GTK_RAT[.]exe | Triage

Resubmissions

06/08/2024, 02:19

240806-cr7cfswfrk 8

06/08/2024, 02:18

240806-crpseawfpr 8

Sharing

Copy URL Twitter E-mail

General

Target

GTK_RAT.exe
Size

4.4MB
MD5

b61a6c372d35a15f6a13ff361de4bfea
SHA1

6989e82a67f6edb57d294d813e113a15a1dd5989
SHA256

668a678c6356ce6181d5fd6d796ff960cdc6697447d9c66a9b1f32758042f803
SHA512

f7ba073d35e1bc435197f56c3a24b54fd49d9ddad7bbe187bf1e3e9f7efccde7871fe64e97883cf116fd2b60c83909c28630ec91ee357aed1309e9e55473d0d2
SSDEEP

98304:5ogjfTTTVHHL8D6K+v3mVcVL3mCClpoiBIFo:5ogjf/hHL8D2OcVbmCBim

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GTK_RAT.exe

Files

GTK_RAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\GorillaTaggingKid\VS Projs\GTK_RAT\GTK_RAT\obj\Debug\GTK_RAT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ