{"id":"MAL-2025-4232","summary":"Malicious code in pyinitialyze (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (17fb73bd9014366b80018d085cf68a67535ca979bd2ddd14c82ef27ec1309a61)\nFile is designed to download, hide under system-like name, and run a remote executable, widely identified as malicious.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-05-pyiniter\n\n\nReasons (based on the campaign):\n\n\n - infostealer\n\n\n - Downloads and executes a remote executable.\n","modified":"2026-04-16T15:58:30.841798Z","published":"2025-05-09T20:14:13Z","database_specific":{"malicious-packages-origins":[{"sha256":"90d7519f9156ff149d0fa94da1e85d50c27a9a0bbcf946f2263ac6d25917efa2","versions":["0.1.0","0.1.1","0.1.3"],"import_time":"2025-05-22T14:06:36.975675008Z","id":"RLMA-2025-02589","source":"reversing-labs","modified_time":"2025-05-22T12:33:42Z"},{"sha256":"1621d6c55a74c36518d747769d09d6d528e25e7f4e2b634dce25ba051f9710a0","import_time":"2025-12-02T22:30:55.471361312Z","source":"kam193","id":"pypi/2025-05-pyiniter/pyinitialyze","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2025-05-09T20:14:13Z"},{"sha256":"17fb73bd9014366b80018d085cf68a67535ca979bd2ddd14c82ef27ec1309a61","import_time":"2025-12-02T23:07:18.496296562Z","source":"kam193","id":"pypi/2025-05-pyiniter/pyinitialyze","ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"modified_time":"2025-05-09T20:14:13Z"},{"sha256":"c1adbe26b4a61a20ca23151d41cba3d3b3d9ccb5b3326f1a83338c186f01fa79","versions":["0.1.0","0.1.1","0.1.2","0.1.3"],"import_time":"2025-12-10T21:38:57.710360163Z","id":"pypi/2025-05-pyiniter/pyinitialyze","source":"kam193","modified_time":"2025-05-09T20:14:13Z"},{"sha256":"fb0b479e81e25c9facc45612554f1b56627b7cc45600f15858e97111b29ca2ff","import_time":"2026-03-19T12:20:15.999927823Z","id":"RLUA-2026-00637","source":"reversing-labs","modified_time":"2026-03-18T12:17:30Z"},{"sha256":"996fb96ad0af494f7650b47003f014cc1e71b7d0c2fb3271964e1ba33e8fa1d5","versions":["0.1.2"],"import_time":"2026-04-16T15:39:35.954924524Z","id":"RLUA-2026-02076","source":"reversing-labs","modified_time":"2026-04-16T10:27:34Z"}],"iocs":{"urls":["https://raw.githubusercontent.com/Sierftgddfgrth/win32dll/main/win32dll.exe"]}},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/fbb53fbf45d3ec579d4273ae95e8c833f12d66a2111633d65edb1e42513addc6"},{"type":"WEB","url":"https://www.virustotal.com/gui/file-analysis/M2YwMDg3ZDUyOWFlZjIxY2RlMTE2ODQwMmJmMmU2MDE6MTc0ODU2MTExMQ=="},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/pyinitialyze"}],"affected":[{"package":{"name":"pyinitialyze","ecosystem":"PyPI","purl":"pkg:pypi/pyinitialyze"},"versions":["0.1.0","0.1.1","0.1.3","0.1.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pyinitialyze/MAL-2025-4232.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}