446964ba6e8e320a12342d8106fdd1548bbf8cc52b3beae8380110a23bece2d1

Sharing

Copy URL Twitter E-mail

General

Target

446964ba6e8e320a12342d8106fdd1548bbf8cc52b3beae8380110a23bece2d1
Size

72KB
MD5

5ad55bea8af2b1a56ee553f29629d8c8
SHA1

ccdcc1bd54c169356781095366b6a049752e9a9c
SHA256

446964ba6e8e320a12342d8106fdd1548bbf8cc52b3beae8380110a23bece2d1
SHA512

3c1e4adc16933318950380c4fa6240493a36126cbf3630f57ca9ec309811ae29e879894efd0ad260978c6cea9d1efd4ce435aa3e9ecbf0bf42747de7731be1d7
SSDEEP

1536:QJS9bHzHx7ilKKT0V7UA//ylsz9/s+7+pNqJyXxRjDYTqq0IiIdLwI:Q89bHzUKKToUSCsz9/se+pNzxRPYW3Ie

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
446964ba6e8e320a12342d8106fdd1548bbf8cc52b3beae8380110a23bece2d1

Files

446964ba6e8e320a12342d8106fdd1548bbf8cc52b3beae8380110a23bece2d1
.dll .js windows:6 windows x64 arch:x64 polyglot

79566f13b9ae42d1d697a9e3ccae9b11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\bld\python-split_1686898610057\work\PCbuild\amd64\_socket.pdb

Imports

ws2_32

accept
WSACleanup
setsockopt
WSAIoctl
closesocket
gethostbyname
select
ntohl
WSADuplicateSocketW
shutdown
listen
WSASetLastError
WSASocketW
inet_pton
getaddrinfo
WSAStartup
getpeername
getnameinfo
inet_addr
getsockname
gethostbyaddr
getprotobyname
getservbyport
send
socket
ntohs
connect
inet_ntoa
getservbyname
recvfrom
recv
getsockopt
htonl
inet_ntop
htons
ioctlsocket
sendto
freeaddrinfo
bind
WSAGetLastError

iphlpapi

ConvertInterfaceLuidToNameW
GetIfTable2Ex
if_nametoindex
if_indextoname
FreeMibTable

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
VerifyVersionInfoA
GetComputerNameExW
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
GetLastError
SetHandleInformation

python38

_PyTime_AsSecondsDouble
PyErr_SetFromErrno
PyType_IsSubtype
PyErr_Restore
PyExc_OverflowError
_Py_Dealloc
_PyTime_FromSeconds
PyModule_GetDict
PyObject_Free
PyErr_ExceptionMatches
PyThread_release_lock
PyModule_AddObject
_PyArg_ParseTuple_SizeT
PyErr_Fetch
PyLong_AsLong
_PyBytes_Resize
PyUnicode_AsUTF8
PyUnicode_FromFormat
PySys_Audit
PyList_New
PyModule_Create2
PyErr_NewException
PyErr_Clear
PyList_Append
PyTuple_Size
PyUnicode_FSConverter
PyCapsule_New
PyBytes_Size
_PyTime_AsTimeval_noraise
PyObject_CallFinalizerFromDealloc
PyMem_Free
PyType_GenericAlloc
PyErr_NoMemory
PyDict_GetItemString
PyExc_OSError
PyErr_CheckSignals
PyBytes_FromStringAndSize
PyByteArray_Size
PyExc_TypeError
PyTuple_Pack
_PyUnicode_Ready
PyMem_Malloc
_PyLong_AsInt
PyExc_ImportError
_Py_TrueStruct
PyDict_DelItemString
PyUnicode_FromString
PyErr_SetExcFromWindowsErr
PyBuffer_Release
PyByteArray_Type
Py_AtExit
PyType_Type
_PyTime_AsTimeval
PyEval_RestoreThread
PyErr_ResourceWarning
PyFloat_Type
_Py_FalseStruct
PyErr_Format
_PyArg_ParseTupleAndKeywords_SizeT
PyLong_FromUnsignedLong
PyExc_ValueError
PyErr_WriteUnraisable
PyErr_SetString
PyUnicode_FromWideChar
PyByteArray_AsString
PyUnicode_New
PyFloat_FromDouble
_PyTime_GetMonotonicClock
PyThread_acquire_lock
PyLong_FromLongLong
PyLong_AsLongLong
_Py_NoneStruct
PyUnicode_DecodeMBCS
PyThread_allocate_lock
PyErr_SetFromWindowsErr
PyLong_FromLong
PyEval_SaveThread
PyObject_GenericGetAttr
PyLong_FromSsize_t
PyExc_Warning
PyErr_Occurred
PyBytes_AsString
PyExc_DeprecationWarning
PyErr_WarnEx
PyModule_AddIntConstant
PyLong_AsUnsignedLong
_Py_BuildValue_SizeT
PyUnicode_DecodeFSDefault
_PyTime_AsMilliseconds
PyErr_SetObject
_PyTime_FromSecondsObject
PyOS_snprintf
PyUnicode_AsEncodedString
PyLong_Type

vcruntime140

memset
memcpy
__current_exception
__std_type_info_destroy_list
__C_specific_handler
__current_exception_context
strchr

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_execute_onexit_table
_initterm
_errno
_crt_at_quick_exit
_cexit
terminate
_initterm_e
_crt_atexit

api-ms-win-crt-string-l1-1-0

strcmp

Exports

Exports

PyInit__socket

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79566f13b9ae42d1d697a9e3ccae9b11

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

iphlpapi

kernel32

python38

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 440B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 440B