDrives
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetLastError
GetBinaryTypeW
GetProcAddress
FreeLibrary
DeviceIoControl
SetEndOfFile
SetFilePointer
FindClose
GetFileTime
SetFileTime
ClearCommBreak
ClearCommError
SetupComm
EscapeCommFunction
GetCommMask
GetCommModemStatus
GetCommState
GetCommTimeouts
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
BuildCommDCBW
IsBadWritePtr
ReadDirectoryChangesW
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationW
CancelIo
AreFileApisANSI
SetFileApisToANSI
SetFileApisToOEM
SetVolumeLabelW
MoveFileExW
MoveFileW
CopyFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetCompressedFileSizeW
GetFileAttributesExW
GetFileAttributesExA
GetFileAttributesW
SetFileAttributesW
CreateFileW
QueryDosDeviceW
DefineDosDeviceW
GetFullPathNameW
GetFullPathNameA
RemoveDirectoryW
CreateDirectoryExW
CreateDirectoryW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
SetCurrentDirectoryW
GetSystemDirectoryA
GetDriveTypeW
GetModuleHandleW
LoadLibraryW
LoadLibraryA
SetMailslotInfo
GetMailslotInfo
CreateMailslotW
LocalFileTimeToFileTime
WaitCommEvent
TransmitCommChar
SetCommTimeouts
SetCommState
SetCommMask
SetCommBreak
PurgeComm
FlushFileBuffers

vcruntime140

__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_exception_copy
__std_exception_destroy
memset
__std_type_info_destroy_list
_except_handler4_common
__std_terminate
__CxxFrameHandler3
strchr
_CxxThrowException

api-ms-win-crt-string-l1-1-0

strncpy_s
strcat_s
wcsncpy
strcpy_s

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
malloc
calloc
free

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-stdio-l1-1-0

_get_osfhandle
__stdio_common_vsprintf
_setmaxstdio
_getmaxstdio
__stdio_common_vsprintf_s
_open_osfhandle

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_initterm_e
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initterm
_initialize_onexit_table

Exports

Exports

PyInit_win32file

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4716302c5a67aae6f91047a9797c7e4c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

python35

pywintypes35

mswsock

ws2_32

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 4KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 76B

.rsrc Size: 1024B - Virtual size: 852B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 4KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 76B

.rsrc
Size: 1024B - Virtual size: 852B

.reloc
Size: 9KB - Virtual size: 9KB