purelogs | QUOTATION_NOVQTRFA00541·PDF[.]scr[.]exe | Triage

Sharing

General

Target

QUOTATION_NOVQTRFA00541·PDF.scr.exe
Size

974KB
MD5

83999a2ce0109ea4adbecb3a96744e8c
SHA1

4b94f4b23b157c7ae2df54e251cd4d22c683134d
SHA256

5030bc30c14139d9c48dc4cd175de6c966e83a9059035d18af33dda06f2541ab
SHA512

f4dfe9396a978d942cc5e8857549da838b17099f57a9fa4fc53761ee06bcff37f4100b263fdccff9565de3db40eb9c71694618433d64d41e66d8765a131328ae
SSDEEP

12288:W2BNuP+2ess0NdGRs5N4r8Zjw/KpBf2fLkzGHH1tfU7:J2JAk15N4r+8C72PfU

Score

10^/10

purelogs

Malware Config

Signatures

Detect PureLogs payload 1 IoCs

Processes:

resource yara_rule

sample family_purelogs
Purelogs family
purelogs

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
QUOTATION_NOVQTRFA00541·PDF.scr.exe

Files

QUOTATION_NOVQTRFA00541·PDF.scr.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 646KB - Virtual size: 646KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ