Static task
static1
Behavioral task
behavioral1
Sample
Ovaausrdagqjmvqsegobdy.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Ovaausrdagqjmvqsegobdy.dll
Resource
win10v2004-20220414-en
General
-
Target
Ovaausrdagqjmvqsegobdy.dll
-
Size
284KB
-
MD5
c3021e309f7a9440890f511682cbcb89
-
SHA1
4e1d9e67f5576c0292141cf451986f29685ee146
-
SHA256
07120e2a381420c90943182bbb78da10c900745fd3e07822059a99f22e2f5a85
-
SHA512
f0d6135971600c97d752ed3a55158c83681b04bfea3056d72ef558aeb97aa29dbf54460b732cf4e121842dd7e09c2290e3ce7bf39c19055016a369587c0aaa6e
-
SSDEEP
6144:Wmew8hbC15Pn7pdufQoQsu8yG5gxWRV4v4MnQQ:WVqvDoQsu7GeUMnL
Malware Config
Signatures
-
Detect PureCrypter loader 1 IoCs
Processes:
resource yara_rule sample family_purecrypter -
Purecrypter family
Files
-
Ovaausrdagqjmvqsegobdy.dll.dll windows x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorDllMain
Sections
.text Size: 282KB - Virtual size: 282KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 908B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ