purecrypter | Quote Sample Specification[.]iso | Triage

Sharing

General

Target

Quote Sample Specification.iso
Size

58KB
MD5

e62f0b1cdb4ced28dda8df5fb8720cce
SHA1

c87e7e3d53596dfb56de410cf4b1e7354e85fa39
SHA256

7ff4167650adecffecfe7ddaedb1a962c3e85074d8ffe2b2237ee3444da34aa1
SHA512

ce9aab107cf51ecd8d91a21526a5d3b2b83f157e90fc915e3713b1cd2e54d55d8f7c3c8926c5cc850e084fd7fcf6715adf38ee6a72a8bc3def07c1f4bfef641d
SSDEEP

96:5BjvT3HQfHAWy0/lymtF6vBRl4gT9S40/g8yutGFEoOzNtAP9GB:7j734/4ekJB040/FyOGJI2PwB

Score

10^/10

purecrypter

Malware Config

Extracted

Family

purecrypter

C2

https://360.asesoriaenfarmacias.com/Jhacc.dat

Signatures

Purecrypter family
purecrypter

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/New Project Sets KV222LLV1.exe

Files

Quote Sample Specification.iso
.iso
out.iso
.iso
New Project Sets KV222LLV1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ