gurcu | tmp | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

tmp
Size

426KB
MD5

ef43d260ba94eea5dad184fcb6e1abcf
SHA1

2cad3eaa11d5842b430ca28c9d185bc82d7661d1
SHA256

8db489ea34fc35ad43552af9629978af98c14b947c058ef1a5d0e645a90c3458
SHA512

de879cf97066e6ca3c39200f01407dca79838ce03e2b3280aa37ab725aae96e9a15d6ad3a200ce184d3c1b7102a666c4ae051a8453fbca0ef9f6e38ec0942d0a
SSDEEP

6144:3Gd/t/a2zDGVPJXvnzZjDJHb571Kjn1929XDccHa+u9bamBftR0RgW:cRatpvnzZjDv7oj19yTaAmBftR0CW

Score

10^/10

gurcu

Malware Config

Signatures

Detect Gurcu Stealer V3 payload 1 IoCs

resource	yara_rule
sample	family_gurcu_v3

Gurcu family
gurcu

Files

tmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:55:7b:31:a1:c9:e1:bb:4f:09:4a:5a:ac:b3:06:00:be:7d:f2:90:03:99:2e:1a:b3:88:ff:6c:80:19:a0:e2
Signer

Actual PE Digest

f2:55:7b:31:a1:c9:e1:bb:4f:09:4a:5a:ac:b3:06:00:be:7d:f2:90:03:99:2e:1a:b3:88:ff:6c:80:19:a0:e2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cdCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

f2:55:7b:31:a1:c9:e1:bb:4f:09:4a:5a:ac:b3:06:00:be:7d:f2:90:03:99:2e:1a:b3:88:ff:6c:80:19:a0:e2Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 367KB - Virtual size: 367KB

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

f2:55:7b:31:a1:c9:e1:bb:4f:09:4a:5a:ac:b3:06:00:be:7d:f2:90:03:99:2e:1a:b3:88:ff:6c:80:19:a0:e2
Signer

.text
Size: 367KB - Virtual size: 367KB

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 512B - Virtual size: 12B