purelogstealer | P03SkzED[.]exe | Triage

Sharing

General

Target

P03SkzED.exe
Size

1.9MB
MD5

8a1c6ab6aeeec522d4d2d483543cb6ad
SHA1

9133c7c95c6639c85f5880d97bfa4187905735b7
SHA256

bd275a1f97d1691e394d81dd402c11aaa88cc8e723df7a6aaf57791fa6a6cdfa
SHA512

86ca27ffa211847d772e2193540eb5da4ad8d6f8d62859cc86970b4053f6968521898ec63aafe4faaa30afbff513c12709bf46b917c5064de45398dab23fcd20
SSDEEP

49152:gK2O5r4MM1BBE+qTSMBi9Rbpt/aaxJGC/0UhlHLomjqD:gK2O5rfMLByTSMBap9BxJG4zhlHU

Score

10^/10

Malware Config

Signatures

PureLog Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_purelog_stealer
Purelogstealer family
purelogstealer
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

P03SkzED.exe

Files

P03SkzED.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ