gurcu | loader[.]exe

Resubmissions

10-04-2024 02:58

240410-dgn9kacd46 10

10-04-2024 02:58

10-04-2024 02:58

10-04-2024 02:58

23-08-2023 14:58

Sharing

Copy URL

Twitter E-mail

General

Target

loader.exe
Size

401KB
MD5

69e3cdc923b668aec4cb405c040565c6
SHA1

6a675ebf6f241e543f7bb50ccc8ead462a427880
SHA256

8d647fd3ebb00c9d853eb728ff7cba75b7a089d30f84090e3bc1dc460bdd47f3
SHA512

5580919f6710fc210f079875eae22a87c85e854b57f59d10fc22680460f370154d7d223a66c9797387e4675a7954ba6f051a34571499481927980eb9ebf07cdb
SSDEEP

6144:+CGmWI/2hvRn6Ie646G0D1eBlxy9bAmI6:+KWI/8B6Q9b5eBlxnmI6

Score

10^/10

gurcu

Malware Config

Extracted

Family

gurcu

https://api.telegram.org/bot6193093056:AAHzyNGUGS9aUG6CCx6ENLoXpCFLzEQywIQ/sendMessage?chat_id=1098292643

Signatures

Gurcu family
gurcu

Files

loader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:e3:37:e6:86:fd:33:88:4b:cf:73:24:4a:8d:72:31:6a:6e:de:8f:7b:97:ac:b5:b3:85:de:d7:3d:7e:66:34
Signer

Actual PE Digest

00:e3:37:e6:86:fd:33:88:4b:cf:73:24:4a:8d:72:31:6a:6e:de:8f:7b:97:ac:b5:b3:85:de:d7:3d:7e:66:34

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 389KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cdCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

00:e3:37:e6:86:fd:33:88:4b:cf:73:24:4a:8d:72:31:6a:6e:de:8f:7b:97:ac:b5:b3:85:de:d7:3d:7e:66:34Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 389KB - Virtual size: 388KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

00:e3:37:e6:86:fd:33:88:4b:cf:73:24:4a:8d:72:31:6a:6e:de:8f:7b:97:ac:b5:b3:85:de:d7:3d:7e:66:34
Signer

.text
Size: 389KB - Virtual size: 388KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B