ScrubCrypt[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ScrubCrypt.exe
Size

586KB
MD5

3c1b589a7c7b24670d332d41ff10a054
SHA1

e15e99a3838620c933d1b1d8d52f8fdc579489c9
SHA256

a734415f7089d2b90f33a17bef32214d44d2725f01a5f991b924034ed59b4036
SHA512

f482f249bcf0d14bde2a0892aea5cf204d629b80dea51628f319b9e7095c5bbdaad541f44f80d016053f6bb62e0b7cf8bd4de6aaebce3ef8666aef2d6c04afd4
SSDEEP

12288:e6r35j5ssMMbAaPcw6K7mRyP6uI6JB8rkoBjeeXOkqXpla7:e6josDb3cq7/P6uXQj3rqLa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ScrubCrypt.exe

Files

ScrubCrypt.exe
.exe windows:6 windows x64 arch:x64

0616c99a9bb86c4d4b22c2c45db5fd4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-math-l1-1-0

__setusermatherr

kernel32

IsProcessorFeaturePresent
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualAlloc
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
abort
_configure_wide_argv
_get_initial_wide_environment
_seh_filter_exe
_set_app_type
_cexit

vcruntime140

__FrameUnwindFilter
memset
memcpy

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0616c99a9bb86c4d4b22c2c45db5fd4b

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-math-l1-1-0

kernel32

api-ms-win-crt-runtime-l1-1-0

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

mscoree

Sections

.text Size: 6KB - Virtual size: 5KB

.nep Size: 512B - Virtual size: 48B

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 296KB - Virtual size: 296KB

.pdata Size: 512B - Virtual size: 84B

.rsrc Size: 259KB - Virtual size: 259KB

.reloc Size: 512B - Virtual size: 44B

.text
Size: 6KB - Virtual size: 5KB

.nep
Size: 512B - Virtual size: 48B

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 296KB - Virtual size: 296KB

.pdata
Size: 512B - Virtual size: 84B

.rsrc
Size: 259KB - Virtual size: 259KB

.reloc
Size: 512B - Virtual size: 44B