e305d2c0451f5c1b7500d76e7d82fbb9d89524c8ad2819257ae88a3dc3412b7e

Sharing

Copy URL Twitter E-mail

General

Target

e305d2c0451f5c1b7500d76e7d82fbb9d89524c8ad2819257ae88a3dc3412b7e
Size

70KB
MD5

137c48b0e45315596dfef7835021e288
SHA1

e919abe59cdc6f0b19a81e6470c605aa9e3723cb
SHA256

e305d2c0451f5c1b7500d76e7d82fbb9d89524c8ad2819257ae88a3dc3412b7e
SHA512

646440af9da8dca718f386a86e1c0c213763e304ffce4ec9eef86f1cfe6df14210298e3e5d0f472bc0879540f6ceeebf75c98a25b08b49fd2afabcecf8823425
SSDEEP

1536:ZHHL6rdO1XkLy+QE3o6g2Au9yTd00e9jFCgqUObN/+g5rptgis5:BHL6rdO1XkLyE3o6g2Au9yanGgqUg/+7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e305d2c0451f5c1b7500d76e7d82fbb9d89524c8ad2819257ae88a3dc3412b7e

Files

e305d2c0451f5c1b7500d76e7d82fbb9d89524c8ad2819257ae88a3dc3412b7e
.dll windows:6 windows x86 arch:x86

8f06062274b17a10981403a5205d3540

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\pywin32\pywin32\build\temp.win32-cpython-311\Release\exchange.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW

oleaut32

SysStringLen
SysFreeString

python311

PyArg_ParseTuple
PyBytes_Size
PyList_SetItem
_Py_TrueStruct
PyBytes_FromStringAndSize
PyTuple_SetItem
_Py_BuildValue_SizeT
PyEval_SaveThread
_PyArg_ParseTuple_SizeT
PyEval_RestoreThread
PyErr_SetString
PySequence_Check
PyErr_Clear
PyList_New
PyLong_AsLong
_Py_FalseStruct
PyLong_FromUnsignedLong
PyExc_ValueError
PyUnicode_FromWideChar
PyFloat_FromDouble
PyTuple_New
PyBytes_FromString
PyFloat_AsDouble
PyUnicode_DecodeMBCS
PyExc_MemoryError
Py_BuildValue
PyErr_Occurred
PySequence_GetItem
PyBytes_AsString
PyLong_AsUnsignedLong
PySequence_Size
PyModule_Create2
PyModule_GetDict
_Py_Dealloc
PyDict_SetItemString
_Py_NoneStruct
PyLong_FromLong
PyExc_TypeError

pywintypes311

?PyWinObject_FreeBstr@@YAXPA_W@Z
?PyWinObject_AsLARGE_INTEGER@@YAHPAU_object@@PAT_LARGE_INTEGER@@@Z
?PyWinObject_AsFILETIME@@YAHPAU_object@@PAU_FILETIME@@@Z
?PyWinObject_AsIID@@YAHPAU_object@@PAU_GUID@@@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_FromLARGE_INTEGER@@YAPAU_object@@ABT_LARGE_INTEGER@@@Z
?PyWinObject_AsDATE@@YAHPAU_object@@PAN@Z
?PyWinObject_FromFILETIME@@YAPAU_object@@ABU_FILETIME@@@Z
?PyWinObject_AsBstr@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_FromIID@@YAPAU_object@@ABU_GUID@@@Z
?PyWinObject_FreeChars@@YAXPAD@Z
?PyWinObject_AsChars@@YAHPAU_object@@PAPADHPAK@Z
?PyWinObject_FromDATE@@YAPAU_object@@N@Z

pythoncom311

PyCom_PyObjectFromIUnknown
?PyCom_RegisterClientType@@YAHPAU_typeobject@@PBU_GUID@@@Z
?iter@PyIBase@@UAEPAU_object@@XZ
?iternext@PyIBase@@UAEPAU_object@@XZ
?repr@PyIUnknown@@UAEPAU_object@@XZ
?compare@PyIUnknown@@UAEHPAU_object@@@Z
?GetI@PyIUnknown@@SAPAUIUnknown@@PAU_object@@@Z
??0PyIUnknown@@IAE@PAUIUnknown@@@Z
??0PyComTypeObject@@QAE@PBDPAV0@HPAUPyMethodDef@@P6APAVPyIUnknown@@PAUIUnknown@@@Z@Z
??1PyComTypeObject@@QAE@XZ
?getattr@PyIBase@@UAEPAU_object@@PAD@Z
?setattr@PyIBase@@UAEHPADPAU_object@@@Z
?PyCom_BuildPyException@@YAPAU_object@@JPAUIUnknown@@ABU_GUID@@@Z
?type@PyIUnknown@@2VPyComTypeObject@@A
??1PyIUnknown@@MAE@XZ

kernel32

GetModuleHandleExW
ExpandEnvironmentStringsW
GetSystemDirectoryW
LoadLibraryA
LoadLibraryW
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetProcAddress

vcruntime140

__current_exception
__std_exception_copy
memset
_except_handler4_common
__std_type_info_destroy_list
_CxxThrowException
__std_exception_destroy
__CxxFrameHandler3
__std_terminate
__current_exception_context
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcsncpy

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_initialize_narrow_environment
_configure_narrow_argv
terminate
_initterm_e
_initterm
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table

Exports

Exports

PyInit_exchange

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f06062274b17a10981403a5205d3540

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

oleaut32

python311

pywintypes311

pythoncom311

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 6KB