2024-06-25_d530390a221c7b79931f0cd4ebc80b13_poet-rat_rex_snatch

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-25_d530390a221c7b79931f0cd4ebc80b13_poet-rat_rex_snatch
Size

12.5MB
MD5

d530390a221c7b79931f0cd4ebc80b13
SHA1

691e13c45cd46b848d74fb5d0e118c53b71ebb51
SHA256

69eec08b3bf44ccf25d97ecff21a0b9dfbc59fca7cc530fdd4c9ae0b3bc06deb
SHA512

d752c340f8c3f84d7c95e20ebb1d90c662e8fcae9523ac93b67443210802269cbb9a87fc5ab67708d0c6f8ea4341d7bc82e97a6066daf913102a47a605cece89
SSDEEP

196608:aHNj9HTVH2y0bYOZRCCwk57GwArIkdIuP4Iu2:e/HTKZgCwI6ZH

Score

1^/10

Malware Config

Signatures

Files

2024-06-25_d530390a221c7b79931f0cd4ebc80b13_poet-rat_rex_snatch
.exe windows:4 windows x86 arch:x86

0c05448e8cf7d4de8c6a5510b0fad0d8

Code Sign

0a:55:a3:07:16:93:fe:88:0f:0f:61:64:eb:93:66:5e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/07/2017, 00:00

Not After

03/10/2020, 12:00

Subject

CN=Psiphon Inc.,O=Psiphon Inc.,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:b7:96:56:26:63:6d:1c:b4:a7:10:61:c0:5a:73:b4:76:da:1c:9c
Signer

Actual PE Digest

8f:b7:96:56:26:63:6d:1c:b4:a7:10:61:c0:5a:73:b4:76:da:1c:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
LoadLibraryA
LoadLibraryW
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerA
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 468KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c05448e8cf7d4de8c6a5510b0fad0d8

Code Sign

0a:55:a3:07:16:93:fe:88:0f:0f:61:64:eb:93:66:5eCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

8f:b7:96:56:26:63:6d:1c:b4:a7:10:61:c0:5a:73:b4:76:da:1c:9cSigner

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.rdata Size: 6.5MB - Virtual size: 6.5MB

.data Size: 468KB - Virtual size: 564KB

.idata Size: 1024B - Virtual size: 902B

.symtab Size: 512B - Virtual size: 4B

0a:55:a3:07:16:93:fe:88:0f:0f:61:64:eb:93:66:5e
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

8f:b7:96:56:26:63:6d:1c:b4:a7:10:61:c0:5a:73:b4:76:da:1c:9c
Signer

.text
Size: 5.5MB - Virtual size: 5.5MB

.rdata
Size: 6.5MB - Virtual size: 6.5MB

.data
Size: 468KB - Virtual size: 564KB

.idata
Size: 1024B - Virtual size: 902B

.symtab
Size: 512B - Virtual size: 4B