General
-
Target
Pumpgui.exe
-
Size
100.1MB
-
MD5
31670ebeb98dc3e8bbab2ecdb08f5b0f
-
SHA1
5f7da547f7eff6585524eea93b2804b1aa2df079
-
SHA256
c7dddb237bc9dda07c70f4de7110999ab6fbd6ad53600b05da9c2f476ab430e2
-
SHA512
316250260e701265bf7464e4b7698ff45e5783424e72050e71eb722ea11804f5becf31023c3a96ce16cafaa544ae1471ded4c7bbd2ded56becc1860e7cb84d8c
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+jPIC:5Zv5PDwbjNrmAE+7IC
Malware Config
Extracted
discordrat
-
discord_token
MTI4MjEwMTExOTI0NTM1Mjk3MA.GjBXi5.UIwqZJ7fnilmttJZD9_wZZGmhFwE3Gl_Wm5UDE
-
server_id
1278318887951400970
Signatures
-
Discordrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Pumpgui.exe
Files
-
Pumpgui.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ