Extracted

• • Target

    OfficeVerifySign.exe

  • Size

    1.5MB

  • MD5

    65d160b89f6f563bca60461adc71f979

  • SHA1

    a61e74e58d3c5eee4a127dd108cff9dbbcfc8ef1

  • SHA256

    3abed86f46c8be754239f8c878f035efaae91c33b8eb8818c5bbed98c4d9a3ac

  • SHA512

    d7dc4a53fda4880ee689e1e39129af4100f9a877a4ebb8f9915554c7739a956011338bcd7a43726261f0041f1a5976ffc044475e7ceb9b08073cd037bc59a88d

  Score

  10^/10

  rustybuerloader

  • RustyBuer

    RustyBuer is a new variant of Buer loader written in Rust.

    loaderrustybuer

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2