-= Per source details. Do not edit below this line.=-
During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-11-uzip
Reasons (based on the campaign):
Downloads and executes a remote executable.
obfuscation
malware
{
"malicious-packages-origins": [
{
"sha256": "8e0dd8700d5267b8d9bbe270798b11d2250761decf1de89249eab6d90a29080c",
"id": "pypi/2025-11-uzip/gxzip",
"import_time": "2025-12-10T23:06:34.215472379Z",
"modified_time": "2025-12-10T22:53:31.008795Z",
"versions": [
"0.1.0"
],
"source": "kam193"
},
{
"sha256": "5902846f55636040def4b0a9ce433e73d8e2fb554e72ef0755be565b48bb8e82",
"id": "pypi/2025-11-uzip/gxzip",
"import_time": "2025-12-11T17:11:15.731753986Z",
"modified_time": "2025-12-10T22:53:31.008795Z",
"versions": [
"0.1.0"
],
"source": "kam193"
},
{
"sha256": "83b2de6e0a00128511adddefd2ce27fb120acb89299737126e8431d78ccdbafc",
"id": "pypi/2025-11-uzip/gxzip",
"import_time": "2026-02-26T09:49:02.312225101Z",
"modified_time": "2025-12-10T22:53:31.008795Z",
"versions": [
"0.1.0"
],
"source": "kam193"
}
],
"iocs": {
"ips": [
"77.105.161.164"
],
"urls": [
"http://77.105.161.164:3301/library",
"http://77.105.161.164:3301/die1"
]
}
}