Behavioral task
behavioral1
Sample
e18cf6502122b168dac6c932cd89739e313154ee9b73d6ddd692d4ad990aceb0.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e18cf6502122b168dac6c932cd89739e313154ee9b73d6ddd692d4ad990aceb0.exe
Resource
win10v2004-20230221-en
General
-
Target
30b5426ee9183f43fba9a8a6b6b32b97.bin
-
Size
4KB
-
MD5
b3117d6b0e4592594f22b657cb39e57d
-
SHA1
f54ccb7f2c0960c9b5d53ca9aed70f9a5ddcc85f
-
SHA256
a246944ad40dad648015a99a9723d74bf07149de87491f1c5209ba086f676003
-
SHA512
356ac13493b6165a1789a8070c4c63560ba36b01c3907f650c3ab55a05b0107cdbd7ee780339516a99dfac74d1c4e7395409669e27f165461048ec27acf4db3b
-
SSDEEP
96:ilK4eFpoFhgBp4C//vHLfwOE49QkzpLOzm+rkua2znKLd:R4eFpoJQ//LVDzpLGm+riOna
Malware Config
Extracted
purecrypter
http://argentum.com.br/well-known/acme-challenge/k/h/d/g/Pjogwzrhh.bmp
Signatures
-
Purecrypter family
Files
-
30b5426ee9183f43fba9a8a6b6b32b97.bin.zip
Password: infected
-
e18cf6502122b168dac6c932cd89739e313154ee9b73d6ddd692d4ad990aceb0.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ