purelogs | DOCUMENTO_NOTIFICACION_VINCULACION_PROCESO_ADELANTADOR_SECRETARIA_DE_SALUD_TURBO_POR_IRREGULARIDADES_EN_EJECUCION_DE_OPERACIONES_CON_TERCEROS_VINCULADOS_SEGUN_TUTELApdf[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

DOCUMENTO_NOTIFICACION_VINCULACION_PROCESO_ADELANTADOR_SECRETARIA_DE_SALUD_TURBO_POR_IRREGULARIDADES_EN_EJECUCION_DE_OPERACIONES_CON_TERCEROS_VINCULADOS_SEGUN_TUTELApdf.rar
Size

359KB
MD5

aeff13ad45fc317d5b4ecb6cf19f6b9c
SHA1

b21a0b932f17c4e111d333682d3f750199beb584
SHA256

00fd2efe7e59af1a6d9909bd4acfd7e08a3f5be6f2eb2c711afd12645e8e6abb
SHA512

ae8a1cc8dcf1ff9cc0851e7c29fade369a84b43372b7f32188f1d49f9ecb773b4605fc6a129bac6890da1046d8976ebff7df0607aae4c5401046f76dec0271c4
SSDEEP

6144:u/9v/FFgh/rrNf1DlzpSzFqtKHd4NMTj/KuUvU0OwZYqPHLSSaJbK9ZGVZICGgnV:kCj59DJpmqtS42TrsOwuSaJWDGV4bA

Score

10^/10

purelogs

Malware Config

Signatures

Detect PureLogs payload 1 IoCs

resource	yara_rule
static1/unpack001/DOCUMENTO_NOTIFICACION_VINCULACION_PROCESO_ADELANTADOR_SECRETARIA_DE_SALUD_TURBO_POR_IRREGULARIDADES_EN_EJECUCION_DE_OPERACIONES_CON_TERCEROS_VINCULADOS_SEGUN_TUTELApdf.exe	family_purelogs

Purelogs family
purelogs

Files

DOCUMENTO_NOTIFICACION_VINCULACION_PROCESO_ADELANTADOR_SECRETARIA_DE_SALUD_TURBO_POR_IRREGULARIDADES_EN_EJECUCION_DE_OPERACIONES_CON_TERCEROS_VINCULADOS_SEGUN_TUTELApdf.rar
.rar

Password: 1123
DOCUMENTO_NOTIFICACION_VINCULACION_PROCESO_ADELANTADOR_SECRETARIA_DE_SALUD_TURBO_POR_IRREGULARIDADES_EN_EJECUCION_DE_OPERACIONES_CON_TERCEROS_VINCULADOS_SEGUN_TUTELApdf.exe
.exe windows:4 windows x86 arch:x86

Password: 1123

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0f:05:ae:21:cd:c1:7b:9f:3c:f0:9d:7b:fc:65:9b:a3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-02-2020 00:00

Not After

17-02-2023 12:00

Subject

CN=Glarysoft LTD,O=Glarysoft LTD,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:06:79:fd:2c:2e:aa:69:21:0f:c6:b7:95:ad:64:2f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-02-2020 00:00

Not After

17-02-2023 12:00

Subject

CN=Glarysoft LTD,OU=IT,O=Glarysoft LTD,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:84:e0:9e:60:76:fa:dc:02:b8:ee:13:18:2b:3f:94:a0:ee:d4:75:c3:31:88:b7:05:f1:a3:d1:21:29:7c:c0
Signer

Actual PE Digest

71:84:e0:9e:60:76:fa:dc:02:b8:ee:13:18:2b:3f:94:a0:ee:d4:75:c3:31:88:b7:05:f1:a3:d1:21:29:7c:c0

Digest Algorithm

sha256

PE Digest Matches

false

b0:1f:33:0f:dc:3d:c9:7c:88:29:5a:d7:d0:d0:cc:9c:ee:02:15:65
Signer

Actual PE Digest

b0:1f:33:0f:dc:3d:c9:7c:88:29:5a:d7:d0:d0:cc:9c:ee:02:15:65

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1123

Password: 1123

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0f:05:ae:21:cd:c1:7b:9f:3c:f0:9d:7b:fc:65:9b:a3Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

06:06:79:fd:2c:2e:aa:69:21:0f:c6:b7:95:ad:64:2fCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

71:84:e0:9e:60:76:fa:dc:02:b8:ee:13:18:2b:3f:94:a0:ee:d4:75:c3:31:88:b7:05:f1:a3:d1:21:29:7c:c0Signer

b0:1f:33:0f:dc:3d:c9:7c:88:29:5a:d7:d0:d0:cc:9c:ee:02:15:65Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 598KB - Virtual size: 597KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 12B

0f:05:ae:21:cd:c1:7b:9f:3c:f0:9d:7b:fc:65:9b:a3
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

06:06:79:fd:2c:2e:aa:69:21:0f:c6:b7:95:ad:64:2f
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

71:84:e0:9e:60:76:fa:dc:02:b8:ee:13:18:2b:3f:94:a0:ee:d4:75:c3:31:88:b7:05:f1:a3:d1:21:29:7c:c0
Signer

b0:1f:33:0f:dc:3d:c9:7c:88:29:5a:d7:d0:d0:cc:9c:ee:02:15:65
Signer

.text
Size: 598KB - Virtual size: 597KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 12B