purelogstealer | eec2afdc09591bdbeb56778e59213e70N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

eec2afdc09591bdbeb56778e59213e70N.exe
Size

232KB
MD5

eec2afdc09591bdbeb56778e59213e70
SHA1

dd7a57518c04015d7d849dccfe41ffb01aea5fc9
SHA256

306033847569814ac7afb92cb35ced5ac9766ed8385c83288fc4095ef7fc92a7
SHA512

fd1d4a5d431ef4891af337dcbe51a5a878b8a3959ed226402890b4db76e581bb946291e2b072176ce4a23903b86df75c0cfc8ab04e948b2c0182ac18cf0dd03d
SSDEEP

6144:k/ulgztrzTgzvhrLJyQNHbqLtte5v0WURyW:Mu2t0zprLFctNWURJ

Score

10^/10

purelogstealer

Malware Config

Signatures

PureLog Stealer payload 1 IoCs

Processes:

resource	yara_rule
sample	family_purelog_stealer

Purelogstealer family
purelogstealer

Files

eec2afdc09591bdbeb56778e59213e70N.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:f7:8f:9e:27:0d:4f:47:06:53:1d:74:e2:27:88:5a:99:8b:5e:b2:2b:ae:f2:e6:8f:08:59:c3:3b:3a:44:99
Signer

Actual PE Digest

6a:f7:8f:9e:27:0d:4f:47:06:53:1d:74:e2:27:88:5a:99:8b:5e:b2:2b:ae:f2:e6:8f:08:59:c3:3b:3a:44:99

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

6a:f7:8f:9e:27:0d:4f:47:06:53:1d:74:e2:27:88:5a:99:8b:5e:b2:2b:ae:f2:e6:8f:08:59:c3:3b:3a:44:99Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 149KB - Virtual size: 149KB

.rsrc Size: 72KB - Virtual size: 72KB

.reloc Size: 512B - Virtual size: 12B

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

6a:f7:8f:9e:27:0d:4f:47:06:53:1d:74:e2:27:88:5a:99:8b:5e:b2:2b:ae:f2:e6:8f:08:59:c3:3b:3a:44:99
Signer

.text
Size: 149KB - Virtual size: 149KB

.rsrc
Size: 72KB - Virtual size: 72KB

.reloc
Size: 512B - Virtual size: 12B