Purple Blum[.]exe | Triage

Sharing

General

Target

Purple Blum.exe
Size

79.1MB
MD5

fe9819aa04675e2e7e63849837ed3f46
SHA1

3db73146cfef76ce55a7a3370358c159036df9ae
SHA256

86159eb2c663e87ea38d5cd2e32562bf06717eb900eccf88a798096051d8361b
SHA512

189f6be2cbd5964f5a373c2c3fd61f016cbbda3db550d6a31a9bb968329c5940f84fb77038bbc484ddd83430c84803d58854f5be2a3ec096bf1905197d457bb9
SSDEEP

1572864:gl5xPiUFui9j0hLeyPlP3RnbRJol7rMEdaA0hPA5szpoKhR3WmX5mN:glb3Fui9ghLey9v1rurPePAQoKhR3QN

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

resource	yara_rule
sample	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Purple Blum.exe

Files

Purple Blum.exe
.exe windows:4 windows x86 arch:x86

Password: blum

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79.1MB - Virtual size: 79.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BlumFarm.pyc