0647a3ba199c6863b3359b078d4633ed641f0c84b6efc8857aaf5596747a8d74N

Sharing

Copy URL Twitter E-mail

General

Target

0647a3ba199c6863b3359b078d4633ed641f0c84b6efc8857aaf5596747a8d74N
Size

29KB
MD5

6e07a575390769a0a508fcf636447ae0
SHA1

93d41bf7cd0fe37dcc03d90ef7d537bafd96091e
SHA256

0647a3ba199c6863b3359b078d4633ed641f0c84b6efc8857aaf5596747a8d74
SHA512

3b5d3d327114798b03e61fffd5bcd5e21e35de3dbd278020550b913b55aed8536f2eab4fe8828fe5317522286cb6287e45951d921dcd6bcbef5c4a30a1954c21
SSDEEP

768:hcfLD4wM7QIgosBKPzUmze2DmVvKHMJX6RlCvOzAHMZmF6g:hcjD4lgosBYUmze2DiKHMJX6R7AHMZmZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0647a3ba199c6863b3359b078d4633ed641f0c84b6efc8857aaf5596747a8d74N

Files

0647a3ba199c6863b3359b078d4633ed641f0c84b6efc8857aaf5596747a8d74N
.dll windows:6 windows x86 arch:x86

30df5c228083fbfbeff9b143bef968f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.9\Release\win32wnet.pdb

Imports

netapi32

Netbios

mpr

WNetGetLastErrorW
WNetGetUserW
WNetGetUniversalNameW
WNetGetResourceInformationW
WNetGetResourceParentW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetGetConnectionW
WNetCancelConnection2W
WNetAddConnection3W
WNetAddConnection2W

python39

PyObject_GenericGetAttr
PyObject_GenericSetAttr
_PyTraceMalloc_NewReference
_Py_Dealloc
PyUnicode_AsUTF8
PyErr_SetString
PyErr_Clear
PyErr_Format
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
_Py_tracemalloc_config
_Py_NoneStruct
PyExc_AttributeError
PyExc_ValueError
PyDict_SetItemString
PyExc_MemoryError
PyEval_RestoreThread
PyEval_SaveThread
PyModule_Create2
Py_BuildValue
PyErr_SetObject
PyModule_GetDict
PyObject_GetAttrString
PyList_Append
PyList_New
PyTuple_New
PyLong_FromLong
PyType_Ready
PyExc_TypeError

pywintypes39

?PyBuffer_FromMemory@@YAPAU_object@@PAXH@Z
?PyWinObject_AsString@@YAHPAU_object@@PAPADHPAK@Z
?PyWinObject_FreeString@@YAXPAD@Z
?PyWinObject_AsWriteBuffer@@YAHPAU_object@@PAPAXPAKH@Z
?PyWinCoreString_FromString@@YAPAU_object@@PBDH@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWin_CopyString@@YAPA_WPB_W@Z
?PyBuffer_New@@YAPAU_object@@H@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_WH@Z
?PyWinObject_AsHANDLE@@YAHPAU_object@@PAPAX@Z
?PyWinGlobals_Ensure@@YAHXZ
?PyHANDLEType@@3U_typeobject@@A
?PyWinExc_ApiError@@3PAU_object@@A
??1PyHANDLE@@UAE@XZ
??0PyHANDLE@@QAE@PAX@Z
?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z

kernel32

VirtualAlloc
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree

vcruntime140

__std_type_info_destroy_list
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__telemetry_main_return_trigger
__telemetry_main_invoke_trigger
__CxxFrameHandler3
__std_terminate
memset
_except_handler4_common

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initterm_e
_initterm

Exports

Exports

??0PyNCB@@QAE@PBU_NCB@@@Z
??0PyNCB@@QAE@XZ
??0PyNETRESOURCE@@QAE@PBU_NETRESOURCEW@@@Z
??0PyNETRESOURCE@@QAE@XZ
??1PyNCB@@QAE@XZ
??1PyNETRESOURCE@@QAE@XZ
??4PyNCB@@QAEAAV0@ABV0@@Z
??4PyNETRESOURCE@@QAEAAV0@ABV0@@Z
?GetNCB@PyNCB@@QAEPAU_NCB@@XZ
?GetNetresource@PyNETRESOURCE@@QAEPAU_NETRESOURCEW@@XZ
?PyNCBType@@3U_typeobject@@A
?PyNETRESOURCEType@@3U_typeobject@@A
?PyWinObject_AsNETRESOURCE@@YAHPAU_object@@PAPAU_NETRESOURCEW@@H@Z
?PyWinObject_FromNETRESOURCE@@YAPAU_object@@PBU_NETRESOURCEW@@@Z
?Reset@PyNCB@@QAEXXZ
?compare@PyNETRESOURCE@@QAEHPAU_object@@@Z
?compareFunc@PyNETRESOURCE@@SAHPAU_object@@0@Z
?deallocFunc@PyNCB@@SAXPAU_object@@@Z
?deallocFunc@PyNETRESOURCE@@SAXPAU_object@@@Z
?getattro@PyNCB@@SAPAU_object@@PAU2@0@Z
?getattro@PyNETRESOURCE@@SAPAU_object@@PAU2@0@Z
?members@PyNCB@@2PAUPyMemberDef@@A
?members@PyNETRESOURCE@@2PAUPyMemberDef@@A
?methods@PyNCB@@2PAUPyMethodDef@@A
?setattro@PyNCB@@SAHPAU_object@@00@Z
?setattro@PyNETRESOURCE@@SAHPAU_object@@00@Z
PyInit_win32wnet

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30df5c228083fbfbeff9b143bef968f1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

mpr

python39

pywintypes39

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 1KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 76B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 1KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 76B

.reloc
Size: 2KB - Virtual size: 1KB