purecrypter | Updated PO-91487 New order to ship with RVM[.]img | Triage

Sharing

General

Target

Updated PO-91487 New order to ship with RVM.img
Size

56KB
MD5

97a6dd826eea9091d20169b504f15f1a
SHA1

473e56ad2bfbeb3ca2f01bdae5424fb61b955727
SHA256

d7ae30a230e18273d634fb9a0ecb9fed694d66a5aaba71fb59d5eaa33e2a10bf
SHA512

adf5e4f0851d6126cd016b2b043cba2646ab54c5f3234c60c5f262866ed4b6b2264062a32d0c4ad3483b5b88fb5ea65ad5dc0375fb4cc2ee0be1f435632064d9
SSDEEP

96:5TntK+KmXi5aB+tFLbd58xd2nKFRa08rQzNt:Rnby5q+tVd58AmZIy

Score

10^/10

purecrypter

Malware Config

Extracted

Family

purecrypter

C2

http://155.94.210.73/ido.mp3

Signatures

Purecrypter family
purecrypter

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/new order.exe

Files

Updated PO-91487 New order to ship with RVM.img
.iso
out.iso
.iso
new order.exe
.exe windows:4 windows x64 arch:x64

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ