Behavioral task
behavioral1
Sample
Ymplhchis.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Ymplhchis.exe
Resource
win10v2004-20230220-en
General
-
Target
Ymplhchis.exe
-
Size
9KB
-
MD5
66b64cfac83171e194dda651b97aeef0
-
SHA1
cc65aabb69e797a01c2c06886d523683fc756c19
-
SHA256
fadc70c73f31f1cd2982bcf510846c09a9ddb209cce4e84d6237803fba50f58b
-
SHA512
c162987ad139ea66152b3c31a13b8f67d8cf20fc0eac420dd6dea58eefd183ec94a8de6af30be53130f5f7cbc1aca5cb6ce665e362ce145e8eaec59be1cb5bd2
-
SSDEEP
192:r7IRHVefS0loC4cge45pz/7H/hShLTG1sl/pv6:r7i1efFp4R95B/r/hShLy6hy
Malware Config
Extracted
purecrypter
https://cdn.discordapp.com/attachments/1114088016076619870/1114091109027688478/Ojjkmeqsy.dat
Signatures
-
Purecrypter family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Ymplhchis.exe
Files
-
Ymplhchis.exe.exe windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ