Sample details: f1134b690b2dc0e6aa0f31be1ed9b05f --

Hashes
MD5: f1134b690b2dc0e6aa0f31be1ed9b05f
SHA1: 9c27067c0070b9d9366da78c3d241b01ba1fa4ee
SHA256: 030bf1aaff316dfbb1b424d91b1340b331c2e38f3e874ae532284c6170d93e7e
SSDEEP: 1536:O29lf73SQlbxB7TnaiNpT14J6UJWLC0WZHRI3DMzFk9R/Ec+CzzdcXdN:N/ziAtUiNpJ4J6UJWLC0WEzMi/P+Cfd2
Details
File Type: PE32
Yara Hits
YRP/Visual_Cpp_2005_DLL_Microsoft | YRP/Visual_Cpp_2003_DLL_Microsoft | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/contentis_base64 | YRP/anti_dbg |
Parent Files
fb1a2d0db81979e09128630bc2c82c53
Source
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
L$Dh  
T$Dh8 
D$Dh8 
								
							
								
RPQSVh
PQVhH%
#D$ #T$$
Create and manipulate C compatible data types in Python.
_ctypes._Pointer
the object this pointer points to (read-write)
contents
_ctypes._SimpleCData
current value
_ctypes.Array
Union base class
_ctypes.Union
Structure base class
_ctypes.Structure
Function Pointer
_ctypes.PyCFuncPtr
specify the argument types
argtypes
specify the result type
restype
a function to check for errors
errcheck
XXX to be provided
_ctypes._CData
__setstate__
__reduce__
__ctypes_from_outparam__
internal objects tree (NEVER CHANGE THIS OBJECT!)
_objects
whether the object owns the memory or not
_b_needsfree_
the base object
_b_base_
metatype for C function pointers
_ctypes.PyCFuncPtrType
metatype for the PyCSimpleType Objects
_ctypes.PyCSimpleType
cbBhHiIlLdfuzZqQPXOv?g
metatype for the Array Objects
_ctypes.PyCArrayType
string value
metatype for the Pointer Objects
_ctypes.PyCPointerType
set_type
_ctypes.UnionType
metatype for the CData Objects
_ctypes.PyCStructType
in_dll
from_buffer_copy
from_buffer
from_address
from_param
deletes a key from a dictionary
_ctypes.DictRemover
_abstract_
_fields_
integer expected
abstract class
O|n:from_buffer
offset cannot be negative
Buffer size too small (%zd instead of at least %zd bytes)
O|n:from_buffer_copy
Os:in_dll
_handle
the _handle attribute of the second argument must be an integer
could not convert the _handle attribute to a pointer
symbol '%s' not found
expected %s instance instead of pointer to %s
_as_parameter_
expected %s instance instead of %s
Array length must be >= 0, not %zd
_type_ must be a type
_type_ must have storage info
_type_
string too long
can't delete attribute
string expected instead of %s instance
unicode string expected instead of %s instance
_length_
class must define a '_length_' attribute, which must be a positive integer
class must define a '_type_' attribute
array too large
wrong type
class must define a '_type_' string attribute
class must define a '_type_' attribute which must be a string of length 1
class must define a '_type_' attribute which must be
a single character string containing one of '%s'.
_type_ '%s' not supported
__ctype_be__
__ctype_le__
while processing _as_parameter_
_argtypes_ must be a sequence of types
item %zd in _argtypes_ has no from_param method
_flags_
class must define _flags_ which must be an integer
_argtypes_
_restype_
_restype_ must be a type, a callable, or None
_check_retval_
ctypes object structure too deep
unhashable type
ctypes objects containing pointers cannot be pickled
__dict__
O(O(NN))
expected %s instance, got %s
incompatible types, %s instance instead of %s instance
not a ctype instance
the errcheck attribute must be callable
restype must be a type, a callable, or None
_%s@%d
'out' parameter %d must be a pointer type, not %s
paramflags must be a tuple or None
paramflags must have the same length as argtypes
paramflags must be a sequence of (int [,string [,value]]) tuples
paramflag value %d not supported
function name must be string or integer
function '%s' not found
function ordinal %d not found
is|Oz#
argument must be callable or integer function address
cannot construct instance of this class: no argtypes
expected CData instance
required argument '%s' missing
not enough arguments
NULL stgdict unexpected
%s 'out' parameter must be passed as default value
paramflag %d not yet implemented
call takes exactly %d arguments (%zd given)
native com method call without 'this' parameter
Expected a COM this pointer as first argument
NULL COM pointer access
COM method call without VTable
this function takes at least %d argument%s (%d given)
this function takes %d argument%s (%d given)
<COM method offset %d: %s at %p>
<%s object at %p>
duplicate values for field '%s'
args not a tuple?
too many initializers
invalid index
indices must be integers
Array does not support item deletion
Can only assign sequence of same size
indices must be integer
Expected a type object
%.200s_Array_%ld
s(O){s:n,s:O}
__init__
%s(%r)
NULL pointer access
Pointer does not support item deletion
expected %s instead of %s
POINTER
Cannot create instance: has no _type_
slice step cannot be zero
slice start is required for step < 0
slice stop is required
Pointer indices must be integer
OOOO:COMError
hresult
details
__doc__
_ctypes.COMError
sPzUZXO
cast() argument 2 must be a pointer type, not %s
_ctypes
_pointer_type_cache
_unpickle
Structure
_Pointer
_SimpleCData
CFuncPtr
COMError
FUNCFLAG_HRESULT
FUNCFLAG_STDCALL
FUNCFLAG_CDECL
FUNCFLAG_USE_ERRNO
FUNCFLAG_USE_LASTERROR
FUNCFLAG_PYTHONAPI
__version__
_memmove_addr
_memset_addr
_string_at_addr
_cast_addr
_wstring_at_addr
RTLD_LOCAL
RTLD_GLOBAL
ctypes.ArgumentError
ArgumentError
CThunkObject
_ctypes.CThunkObject
stderr
_needs_com_addref_
BUG: PySequence_Length
PyTuple_New()
Getting argument converter %d
create argument %d:
unexpected result of create argument %d:
cannot build parameter
Parsing argument %d
_ctypes/callbacks.c
'calling callback function'
'converting callback result'
memory leak in callback function.
invalid result type for callback function
ffi_prep_cif failed with %d
ffi_prep_closure failed with %d
_ctypes.DllGetClassObject
ctypes
DllGetClassObject
_ctypes.DllCanUnloadNow
DllCanUnloadNow
Py_DECREF
Py_INCREF
PyObj_FromPtr
call_cdeclfunction
call_function
addressof
sizeof
alignment
_check_HRESULT
call_commethod
FreeLibrary
LoadLibrary
FormatError
CopyComPointer
set_last_error
get_last_error
set_conversion_mode
Resize the memory buffer of a ctypes instance
resize
Return buffer interface information (for testing only)
_buffer_info
pointer
set_errno
get_errno
CArgObject
the wrapped object
_ctypes/callproc.c error object
cannot get thread state
ctypes.error_object
ctypes.error_object is an invalid capsule
exception: access violation reading %p
exception: access violation writing %p
exception: breakpoint encountered
exception: datatype misalignment
exception: single step
exception: array bounds exceeded
exception: floating-point operand denormal
exception: float divide by zero
exception: float inexact
exception: float invalid operation
exception: float overflow
exception: stack over/underflow
exception: stack overflow
exception: float underflow
exception: integer divide by zero
exception: integer overflow
exception: priviledged instruction
exception: nocontinuable
<cparam '%c' (%d)>
<cparam '%c' (%ld)>
<cparam '%c' (%I64d)>
<cparam '%c' (%f)>
<cparam '%c' (%c)>
<cparam '%c' (%p)>
<cparam '%c' at %p>
long int too long to convert
Don't know how to convert parameter %d
No ffi_type for result
ffi_prep_cif failed
Procedure called with not enough arguments (%d bytes missing) or wrong calling convention
Procedure probably called with not enough arguments (%d bytes missing)
Procedure probably called with too many arguments (%d bytes in excess)
_ctypes/callproc.c
GetResult
is(uuuiu)
argument %d: 
|i:FormatError
<no description>
O|O:LoadLibrary
O&:FreeLibrary
OiO!|O!
Method takes %d arguments (%d given)
COM Pointer expected instead of %s instance
The COM 'this' pointer is NULL
OO:CopyComPointer
this type has no size
no alignment info
byref() argument must be a ctypes instance, not '%s'
invalid type
O&:PyObj_FromPtr
zs:set_conversion_mode
On:resize
excepted ctypes instance
minimum size is %zd
Memory cannot be resized because this object doesn't own it
__new__
s(O){}
s(O){sO}
must be a ctypes type
not a ctypes type or object
Structure/Union member
_ctypes.CField
size in bytes of this field
offset in bytes of this field
offset
has no _stginfo_
<Field type=%s, ofs=%zd:%zd, bits=%zd>
<Field type=%s, ofs=%zd, size=%zd>
int expected instead of float
PyObject is NULL
one character string expected
one character unicode string expected
string too long (%zd, maximum length %zd)
string or integer address expected instead of %s instance
invalid string pointer %p
unicode string or integer address expected instead of %s instance
String too long for BSTR
cannot be converted to pointer
FFI BUG: not enough stack space for arguments
FFI_TRAMPOLINE_SIZE too small in ..\Modules\_ctypes\libffi_msvc\ffi.c
StgDict
_fields_ must be a sequence
unexpected type
_anonymous_
_anonymous_ must be a sequence
_swappedbytes_
_use_broken_old_ctypes_structure_semantics_
_pack_
_pack_ must be a non-negative integer
'_fields_' must be a sequence of pairs
_fields_ is final
second item in _fields_ tuple (index %zd) must be a C type
bit fields not allowed for type %s
number of bits invalid for bit field
structure field name must be string not %s
%s:%s:
Structure or union cannot contain itself
C:\build27\cpython\PCBuild\_ctypes.pdb
GetProcAddress
GetLastError
SetLastError
DisableThreadLibraryCalls
FreeLibrary
FormatMessageA
LoadLibraryA
LocalFree
IsBadStringPtrW
IsBadStringPtrA
VirtualAlloc
GetSystemInfo
KERNEL32.dll
ProgIDFromCLSID
ole32.dll
OLEAUT32.dll
PyString_FromString
PyInt_FromSsize_t
_Py_CheckRecursionLimit
PyInt_AsUnsignedLongMask
PySequence_Tuple
PyUnicodeUCS2_FromUnicode
PySequence_Size
PyCallable_Check
PyDict_Next
PyTuple_New
PyLong_AsVoidPtr
PyDict_New
PyUnicodeUCS2_FromEncodedObject
PyString_Concat
PyString_FromFormat
PyObject_CallObject
PyInt_FromLong
PyDict_Update
PyBuffer_Release
PyUnicodeUCS2_FromWideChar
_PySlice_AdjustIndices
PyString_FromStringAndSize
PyTuple_GetSlice
PyDict_GetItem
PyDict_DelItem
PyBuffer_Type
PyString_AsString
PyObject_GenericSetAttr
PyObject_AsReadBuffer
_PyThreadState_Current
PyUnicodeUCS2_AsEncodedString
PyErr_NoMemory
PyObject_GetBuffer
PyString_InternFromString
PyType_Ready
PySlice_Type
PyExc_AttributeError
PySequence_SetItem
PyDict_SetItem
_PyWeakref_ProxyType
PyObject_SetAttrString
PyExc_OverflowError
_PyObject_CallFunction_SizeT
PyObject_AsWriteBuffer
PyObject_CallFunctionObjArgs
_PyArg_ParseTuple_SizeT
_Py_NoneStruct
PyMem_Free
PyErr_WriteUnraisable
PyNumber_AsSsize_t
PyString_Format
PyTuple_GetItem
PyExc_ValueError
PyErr_Occurred
_Py_CheckRecursiveCall
PyDict_GetItemString
PyObject_SetAttr
PyObject_IsSubclass
PyErr_SetString
PyDescr_NewClassMethod
PySequence_GetItem
PyType_IsSubtype
_Py_BuildValue_SizeT
PyErr_NewException
PyUnicodeUCS2_AsWideChar
PyCFunction_NewEx
PyTuple_Pack
_PyObject_CallMethod_SizeT
PyWeakref_NewProxy
_PyWeakref_CallableProxyType
PyType_Type
PyModule_AddStringConstant
PyErr_Clear
PyObject_IsInstance
PyEval_InitThreads
PyMethod_New
PyList_New
PyType_GenericNew
PySequence_GetSlice
PyExc_RuntimeError
PyMem_Malloc
PyErr_Format
PyModule_AddObject
PyExc_TypeError
PyLong_FromVoidPtr
PyDict_SetItemString
PyExc_IndexError
PyObject_GetAttrString
PyDescr_NewGetSet
_PySlice_Unpack
PyDict_Size
Py_InitModule4
PyArg_UnpackTuple
PyDict_Type
PySys_GetObject
PyFile_WriteString
PyGILState_Release
PyInt_AsLong
Py_Initialize
PyObject_GC_Del
PyCode_NewEmpty
PyFrame_New
PyObject_CallFunction
Py_IsInitialized
PyThreadState_Get
PyExc_RuntimeWarning
PyTraceBack_Here
PyObject_GC_Track
PyErr_Print
PyObject_GC_UnTrack
PyImport_ImportModuleNoBlock
PyGILState_Ensure
_PyObject_GC_NewVar
PyErr_WarnEx
_PyObject_New
PyObject_Str
PyCapsule_IsValid
PyErr_SetFromWindowsErr
Py_BuildValue
PyLong_FromSsize_t
PyTuple_Type
PyCapsule_New
PyErr_SetObject
PyEval_RestoreThread
PyEval_SaveThread
PyArg_ParseTuple
PyObject_Free
PyObject_CallMethod
PyLong_AsUnsignedLong
PyLong_AsLong
PyMem_Realloc
PyThreadState_GetDict
PyCapsule_GetPointer
PyErr_NormalizeException
PyString_ConcatAndDel
PyString_FromFormatV
PyString_Type
PyExc_WindowsError
PyErr_Fetch
PyFloat_FromDouble
_PyFloat_Pack8
PyInt_AsUnsignedLongLongMask
PyLong_FromUnsignedLong
_PyFloat_Unpack4
PyFloat_Type
PyLong_FromLongLong
_PyFloat_Unpack8
PyBool_FromLong
_PyFloat_Pack4
_PyString_Resize
PyString_Size
PyFloat_AsDouble
PyObject_IsTrue
PyLong_FromUnsignedLongLong
Py_FatalError
_PyInt_AsInt
PySequence_Fast
PyTuple_Size
PyObject_HasAttrString
PyObject_GetAttr
python27.dll
sprintf
memmove
strchr
memset
_errno
_vsnprintf
isspace
MSVCR90.dll
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
_except_handler4_common
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
memcpy
_ctypes.pyd
DllCanUnloadNow
DllGetClassObject
init_ctypes
CopyComPointer(src, dst) -> HRESULT value
FormatError([integer]) -> string
Convert a win32 error code into a string. If the error code is not
given, the return value of a call to GetLastError() is used.
LoadLibrary(name) -> handle
Load an executable (usually a DLL), and return a handle to it.
The handle may be used to locate exported functions in this
module.
FreeLibrary(handle) -> void
Free the handle of an executable previously loaded by LoadLibrary.
sizeof(C type) -> integer
sizeof(C instance) -> integer
Return the size in bytes of a C instance
alignment(C type) -> integer
alignment(C instance) -> integer
Return the alignment requirements of a C instance
byref(C instance[, offset=0]) -> byref-object
Return a pointer lookalike to a C instance, only usable
as function argument
addressof(C instance) -> integer
Return the address of the C instance internal buffer
set_conversion_mode(encoding, errors) -> (previous-encoding, previous-errors)
Set the encoding and error handling ctypes uses when converting
between unicode and strings.  Returns the previous values.
C.from_address(integer) -> C instance
access a C instance at the specified address
C.from_buffer(object, offset=0) -> C instance
create a C instance from a writeable buffer
C.from_buffer_copy(object, offset=0) -> C instance
create a C instance from a readable buffer
C.in_dll(dll, name) -> C instance
access a C instance in a dll
Convert a Python object into a function call parameter.
Raised when a COM method call failed.
3P3t3z3
4H5O5~5
6d6l6s6z6
8<8C8J8
8 9<9F9M9T9j9v9~9
:$:N:T:`:g:v:}:
<6=>=E=L=
>*>S>^>j>y>
0)0]0s0
2F2l2s2z2
42494@4T4
4$5*5P5
7"7)7r7x7
7"8=8D8\8z8
9D9^9s9
9!:d:s:
;3;T;[;
;$<3<U<z<
=2===S=d=o=
=0>7>>>\>
?#?+?;?
2 2'2J2R2Y2h2n2
5H5O5V5
616>6F6
777>7E7m7
7K8T8[8s8
839E9W9d9k9r9
:':-:F:L:j:
:g;s;z;
;	</<R<l<s<z<
>1?8???p?
0=0B0I0V0x0
0&1.151<1
2T2[2b2v2
203=3H3
4#4;4B4W4g4
475<5E5h5
6!6(6/6
:0:<:M:
<D<K<R<e<l<s<
=,=:=R=a=x=}=
>6>@>G>N>
2'2-2P2
5!5(5N5V5p5y5
8!858<8C8P8W8^8
9(90989?9Q9X9_9
9]<c<q<w<
<)===D=
=^>k>p>v>~>
> ?'?.?Y?f?
1;1D1d1q1
2"252^2w2
303@3O3u3~3
4>5E5L5o5v5}5
6o6v6}6
757]7l7s7z7
7*858>8C8`8
9T9[9a9g9l9x9}9
9@:P:W:^:
;?;F;M;`;
;@<L<R<^<f<l<t<
<%=-=`=g=n=
>2>9>@>X>
?L?S?Z?
011]1f1
152?2O2o2
3!313>3E3L3S3e3o3
4 4Q4Z4k4
5h5o5v5
646J6`6x6
73797H7O7r7x7
8@8F8g8n8u8
9-969K9
:&:,:4:;:C:R:W:i:{:
;+;0;5;G;Y;_;c;i;m;
<+<0<5<=<C<G<M<Q<d<i<n<v<|<
= =0===J=R=W=^=c=j=p={=
1V1j1q1x1
3&3-333C3a3t3y3
4*4A4T4]4d4v4
5"6+6[6
7*72797\7c7j7
848=8D8\8
: :(:.:4:C:P:W:v:
:4;D;a;w;~;
<!<2<9<P<`<e<q<
0)00070@0G0N0X0_0f0p0w0~0
1#1-141;1F1L1P1T1X1\1`1d1h1l1p1t1x1|1
4$4+4;4L4Z4e4s4
5H5m5y5
6;6R6Y6
707Y7^7g7
7	8&808
9$9-9J9O9X9x9~9
9$:.:5:a:
;3;E;N;W;];p;
<$=8=_=e=t=|=
?#?*?=?D?X?_?
0I1l1z1
2	2 2.282?2L2R2l2q2x2
3 333=3D3b3j3q3
5)5.555
5)686S6b6m6t6{6
7 70767Y7
8;9D9_9e9n9u9
:":):0:G:N:b:
;%;*;?;D;
<0=7=>=U=d=u=
><>T>w>~>
>0?j?q?x?
0C0J0Q0w0
1$2(2,202X2_2f2
4%454I4P4W4u4
5+52595R5e5s5
6#646;6y6
=)=@=G=T=[=|=
8!:(:z:e;
<%<7<T<[<
=$=:=C=V=m=t=
>.>8>?>F>
?/?7?>?c?j?q?
0[0a0j0
1D1V1y1
2%2.2O2W2^2l2v2
3!3*3K3S3Z3t3~3
4$4-4Q4x4
5#5*515@5K5^5e5}5
64787<7@7g7
759B9Z9
:2:9:D:R:c:
<+<5=O=t=
?N?U?l?s?
0"1)101
3#3.383K3[3
6H6l6s6
7J7Q7X7
<$<*<0<6<<<B<H<N<T<Z<`<f<l<r<x<~<
= =&=,=2=8=>=D=J=P=V=\=b=h=n=t=z=
>">(>.>4>:>@>F>L>R>X>^>d>j>p>v>|>
?$?*?0?6?<?B?H?N?T?Z?`?f?l?r?x?~?
040<0F0Q0g0p0
1	1 1&1G1L1]1u1
2#2(2/2<2M2j2w2
4 4)444@4E4U4Z4`4f4|4
5U5Z5{5
5X6]6o6
7"7)7F7
8+838>8D8J8P8V8\8b8h8n8t8z8
9P:X:\:x:
1(1<1h1l1p1
1t2x2|2
3 3$3(3,34383<3@3D3L3P3T3X3\3d3h3l3p3t3|3
4$4(4,4<4@4D4T4X4\4l4p4t4
:(:,:8:<:H:L:X:\:h:l:t:x:|:
;$;(;,;4;8;<;D;H;L;T;X;\;h;l;x;|;
? ?$?,?0?4?<?@?D?L?P?T?\?x?
040\0`0d0t0
10181<1D1H1L1T1X1\1d1h1l1t1x1|1
2D2l2p2t2x2
343\3`3l3p3|3
3$4H4d4
646@6d6x6
7 7$7h7
8 80888<8@8\8|8
9<9D9|9
:4:@:D:H:L:l:
:$;(;,;0;L;P;
<<<@<`<h<l<p<
> >$>(>D>\>d>