ba995cf2ff02e9db421fa0b9a699f0d091130bc43b9eb268dd4377f885973fe4N

Sharing

Copy URL Twitter E-mail

General

Target

ba995cf2ff02e9db421fa0b9a699f0d091130bc43b9eb268dd4377f885973fe4N
Size

49KB
MD5

68453d0fcb6e9b6eb106ec9875f86440
SHA1

ca1ed5e87bc87c01e857b2b4c424a76815cf5af9
SHA256

ba995cf2ff02e9db421fa0b9a699f0d091130bc43b9eb268dd4377f885973fe4
SHA512

2be1c1250d0ff573bd1d3b5b820e86c2062c3d45223c8a20d13d0b83267b52152d84f22fc8a7c6a1666e1c597be90327dfe8363c4dea511560817fba1f3540b4
SSDEEP

768:YqogeuzGW33IF04kMOcesABIjYluFoeUJPxobslwzX8+g4fMHy1Ob:K9W3SdOcesAwYgzUkXzX82UTb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba995cf2ff02e9db421fa0b9a699f0d091130bc43b9eb268dd4377f885973fe4N

Files

ba995cf2ff02e9db421fa0b9a699f0d091130bc43b9eb268dd4377f885973fe4N
.dll windows:6 windows x86 arch:x86

08f8c3725893a9f428c412306da50f4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.8\Release\PyISAPI_loader.pdb

Imports

advapi32

RegisterEventSourceW
ReportEventA
RegCloseKey
RegCreateKeyExW
RegSetValueExW
DeregisterEventSource

python38

PyEval_InitThreads
Py_IsInitialized
Py_Initialize
PyErr_Print
_Py_VaBuildValue_SizeT
PyErr_ExceptionMatches
PyErr_Occurred
PyList_Insert
PyList_GetItem
PyList_Size
PyTuple_New
PyObject_RichCompare
PyBytes_Size
PyExc_ValueError
PyExc_TypeError
PyExc_RuntimeError
PyExc_AttributeError
_Py_NoneStruct
_Py_tracemalloc_config
PyObject_Call
PyImport_ImportModule
PyEval_RestoreThread
PyEval_SaveThread
_Py_BuildValue_SizeT
PyUnicode_AsUTF8String
PyErr_Format
PyErr_NoMemory
PyErr_Clear
PyErr_SetString
PyErr_SetObject
PyGILState_Release
PyGILState_Ensure
PyDict_DelItem
PyBytes_AsString
PySys_GetObject
PyDict_SetItem
PyDict_GetItem
_PyObject_CallMethod_SizeT
PyDict_New
PyImport_ReloadModule
PyTuple_Size
PyBool_FromLong
PyLong_FromVoidPtr
PySys_WriteStderr
PyLong_AsLong
PyLong_FromLong
PyUnicode_AsUnicode
PyUnicode_FromWideChar
PyBytes_FromString
PyBytes_FromStringAndSize
_Py_Dealloc
_PyTraceMalloc_NewReference
PyCallable_Check
PyObject_GenericSetAttr
PyObject_GenericGetAttr
_PyArg_ParseTuple_SizeT
PyObject_GetAttrString
PyType_Ready
PySys_SetObject
_Py_TrueStruct

kernel32

OutputDebugStringW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameA
GetModuleFileNameW
FormatMessageA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
GetLastError

vcruntime140

__std_exception_destroy
__std_exception_copy
__telemetry_main_return_trigger
__telemetry_main_invoke_trigger
memset
__CxxFrameHandler3
_except_handler4_common
__std_type_info_destroy_list
_CxxThrowException

api-ms-win-crt-string-l1-1-0

_stricmp
wcsncmp
strncpy
strncmp

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_splitpath
_wsplitpath

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_initterm
_initterm_e
terminate
_initialize_narrow_environment
_seh_filter_dll
_execute_onexit_table

Exports

Exports

GetExtensionVersion
GetFilterVersion
HttpExtensionProc
HttpFilterProc
PyISAPISetOptions
TerminateExtension
TerminateFilter
WriteEventLogMessage

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08f8c3725893a9f428c412306da50f4f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

python38

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 76B

.rsrc Size: 1024B - Virtual size: 704B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 76B

.rsrc
Size: 1024B - Virtual size: 704B

.reloc
Size: 3KB - Virtual size: 2KB