2024-09-21_2ce0b935416d8c8e4a08f081787317ad_hijackloader_poet-rat_snatch | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-21_2ce0b935416d8c8e4a08f081787317ad_hijackloader_poet-rat_snatch
Size

13.7MB
MD5

2ce0b935416d8c8e4a08f081787317ad
SHA1

96b7c8a7d2054410718856986a19fa6ac9766632
SHA256

987eb6f8a7adac6f462145b4eedb2409abd925b39b6c4cb4ee016d0446751be3
SHA512

729614ff9fe7460695c7dc2cb6b6cab8e4ff34bd9a879be66b9027e04bea704b4e5131b9158bccdcfaf232aca8f90e5a04c82076af533d2fba87326d52ebcbcd
SSDEEP

98304:8OnfrJva1ADiCX4fjhJzCftI6Qi9xQzBYNOzCRTPfSIXukw0dW6dhGGr6SHGFcrM:8Of5aWjILh0ftfJ9m3BIHw046dhpEp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-21_2ce0b935416d8c8e4a08f081787317ad_hijackloader_poet-rat_snatch

Files

2024-09-21_2ce0b935416d8c8e4a08f081787317ad_hijackloader_poet-rat_snatch
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 369KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 521KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ