purecrypter | Kyqgdpoq[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Kyqgdpoq.dat
Size

2.5MB
MD5

b9a81f6e2df1eaeb1ccd6942da87bc9b
SHA1

6a2904bdfbe1d231ae062c6b51c370401c528e53
SHA256

f9cf73b5f9098e517cb8ef58cacda15db65163b0152af41e5c15e31d53b98bc3
SHA512

16d743f911e8c1b761fafbe7c8484138a65ab5f3242833842d2e3972c158c250171f333d00afbede0960ccc14bc7f45c8538f8de088391e249804850aaf5e6ba
SSDEEP

24576:FyFE8jvnr5f1r44VJI8QzMr7PS5xu0YdP6SZ26md82c/tQfYBAqFlsxWLYkIGLUg:0vf1NJI8QMf6K0Y16f7GtQoGxAJhEG

Score

10^/10

loader purecrypter

Malware Config

Signatures

Detect PureCrypter injector 1 IoCs

resource	yara_rule
sample	family_purecrypter

Purecrypter family
purecrypter

Files

Kyqgdpoq.dat
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ