78692e8137878dd1adf27b1dc46e70f26bb8f0b24ea52d134c25bf7e9d2f7b2aN

Sharing

Copy URL Twitter E-mail

General

Target

78692e8137878dd1adf27b1dc46e70f26bb8f0b24ea52d134c25bf7e9d2f7b2aN
Size

25KB
MD5

045d58882dbb1abefae46376125dbd10
SHA1

1667c6f743c6ab7d9cae05f0e4b46d18f8a0eaed
SHA256

78692e8137878dd1adf27b1dc46e70f26bb8f0b24ea52d134c25bf7e9d2f7b2a
SHA512

838e404f2bb7c16e78dd4d6d1dab4f1139089e03e86ea9470d599dd36f5d85b32fea498abbe89e6d1fd52ede21ec876ed3b8465b94c4e0f6cb93800034dd256e
SSDEEP

768:hQ3XBNlUj99FwifVvSx0M8EeesOW9uqe+lx:ham9FwiNBGfW9uqe+lx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78692e8137878dd1adf27b1dc46e70f26bb8f0b24ea52d134c25bf7e9d2f7b2aN

Files

78692e8137878dd1adf27b1dc46e70f26bb8f0b24ea52d134c25bf7e9d2f7b2aN
.dll windows:6 windows x86 arch:x86

5c6dc952dd1b861c0ffb584fc1e25326

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.7\Release\win32ras.pdb

Imports

rasapi32

RasGetEntryDialParamsW
RasSetEntryDialParamsW
RasEditPhonebookEntryW
RasCreatePhonebookEntryW
RasHangUpW
RasGetErrorStringW
RasGetConnectStatusW
RasEnumEntriesW
RasEnumConnectionsW
RasDialW

user32

IsWindow

python37

PyObject_GenericGetAttr
PyObject_GenericSetAttr
PyCallable_Check
PyUnicode_AsUTF8
PyLong_FromLong
PyLong_AsLong
PyLong_FromVoidPtr
PyBool_FromLong
PyExc_ValueError
PyExc_TypeError
PyExc_RuntimeError
PyExc_MemoryError
PyExc_AttributeError
_Py_NoneStruct
PyMapping_HasKey
PySequence_Tuple
PyEval_InitThreads
PyEval_RestoreThread
PyEval_SaveThread
PyEval_CallObjectWithKeywords
PyErr_Print
PyModule_Create2
PyModule_AddIntConstant
Py_BuildValue
PyArg_ParseTuple
PyTuple_New
PyErr_NoMemory
PyErr_Clear
PyErr_Occurred
PyErr_SetString
PyErr_SetObject
PyGILState_Release
PyGILState_Ensure
PyModule_GetDict
PyDict_SetItemString
PyErr_Format
PyDict_DelItem
PyDict_SetItem
PyDict_GetItem
PyDict_New
PyList_New
PyType_Ready

pywintypes37

?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinExc_ApiError@@3PAU_object@@A
?PyWinGlobals_Ensure@@YAHXZ
?PyWinLong_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinObject_AsHANDLE@@YAHPAU_object@@PAPAX@Z
?PyWinLong_FromVoidPtr@@YAPAU_object@@PBX@Z
?PyWinLong_AsVoidPtr@@YAHPAU_object@@PAPAX@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinCoreString_FromString@@YAPAU_object@@PBDH@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z

kernel32

GetLastError
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
FormatMessageW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId

vcruntime140

_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_type_info_destroy_list
__telemetry_main_invoke_trigger
memset
__CxxFrameHandler3
__std_terminate
__telemetry_main_return_trigger
_except_handler4_common

api-ms-win-crt-string-l1-1-0

wcsncpy

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_initialize_narrow_environment
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_seh_filter_dll
_execute_onexit_table
_initterm
_initterm_e

Exports

Exports

PyInit_win32ras
ReturnRasError

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c6dc952dd1b861c0ffb584fc1e25326

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rasapi32

user32

python37

pywintypes37

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 76B

.rsrc Size: 1024B - Virtual size: 852B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 76B

.rsrc
Size: 1024B - Virtual size: 852B

.reloc
Size: 1KB - Virtual size: 1KB