MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92ef563707a54ec149cd03d577e3ae065db47efba977eef0adac1d00eacf7c0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureLogsStealer

Vendor detections: 6

Intelligence 6 IOCs 1 YARA 53 File information Comments

SHA256 hash:	92ef563707a54ec149cd03d577e3ae065db47efba977eef0adac1d00eacf7c0f
SHA3-384 hash:	fbdb6bcd31a8ba59ab69016e3475773b11601d0adb526ba114d27a97a79ac505643f81f8893fecf9da34c15ea18bc949
SHA1 hash:	325280430f39685259c81c13198d04dec23842c5
MD5 hash:	c02c1b8f8b7dc58acd72b0df48d6206b
humanhash:	delaware-jupiter-paris-florida
File name:	upd (2).zip
Download:	download sample
Signature	PureLogsStealer Create hunting rule
File size:	1'585'766 bytes
First seen:	2025-07-30 08:19:11 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	49152:JXWOmlp6n5R55YgGIezt237xdJMqY7oM/OB:FWOmlk5RUgGIew7xdJpB1
TLSH	T1A67533BFBC0C850F2D6B8F761DB10243E0AE75A578A2D8FD67E8215544AB07C12974BE
Magika	zip
Reporter	JAMESWT_WT
Tags:	booking cryptoprinto-com PureLogsStealer upd-zip zip

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOC	ThreatFox Reference
45.134.26.74:7705	https://threatfox.abuse.ch/ioc/1562444/

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 12 file(s), sorted by their relevance:

File name:	api-ms-win-crt-heap-l1-1-0.dll
File size:	31'320 bytes
SHA256 hash:	cdca86f206568133ae030cbe6f0aed62ffd6f0d3dbf779df4e58f89184abc643
MD5 hash:	c86c32c0da9c3c8c962893be6affd6e3
MIME type:	application/x-dosexec
Signature	PureLogsStealer

File name:	api-ms-win-crt-string-l1-1-0.dll
File size:	36'952 bytes
SHA256 hash:	676619dd2ee6fe9bee361f2783f24e460caeee10bbcbc6289aafde7e9df46dff
MD5 hash:	01be4331cc3eb5351f7583065a5b3138
MIME type:	application/x-dosexec
Signature	PureLogsStealer

File name:	VCRUNTIME140.dll
File size:	110'504 bytes
SHA256 hash:	08dea01a763865a126c2b5578f2d13b8057003aee4634aaafedbb3cbfd89cbd9
MD5 hash:	21a6d06ceff732b7ab8824b299f5bd96
MIME type:	application/x-dosexec
Signature	PureLogsStealer

File name:	api-ms-win-crt-math-l1-1-0.dll
File size:	40'024 bytes
SHA256 hash:	74e1132e513272032326497b62e883bd30f4291e269cebca9c65d8698ed3d7e5
MD5 hash:	e1693ed4dfc1cbb0362c54960270681e
MIME type:	application/x-dosexec
Signature	PureLogsStealer

File name:	api-ms-win-crt-filesystem-l1-1-0.dll
File size:	32'864 bytes
SHA256 hash:	009c2ef68ebeb1b8acd3d1184773bda239f27d4ae012e6c504bb9d45b448dff2
MD5 hash:	688aaa69293546c85d4ac917a2b37e47
MIME type:	application/x-dosexec
Signature	PureLogsStealer

File name:	api-ms-win-crt-stdio-l1-1-0.dll
File size:	36'952 bytes
SHA256 hash:	ff1f67bb55ce3710a7bbd921c28f5e9cd027a1eda81d426833503de7f830f473
MD5 hash:	f1762444047f53206d286eb489c066c5
MIME type:	application/x-dosexec
Signature	PureLogsStealer

File name:	api-ms-win-crt-runtime-l1-1-0.dll
File size:	35'416 bytes
SHA256 hash:	5aa6d6d77f9a4c3dfda8308521f61c2f56037771205ba536eee709f43796c16f
MD5 hash:	1aa4a74ff779ee4351a88c45aef45111
MIME type:	application/x-dosexec
Signature	PureLogsStealer

File name:	api-ms-win-crt-convert-l1-1-0.dll
File size:	34'904 bytes
SHA256 hash:	f3d1d6beb302811e9a53622d0009b062aa5ddc0b745467e88e58026742465b96
MD5 hash:	07c16bb5cc8248c2db5dc01cfb4429a0
MIME type:	application/x-dosexec
Signature	PureLogsStealer

File name:	jli.dll
File size:	2'477'056 bytes
SHA256 hash:	d3ef22ff7480303a40babe5824573de313ba1f5e3e0d2279afcce55734f17a8f
MD5 hash:	6c087d03c592aaecfff1a8d3d744d9aa
MIME type:	application/x-dosexec
Signature	PureLogsStealer

File name:	api-ms-win-crt-locale-l1-1-0.dll
File size:	31'320 bytes
SHA256 hash:	a9c42e9cdda14d0c054ad7a03424b2e5220ec3ea232788d124ad858cd0843235
MD5 hash:	f1c84cdd8aabe6c062559f5e57852694
MIME type:	application/x-dosexec
Signature	PureLogsStealer

File name:	api-ms-win-crt-environment-l1-1-0.dll
File size:	31'336 bytes
SHA256 hash:	dd94754cf7b40513b86c71a4f6e7f4637c9eb5fde6f03c4ad352160d06d7ac55
MD5 hash:	4779747a28d729b4d75a90597f77e3b8
MIME type:	application/x-dosexec
Signature	PureLogsStealer

File name:	microservice86btq.exe
File size:	35'192 bytes
SHA256 hash:	2f402a03586d924dfb2ae14b4b88d89b79884fc66da304a36c59044a3dda7228
MD5 hash:	6b1a81987f2b4d9194a56aeed1b4b60f
MIME type:	application/x-dosexec
Signature	PureLogsStealer

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Program.Unwanted.5590.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6883f1470b4775fb21312112

Tags:

n/a

Result

Verdict:

Unknown

File Type:

PE File

Link:

https://app.docguard.net/92ef563707a54ec149cd03d577e3ae065db47efba977eef0adac1d00eacf7c0f/results/dashboard

Verdict:

Unknown

Threat level:

n/a -.1.0/10

Confidence:

100%

Tags:

expired-cert microsoft_visual_cc overlay packed signed

Link:

https://www.filescan.io/uploads/6889d59213488cfd44e03026/reports/78351894-7b06-4718-a748-482cb563e14d/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/92ef563707a54ec149cd03d577e3ae065db47efba977eef0adac1d00eacf7c0f

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/92ef563707a54ec149cd03d577e3ae065db47efba977eef0adac1d00eacf7c0f

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Score:

100%

Verdict:

Malware

File Type:

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery persistence

Link:

https://tria.ge/reports/250730-k77l6adj9x/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/92ef563707a54ec149cd03d577e3ae065db47efba977eef0adac1d00eacf7c0f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__MemoryWorkingSet Create hunting rule
Author:	Fernando Mercês
Description:	Anti-debug process memory working set size check
Reference:	http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

Rule name:	RIPEMD160_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for RIPEMD-160 constants

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	SHA1_Constants Create hunting rule
Author:	phoul (@phoul)
Description:	Look for SHA1 constants

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample