poullight | 065d9f4598e496874cd07d746b84b742 | Triage

Sharing

General

Target

065d9f4598e496874cd07d746b84b742
Size

213KB
MD5

065d9f4598e496874cd07d746b84b742
SHA1

30a6f3a74b179608884ea7729ac0eab942d8dab6
SHA256

c319696be10991321cffb0983531cb2b705a02b3a9354615e81db2d25d6302cb
SHA512

e5a9429693e99eda3992dbba11c29dc80139499fa25524f4d306a9ac935c4479550ded7dfbd8500f9846e08bbe8b998523d5449ffd43573789f9e7a3ab3b58f0
SSDEEP

6144:vOmaqXgF5kSsv0wEIGiX821xz++wFvT+3MB7n:vpQjI04GiM21xz++Gt

Score

10^/10

poullight

Malware Config

Signatures

Poullight Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_poullight
Poullight family
poullight
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

065d9f4598e496874cd07d746b84b742

Files

065d9f4598e496874cd07d746b84b742
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ