General

Malware Config

Signatures

Files

• rat.exe

  .zip

  Password: S@ndb0x!2023@@

• Device/HarddiskVolume2/Windows/Fonts/win/rat.exe

  .exe windows x86

  Password: S@ndb0x!2023@@

  130312efe8892496180179ce46d20b79

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetLastError

  SetLastError

  CloseHandle

  GetCurrentProcess

  CreateHardLinkW

  DeleteFileW

  RemoveDirectoryW

  DeviceIoControl

  CreateDirectoryW

  CreateFileW

  SetFileTime

  MoveFileW

  GetShortPathNameW

  GetLongPathNameW

  WriteFile

  GetStdHandle

  SetFilePointer

  SetEndOfFile

  FlushFileBuffers

  GetFileType

  ReadFile

  GetFileAttributesW

  SetFileAttributesW

  FindClose

  FindNextFileW

  FindFirstFileW

  GetVersionExW

  GetCurrentDirectoryW

  FoldStringW

  GetFullPathNameW

  GetModuleFileNameW

  FindResourceW

  GetModuleHandleW

  FreeLibrary

  GetProcAddress

  GetCurrentProcessId

  GetLocaleInfoW

  GetNumberFormatW

  SetEnvironmentVariableW

  ExpandEnvironmentStringsW

  WaitForSingleObject

  GetDateFormatW

  GetTimeFormatW

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  GetExitCodeProcess

  GetTempPathW

  MoveFileExW

  UnmapViewOfFile

  Sleep

  MapViewOfFile

  GetCommandLineW

  CreateFileMappingW

  GetTickCount

  GetLocalTime

  OpenFileMappingW

  SetThreadExecutionState

  LoadLibraryW

  GetSystemDirectoryW

  ExitProcess

  FreeConsole

  WriteConsoleW

  AttachConsole

  AllocConsole

  CompareStringW

  InitializeCriticalSection

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  CreateThread

  GetProcessAffinityMask

  CreateEventW

  CreateSemaphoreW

  ReleaseSemaphore

  ResetEvent

  SetEvent

  SetThreadPriority

  SystemTimeToFileTime

  GetSystemTime

  SystemTimeToTzSpecificLocalTime

  TzSpecificLocalTimeToSystemTime

  LocalFileTimeToFileTime

  WideCharToMultiByte

  MultiByteToWideChar

  IsDBCSLeadByte

  GetCPInfo

  GlobalAlloc

  SetCurrentDirectoryW

  LocalAlloc

  InterlockedExchange

  LoadLibraryA

  RaiseException

  RtlUnwind

  HeapFree

  HeapReAlloc

  HeapAlloc

  GetSystemTimeAsFileTime

  GetCommandLineA

  GetStartupInfoA

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  InterlockedIncrement

  GetCurrentThreadId

  InterlockedDecrement

  HeapCreate

  VirtualFree

  VirtualAlloc

  TerminateProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  HeapSize

  GetModuleFileNameA

  GetACP

  GetOEMCP

  IsValidCodePage

  LCMapStringA

  LCMapStringW

  GetModuleHandleA

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  SetHandleCount

  QueryPerformanceCounter

  InitializeCriticalSectionAndSpinCount

  GetConsoleCP

  GetConsoleMode

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  SetStdHandle

  WriteConsoleA

  GetConsoleOutputCP

  CreateFileA

  Sections

  .text

  Size: 166KB - Virtual size: 165KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 22KB - Virtual size: 22KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 133KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 22KB - Virtual size: 22KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• manifest.json