purelogstealer | 305dca2184069473413661e6fe608cfa[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

305dca2184069473413661e6fe608cfa.exe
Size

2.4MB
MD5

305dca2184069473413661e6fe608cfa
SHA1

160741199ff660f14b6243a30b1d59b163a5ac1f
SHA256

cbcf33d26c498de5cf96469fa600ee72dbd7d62d1dfad165c60183fc598cdc66
SHA512

9a341c90e75dea7706bc5dba8a2eaeba566a0d38cfc545b5ce366b4118162b0ff7ab2934c3d1d0896c819833da6705860490d5f4d16a2c0840fa71534ffabcc8
SSDEEP

49152:17+EL9CKaxFfCiyrwpLOrXsrexWtNlZHOaPBnw8QiSBXElaRyZK3znzfgN:5+ELoKkFfCiEwpLOrXeeEJtzWdiSNQio

Score

10^/10

purelogstealer

Malware Config

Signatures

PureLog Stealer payload 1 IoCs

resource	yara_rule
sample	family_purelog_stealer

Purelogstealer family
purelogstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
305dca2184069473413661e6fe608cfa.exe

Files

305dca2184069473413661e6fe608cfa.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ