purelogstealer | 88074c579380436d337be1825a11be1496fabc996881abb41101f7cfce8e9df4

Sharing

Copy URL

Twitter E-mail

General

Target

88074c579380436d337be1825a11be1496fabc996881abb41101f7cfce8e9df4
Size

2.6MB
MD5

aaba962d3d067e40569aea22cc575eb9
SHA1

390d7da6cfbfa0dca4b95d2543c450247ffba010
SHA256

88074c579380436d337be1825a11be1496fabc996881abb41101f7cfce8e9df4
SHA512

c29dc912d7b4ff06e0e307674a4f38b99dc7312499a370a31275d03043660c8a94302f91bc7577ddb6474e83eb15b2cee7cb47a57a5bea0a1b6ba4e7859d4cff
SSDEEP

49152:8LKVdUWUCEKBMUzMXIc2JoF0sEdVevqiu0kVsMD94yyLzB7nOc:8LKQ7CBLwXIc2eF0sEdVeSJyJ

Score

10^/10

purelogstealer

Malware Config

Signatures

PureLog Stealer payload 1 IoCs

resource	yara_rule
sample	family_purelog_stealer

Purelogstealer family
purelogstealer

Files

88074c579380436d337be1825a11be1496fabc996881abb41101f7cfce8e9df4
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:37:ee:c8:71:53:0a:ff:df:df:ff:84:89:6d:5c:8c:da:41:dd:0b:7b:64:9f:5f:59:33:b7:97:4d:24:6e:2e
Signer

Actual PE Digest

9a:37:ee:c8:71:53:0a:ff:df:df:ff:84:89:6d:5c:8c:da:41:dd:0b:7b:64:9f:5f:59:33:b7:97:4d:24:6e:2e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

9a:37:ee:c8:71:53:0a:ff:df:df:ff:84:89:6d:5c:8c:da:41:dd:0b:7b:64:9f:5f:59:33:b7:97:4d:24:6e:2eSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rsrc Size: 184KB - Virtual size: 184KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

9a:37:ee:c8:71:53:0a:ff:df:df:ff:84:89:6d:5c:8c:da:41:dd:0b:7b:64:9f:5f:59:33:b7:97:4d:24:6e:2e
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 184KB - Virtual size: 184KB

.reloc
Size: 512B - Virtual size: 12B