poullight | 439442042b8f97837925b5a858b7fb3e[.]exe | Triage

Sharing

General

Target

439442042b8f97837925b5a858b7fb3e.exe
Size

213KB
MD5

439442042b8f97837925b5a858b7fb3e
SHA1

0a524b97d4e1e1b0407a1348c154877964470de2
SHA256

f27893a397e299561cd5aae7d4598aa2623fedb3155f6003c111126599887bb4
SHA512

fd0297f321b3b35a9eabd0dda667fe65ff07a800baf9109c1aeb3443ee210bb22b4c6e9ff5106ff4b720f51138e0240a8a9baf176053954c6c6715a0ac10d525
SSDEEP

6144:FOmaqXgRvpbQda7JumO8U7UFyiEf4DFXXfARSLZVn:FpQnJuJh7UFIf4RLZ

Score

10^/10

poullight

Malware Config

Signatures

Poullight Stealer payload 1 IoCs

Processes:

resource yara_rule

sample family_poullight
Poullight family
poullight

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
439442042b8f97837925b5a858b7fb3e.exe

Files

439442042b8f97837925b5a858b7fb3e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ