30c480451dbdbf18d99b2e6ecf97cbf4d614e8ac1b5d8df1e3f5c62af81076b1N

Sharing

Copy URL Twitter E-mail

General

Target

30c480451dbdbf18d99b2e6ecf97cbf4d614e8ac1b5d8df1e3f5c62af81076b1N
Size

44KB
MD5

f36d512ff5f597355be2df8264197a40
SHA1

104d58ae7e55dbe39b1cc0ebed2145720ebf4a6e
SHA256

30c480451dbdbf18d99b2e6ecf97cbf4d614e8ac1b5d8df1e3f5c62af81076b1
SHA512

20d2166f7cd0406229bcd3a7b189bfb252ccf329ff911c680465c3ded855e571cb852523524907c81656412e24a011212d8ab673ff43bd2dc7c68f05c0275a10
SSDEEP

768:O8MFIm73tNzReUf0uXcN0RJH0RLQvZ/U27IDRyqH2l98K8sAhGsEOnh1JJLYtpHK:2FZ3tNzReGfXcN0jH0RLQvUDRyq+/Ahr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30c480451dbdbf18d99b2e6ecf97cbf4d614e8ac1b5d8df1e3f5c62af81076b1N

Files

30c480451dbdbf18d99b2e6ecf97cbf4d614e8ac1b5d8df1e3f5c62af81076b1N
.dll windows:6 windows x86 arch:x86

361f76cdba11e84ff41e8f76a477a20b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

O:\src\pywin32\build\temp.win32-3.6\Release\bits.pdb

Imports

oleaut32

SysFreeString

ole32

CoTaskMemFree

python36

PyExc_NotImplementedError
PyArg_ParseTuple
PyEval_SaveThread
PyEval_RestoreThread
PyGILState_Ensure
PyGILState_Release
PyLong_FromLong
PyLong_FromUnsignedLong
PyBytes_FromStringAndSize
_Py_TrueStruct
PyTuple_New
PyExc_MemoryError
_Py_FalseStruct
PyModule_Create2
PyModule_AddIntConstant
Py_BuildValue
PyErr_SetString
PyModule_GetDict
PyLong_FromLongLong
PyLong_FromUnsignedLongLong
_Py_NoneStruct

pythoncom36

??1PyComEnumTypeObject@@QAE@XZ
??0PyComEnumTypeObject@@QAE@PBDPAVPyComTypeObject@@HPAUPyMethodDef@@P6APAVPyIUnknown@@PAUIUnknown@@@Z@Z
?PyCom_InterfaceFromPyInstanceOrObject@@YAHPAU_object@@ABU_GUID@@PAPAXH@Z
?type@PyIUnknown@@2VPyComTypeObject@@A
?setattr@PyIBase@@UAEHPADPAU_object@@@Z
?repr@PyIUnknown@@UAEPAU_object@@XZ
?GetTypeInfoCount@PyGatewayBase@@UAGJPAI@Z
?GetTypeInfo@PyGatewayBase@@UAGJIKPAPAUITypeInfo@@@Z
?GetNextDispID@PyGatewayBase@@UAGJKJPAJ@Z
?GetNameSpaceParent@PyGatewayBase@@UAGJPAPAUIUnknown@@@Z
?GetMemberProperties@PyGatewayBase@@UAGJJKPAK@Z
?GetMemberName@PyGatewayBase@@UAGJJPAPA_W@Z
?GetIDsOfNames@PyGatewayBase@@UAGJABU_GUID@@PAPA_WIKPAJ@Z
?GetDispID@PyGatewayBase@@UAGJPA_WKPAJ@Z
?DeleteMemberByName@PyGatewayBase@@UAGJPA_WK@Z
?DeleteMemberByDispID@PyGatewayBase@@UAGJJ@Z
?PyCom_RegisterExtensionSupport@@YAHPAU_object@@PBUPyCom_InterfaceSupportInfo@@H@Z
?ThisAsIID@PyGatewayBase@@UAEPAXU_GUID@@@Z
?QueryInterface@PyGatewayBase@@UAGJABU_GUID@@PAPAX@Z
?Release@PyGatewayBase@@UAGKXZ
?AddRef@PyGatewayBase@@UAGKXZ
??1PyGatewayBase@@MAE@XZ
??0PyGatewayBase@@IAE@PAU_object@@@Z
?iter@PyIBase@@UAEPAU_object@@XZ
?getattr@PyIBase@@UAEPAU_object@@PAD@Z
?compare@PyIUnknown@@UAEHPAU_object@@@Z
??1PyIUnknown@@MAE@XZ
??0PyIUnknown@@IAE@PAUIUnknown@@@Z
?GetI@PyIUnknown@@SAPAUIUnknown@@PAU_object@@@Z
?PyCom_BuildPyException@@YAPAU_object@@JPAUIUnknown@@ABU_GUID@@@Z
PyCom_PyObjectFromIUnknown
??1PyComTypeObject@@QAE@XZ
??0PyComTypeObject@@QAE@PBDPAV0@HPAUPyMethodDef@@P6APAVPyIUnknown@@PAUIUnknown@@@Z@Z
?Unwrap@PyGatewayBase@@UAGJPAPAU_object@@@Z
?InvokeViaPolicy@PyGatewayBase@@MAAJPBDPAPAU_object@@0ZZ
?InvokeEx@PyGatewayBase@@UAGJJKGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAUIServiceProvider@@@Z
?Invoke@PyGatewayBase@@UAGJJABU_GUID@@KGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAI@Z
?InterfaceSupportsErrorInfo@PyGatewayBase@@UAGJABU_GUID@@@Z
?iternext@PyIBase@@UAEPAU_object@@XZ

pywintypes36

?PyWinObject_FromIID@@YAPAU_object@@ABU_GUID@@@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_AsIID@@YAHPAU_object@@PAU_GUID@@@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinObject_AsBstr@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinGlobals_Ensure@@YAHXZ
?PyWinObject_FromFILETIME@@YAPAU_object@@ABU_FILETIME@@@Z

kernel32

IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
GetCurrentProcess

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__telemetry_main_return_trigger
__telemetry_main_invoke_trigger
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_crt_atexit
_initialize_onexit_table
_cexit
_initterm
_initterm_e
_seh_filter_dll
terminate
_crt_at_quick_exit
_initialize_narrow_environment

Exports

Exports

PyInit_bits

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

361f76cdba11e84ff41e8f76a477a20b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

ole32

python36

pythoncom36

pywintypes36

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 76B

.rsrc Size: 1024B - Virtual size: 836B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 76B

.rsrc
Size: 1024B - Virtual size: 836B

.reloc
Size: 4KB - Virtual size: 3KB