Behavioral task
behavioral1
Sample
77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe
Resource
win10v2004-20221111-en
General
-
Target
54b04c4846fab92642827b0d8fa86474.bin
-
Size
8KB
-
MD5
b3e24df3eaf1466e997ce050047a4281
-
SHA1
613f70f7cd87f2ba4af18ba4d541c25be567420e
-
SHA256
73d448c429921a844a556fb0d5addc6af5bab77842fddb4782cbbd18086995ec
-
SHA512
253cfd911b09f02dbe39c912f15b45ec53f22c46f9296487d0c7f8ff1af2406cbcde9afe23d20d5971bd2a3880b2acbcfc7f4fd333c2dcd2b644ff3a85b2e829
-
SSDEEP
192:L8v+erfT8YKjK+9ujd/gw3Wyk13y89hZCejEvNPnaIcN6ywkpBsqvlsm:L8vPkYKpJwmRy8z0favwk/jv2m
Malware Config
Extracted
purecrypter
https://cesarsoriano.pe/wp-content/uploads/Tfykjvlwy.dll
Signatures
-
Purecrypter family
Files
-
54b04c4846fab92642827b0d8fa86474.bin.zip
Password: infected
-
77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe.exe windows x64
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ