2024-06-28_dde422f5ad9db3834180b10c94448038_magniber_poet-rat

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-28_dde422f5ad9db3834180b10c94448038_magniber_poet-rat
Size

15.0MB
MD5

dde422f5ad9db3834180b10c94448038
SHA1

3fb4f2a357d8983ae89714bb5447fd3e869c150d
SHA256

285627b840413cec7ad8791fb29a7275ce7b95e42130438b333b1e9f8c743393
SHA512

856f34d7711da9d73dd31b4d8b403f3ebc750c1a31b0b134f58a5d296273869e0fc7b52f5f5165728fa7ad9959929b2f4292bb2b5ee803a2b62909dd7fb9b5ae
SSDEEP

196608:P985grQURfVeR5zyJcQealDr26AeD/TjvvW9HpyZa4oaYfq:O5+nJ7ZlDbAenjveDyQPfq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-28_dde422f5ad9db3834180b10c94448038_magniber_poet-rat

Files

2024-06-28_dde422f5ad9db3834180b10c94448038_magniber_poet-rat
.exe windows:5 windows x86 arch:x86

917fdae35dda806e14b5242ffaccc279

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
DeregisterEventSource
ReportEventA
RegisterEventSourceA

dsound

DirectSoundCreate8

gdi32

PlayEnhMetaFile
CreateDIBSection
DeleteEnhMetaFile
GetEnhMetaFileA
RealizePalette
GetEnhMetaFileW
GetEnhMetaFileHeader
GetMetaFileA
GetMetaFileBitsEx
DeleteMetaFile
SelectPalette
GetObjectA
SetWinMetaFileBits
CreateBitmapIndirect
GetStockObject
GetObjectW
CreateCompatibleDC
SelectObject
GetDIBits
DeleteObject
BitBlt
DeleteDC

iphlpapi

GetAdaptersInfo

kernel32

IsDebuggerPresent
GetLastError
HeapFree
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
LockResource
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
LoadLibraryA
GetLocaleInfoW
FreeLibrary
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
CreateFileA
CompareStringA
GetCurrentProcess
SetEnvironmentVariableA
LoadLibraryW
GetShortPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
CreateMutexW
GetSystemDirectoryW
GetExitCodeThread
SetThreadPriority
CreateThread
WaitForSingleObject
ReleaseMutex
SetUnhandledExceptionFilter
ExitThread
GetVersionExW
GetCommandLineW
SetThreadExecutionState
FindFirstFileW
FindClose
GetFullPathNameW
FindNextFileW
CreateDirectoryW
QueryPerformanceFrequency
lstrlenW
GetVersionExA
GetFileAttributesW
ExpandEnvironmentStringsW
CreateSemaphoreW
ReleaseSemaphore
LocalFree
FormatMessageW
OutputDebugStringA
FormatMessageA
SwitchToFiber
CreateFiber
DeleteFiber
ConvertThreadToFiber
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CreateEventW
SystemTimeToFileTime
GetSystemTime
CreateFileMappingA
FindFirstFileA
LoadLibraryExA
SetErrorMode
FindNextFileA
FreeResource
SizeofResource
LoadResource
FindResourceA
FlushViewOfFile
GetExitCodeProcess
CreateProcessA
GlobalMemoryStatus
GetSystemInfo
SetEndOfFile
GetProcessTimes
GlobalFree
GetLogicalDrives
CreateSemaphoreA
GetFileSize
TerminateProcess
MultiByteToWideChar
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
DeleteFileW
DeleteFileA
CreateDirectoryA
GetFileAttributesA
GetDriveTypeA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetDriveTypeW
MoveFileA
DuplicateHandle
GetCurrentDirectoryA
SetCurrentDirectoryA
GetProcessHeap
CreatePipe
CreateMutexA
UnhandledExceptionFilter
CompareStringW

oleaut32

SafeArrayUnaccessData
SafeArrayRedim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData

shell32

CommandLineToArgvW
ExtractIconW
SHGetSpecialFolderPathW
ShellExecuteA
ShellExecuteW

user32

GetClientRect
MessageBoxW
ClipCursor
GetWindowRect
GetClassLongW
IsWindowVisible
IsZoomed
AdjustWindowRect
IsIconic
SetWindowPos
SetWindowPlacement
GetMenu
GetWindowPlacement
SetMenu
SetWindowLongW
GetWindowLongW
UnregisterClassW
DestroyMenu
AdjustWindowRectEx
ScreenToClient
CreateWindowExW
SetRect
RegisterClassW
LoadCursorW
DestroyAcceleratorTable
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
PeekMessageW
SystemParametersInfoA
EnumDisplaySettingsW
GetCapture
SystemParametersInfoW
MoveWindow
GetWindow
SetFocus
SetCapture
ReleaseCapture
GetCursorPos
FindWindowW
GetKeyState
DestroyWindow
EnumChildWindows
MonitorFromPoint
LoadIconW
SetTimer
SetCursor
RedrawWindow
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
SetForegroundWindow
PostQuitMessage
ShowWindow
GetSystemMetrics
ClientToScreen
SetCursorPos
SetClassLongW
TrackMouseEvent
PostMessageW
GetParent
SendMessageW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetIconInfo
GetDC
ReleaseDC
GetWindowInfo
IsWindow
DefWindowProcW
GetSystemMenu
CallWindowProcW
SetMenuItemInfoW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetReadFile
InternetOpenW
InternetQueryOptionW
InternetCrackUrlW
InternetConnectW
InternetCloseHandle
HttpOpenRequestW
InternetQueryDataAvailable
InternetSetOptionW
HttpSendRequestW
HttpAddRequestHeadersW
InternetOpenUrlW

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

ws2_32

getsockname
bind
WSAGetLastError
WSACleanup
closesocket
select
send
recv
getsockopt
__WSAFDIsSet
connect
ioctlsocket
socket
htons
gethostbyname
WSAStartup
listen

ole32

CoInitialize
CoCreateGuid

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 624KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text1
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc1
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Geddon
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

917fdae35dda806e14b5242ffaccc279

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

dsound

gdi32

iphlpapi

kernel32

oleaut32

shell32

user32

version

wininet

winmm

ws2_32

ole32

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 624KB - Virtual size: 624KB

.tls Size: 52KB - Virtual size: 52KB

.reloc Size: 324KB - Virtual size: 324KB

.text1 Size: 704KB - Virtual size: 704KB

.adata Size: 64KB - Virtual size: 64KB

.data1 Size: 128KB - Virtual size: 128KB

.reloc1 Size: 64KB - Virtual size: 64KB

.pdata Size: 6.4MB - Virtual size: 6.4MB

.rsrc Size: 48KB - Virtual size: 44KB

.Geddon Size: 8KB - Virtual size: 8KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 624KB - Virtual size: 624KB

.tls
Size: 52KB - Virtual size: 52KB

.reloc
Size: 324KB - Virtual size: 324KB

.text1
Size: 704KB - Virtual size: 704KB

.adata
Size: 64KB - Virtual size: 64KB

.data1
Size: 128KB - Virtual size: 128KB

.reloc1
Size: 64KB - Virtual size: 64KB

.pdata
Size: 6.4MB - Virtual size: 6.4MB

.rsrc
Size: 48KB - Virtual size: 44KB

.Geddon
Size: 8KB - Virtual size: 8KB