pseudomanuscrypt | b8fb0d53de6c906fbdb672a5aa7c4b6e | Triage

Sharing

General

Target

b8fb0d53de6c906fbdb672a5aa7c4b6e
Size

6KB
MD5

b8fb0d53de6c906fbdb672a5aa7c4b6e
SHA1

999f6032b98130ea489e186c0afbbc4a480b0b14
SHA256

c6f6ef975f76b6f7f163ab3266c18fec304fe063c599f8b2b91631ed02f4be90
SHA512

64a16f4b376df279a7c843236f0d485ec91d070104dfab493bf28611aeea6a5ce9e1f09b20d607b617901fa31b952cf36cf1f87e8dba73d89da35c487eba7cae
SSDEEP

48:Sohw/sCUdspYtgxD6sulpRqgbat5hpFgwVItN/4PaJ+25It9sRAlrC82I583NC0M:+xUedxDrulnLat5h3iEVlrfz0na9FPT5

Score

10^/10

loader pseudomanuscrypt

Malware Config

Signatures

Detects PseudoManuscrypt payload 1 IoCs

Processes:

resource	yara_rule
sample	family_pseudomanuscrypt

Pseudomanuscrypt family
pseudomanuscrypt
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

b8fb0d53de6c906fbdb672a5aa7c4b6e

Files

b8fb0d53de6c906fbdb672a5aa7c4b6e
.dll windows:5 windows x64 arch:x64

e9fb8f93b76e747125b013f7a11b7489

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
GetLastError

user32

wsprintfA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerW

Exports

Exports

ServiceMain

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ