pseudomanuscrypt | 19627bcee38a4ca5ae9a60c71ee7a2e388ba99fb8b229700a964a084db236e1f | Triage

Sharing

General

Target

19627bcee38a4ca5ae9a60c71ee7a2e388ba99fb8b229700a964a084db236e1f
Size

5KB
MD5

5dc7fbf2141f7dfe5215c94895bf959c
SHA1

8c2c70cc5a919de769b315cacd33fa69da2ef25f
SHA256

19627bcee38a4ca5ae9a60c71ee7a2e388ba99fb8b229700a964a084db236e1f
SHA512

d3ff6f0b72edff24bd1631e5e52c8661e93662b7a940efef2cb0f491221e75fa4f7f89ba70985a21f32e4b259f4f4b96ebc3a39a28c583d47d60fd8d524dee44
SSDEEP

48:SoUooXZmHd2VTw7C+crl4P3H5QPqhBGNlRAlrCXlFoZWhtU775WA8mRuqSI:SgEwe+ch4/AElrskWo7dWCxP

Score

10^/10

loader pseudomanuscrypt

Malware Config

Signatures

Detect PseudoManuscrypt loader dropped by the installer 1 IoCs

Processes:

resource	yara_rule
sample	family_pseudomanuscrypt

Pseudomanuscrypt family
pseudomanuscrypt

Files

19627bcee38a4ca5ae9a60c71ee7a2e388ba99fb8b229700a964a084db236e1f
.dll windows x86

e9fb8f93b76e747125b013f7a11b7489

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetLastError

user32

wsprintfA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerW

Exports

Exports

ServiceMain

Sections

.text
Size: 1024B - Virtual size: 945B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 786B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ