-= Per source details. Do not edit below this line.=-
File is designed to download, hide under system-like name, and run a remote executable, widely identified as malicious.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-05-pyiniter
Reasons (based on the campaign):
infostealer
Downloads and executes a remote executable.
{
"iocs": {
"urls": [
"https://raw.githubusercontent.com/Sierftgddfgrth/win32dll/main/win32dll.exe"
]
},
"malicious-packages-origins": [
{
"id": "pypi/2025-05-pyiniter/pyinite",
"modified_time": "2025-05-09T20:14:13Z",
"import_time": "2025-12-02T22:30:55.469671356Z",
"sha256": "a8af051de51bb2f1de27a6efc1c2eceb6176a1df26e1cddf6de17312a90e9cf8",
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
],
"source": "kam193"
},
{
"id": "pypi/2025-05-pyiniter/pyinite",
"modified_time": "2025-05-09T20:14:13Z",
"import_time": "2025-12-02T23:07:18.494564429Z",
"sha256": "7ed8f43159750189f4cea17185b5ee087dda83db8574bf258010068c524fc723",
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
],
"source": "kam193"
},
{
"versions": [
"0.1.4",
"0.1.5",
"0.1.6",
"0.1.7",
"0.1.8",
"0.1.9"
],
"id": "pypi/2025-05-pyiniter/pyinite",
"modified_time": "2025-05-09T20:14:13Z",
"import_time": "2025-12-10T21:38:57.708740754Z",
"sha256": "2cd19720780eef05ac60ba717973c42bc1761c875e091e93d1ccab65b37527ff",
"source": "kam193"
}
]
}