purecrypter | Remittance pos[.]invioce[.]img | Triage

Sharing

General

Target

Remittance pos.invioce.img
Size

58KB
MD5

e62321b20f052583be4d8f34fb979527
SHA1

ea0e4804b69713c65dcd2427867a8b5d5ab150eb
SHA256

ce7c3c09794ee39a804fc03c191aecbc30c6d96cdf8a87cad9d92a06a118883f
SHA512

f9e288d177eed2dac3f5af1129afcabc6458d9e1a8dc7de73e89f5de14b100274e5dfecdf62cf79a2a0dfeb492820ceda68a040a3db38630eecc38231a982a1d
SSDEEP

384:bdqwRdqw4kfwLZLbqLFr7dNET+t3S8qA:b4wR4wGdb2ZEanqA

Score

10^/10

purecrypter

Malware Config

Extracted

Family

purecrypter

C2

http://85.31.45.42/Dsgnow.dll

Signatures

Purecrypter family
purecrypter

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Remittance pos.invioce.exe

Files

Remittance pos.invioce.img
.iso
Remittance pos.invioce.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ