purecrypter | 1[.]vhd | Triage

Submit
Reports

Overview

overview

Static

static

$RECYCLE.B...3D.exe

windows7-x64

$RECYCLE.B...3D.exe

windows10-2004-x64

$RECYCLE.B...L8H.js

windows7-x64

1

$RECYCLE.B...L8H.js

windows10-2004-x64

1

$RECYCLE.B...PRW.js

windows7-x64

1

$RECYCLE.B...PRW.js

windows10-2004-x64

1

$RECYCLE.B...R2U.js

windows7-x64

1

$RECYCLE.B...R2U.js

windows10-2004-x64

1

$RECYCLE.B...3D.exe

windows7-x64

$RECYCLE.B...3D.exe

windows10-2004-x64

$RECYCLE.B...L8H.js

windows7-x64

$RECYCLE.B...L8H.js

windows10-2004-x64

$RECYCLE.B...PRW.js

windows7-x64

$RECYCLE.B...PRW.js

windows10-2004-x64

$RECYCLE.B...R2U.js

windows7-x64

$RECYCLE.B...R2U.js

windows10-2004-x64

T817630494...Pdf.js

windows7-x64

T817630494...Pdf.js

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

$RECYCLE.BIN/$I40P23D.exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

$RECYCLE.BIN/$I40P23D.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

$RECYCLE.BIN/$I4FIL8H.js

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

$RECYCLE.BIN/$I4FIL8H.js

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

$RECYCLE.BIN/$I5VEPRW.js

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

$RECYCLE.BIN/$I5VEPRW.js

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

$RECYCLE.BIN/$IMH8R2U.js

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

$RECYCLE.BIN/$IMH8R2U.js

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

$RECYCLE.BIN/$R40P23D.exe

Resource

win7-20230220-en

purecrypter downloader loader

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral10

Sample

$RECYCLE.BIN/$R40P23D.exe

Resource

win10v2004-20230221-en

purecrypter downloader loader

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral11

Sample

$RECYCLE.BIN/$R4FIL8H.js

Resource

win7-20230220-en

vjw0rm persistence trojan worm

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral12

Sample

$RECYCLE.BIN/$R4FIL8H.js

Resource

win10v2004-20230220-en

vjw0rm persistence trojan worm

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral13

Sample

$RECYCLE.BIN/$R5VEPRW.js

Resource

win7-20230220-en

vjw0rm persistence trojan worm

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral14

Sample

$RECYCLE.BIN/$R5VEPRW.js

Resource

win10v2004-20230220-en

vjw0rm persistence trojan worm

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral15

Sample

$RECYCLE.BIN/$RMH8R2U.js

Resource

win7-20230220-en

vjw0rm persistence trojan worm

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral16

Sample

$RECYCLE.BIN/$RMH8R2U.js

Resource

win10v2004-20230220-en

vjw0rm persistence trojan worm

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral17

Sample

T817630494847_Payment_receipt_Pdf.js

Resource

win7-20230220-en

vjw0rm persistence trojan worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral18

Sample

T817630494847_Payment_receipt_Pdf.js

Resource

win10v2004-20230220-en

vjw0rm persistence trojan worm

windows10-2004-x64

9 signatures

150 seconds

General

Target

1.vhd
Size

18.0MB
MD5

61d53ce85393c16893d5a20e28ba7975
SHA1

8161c028b9351c58ad9440211ce436693027cb7e
SHA256

b1c0b2b8c165b4144be04ac5138af82825f61f4928a4ddf8b9db44f3a2ba1e0d
SHA512

42eb47aba31bc3da5eae9b892bb85398a91ba163d9eeaf21719be9013c2012afb8443e699b673d113ab55194c9352747de40181b78e77f90227f105821ade7fb
SSDEEP

768:qyDRGOd/DFZhnkURGOd/DFZhnkJpbqA4mWp+qY5YP6NZcmXpgF6TG9TK7egGhHzl:qyDRGgV9RGgVMpbK6k64hHzr8eCdn19

Score

10^/10

purecrypter

Malware Config

Extracted

Family

purecrypter

C2

https://ashaambulanceservice.com/Vuzbri.bmp

Signatures

Purecrypter family
purecrypter

Files

1.vhd
.vhd
out.vhd
.vhd
$RECYCLE.BIN/$I40P23D.exe
$RECYCLE.BIN/$I4FIL8H.js
$RECYCLE.BIN/$I5VEPRW.js
$RECYCLE.BIN/$IMH8R2U.js
$RECYCLE.BIN/$R40P23D.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$RECYCLE.BIN/$R4FIL8H.js
.js
$RECYCLE.BIN/$R5VEPRW.js
.js
$RECYCLE.BIN/$RMH8R2U.js
.js
$RECYCLE.BIN/desktop.ini
System Volume Information/WPSettings.dat
T817630494847_Payment_receipt_Pdf.js
.js

© 2018-2025

Terms | Privacy