General
-
Target
Pumpgui.exe
-
Size
200.1MB
-
MD5
979731a66c71dab968925165cd9a9f85
-
SHA1
532d088a2e08dae1e24dbb6925900459b0cb344b
-
SHA256
a8b9da23ee7b4c1ed171f2aaefc3595fa0cd7dbde8b3ebee3fb14068c882da8a
-
SHA512
7a53cc1867fa125e9f7b98155095275fa553e2026100b2ffe059f6c881511b0d62846c21b434587dcb7ee9d7f51c191e9759af7e54f9abea8239b245790c95a0
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+jPIC:5Zv5PDwbjNrmAE+7IC
Malware Config
Extracted
discordrat
-
discord_token
MTI4MjEwMTExOTI0NTM1Mjk3MA.GjBXi5.UIwqZJ7fnilmttJZD9_wZZGmhFwE3Gl_Wm5UDE
-
server_id
1278318887951400970
Signatures
-
Discordrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Pumpgui.exe
Files
-
Pumpgui.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ