gurcu | ebdda35a64fdd77737a3ec887c3c63b9[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ebdda35a64fdd77737a3ec887c3c63b9.bin
Size

1.3MB
MD5

14a87a6c16ccaeed39966e8016bbd87d
SHA1

00ab54afc68683b5661b52d4c7cced2eb54773c8
SHA256

dd91d4063900789c1d9de4b8f5a3d71dd5a7b207df020fa530e019050dc70022
SHA512

9a03fd3383ec5fe30a786a5ddec61653e1b9603d6c16ac1a15d8f11b5e9ce4e25f74e6f20b1fe65373c871f2ca845eacd6645465ae1b177ea20793e48905ca6b
SSDEEP

24576:JQFlG7NZhhm3GaVUvM/g3E9NUM6RZmjfXkUflJ/jr:yFg7NZhhm3jaM/gU9ZAS9lJX

Score

10^/10

gurcu

Malware Config

Signatures

Gurcu family
gurcu

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc.exe

Files

ebdda35a64fdd77737a3ec887c3c63b9.bin
.zip

Password: infected
e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ