2024-10-09_4e123fef9970ea0efced14ab93e3953c_poet-rat_snatch | Triage

Sharing

General

Target

2024-10-09_4e123fef9970ea0efced14ab93e3953c_poet-rat_snatch
Size

6.5MB
MD5

4e123fef9970ea0efced14ab93e3953c
SHA1

4e5ab64ff974b7b16658e0368d6992041dcaa1dd
SHA256

845a364c8ff294721f875ca7895ff1417b0bd51eaab3268d42eb2223185e04ae
SHA512

5661ab56b5c68cb926935f5cc2f68ed3178946fb90898cd6373541d613dd95fe0bc56356a037cb20f6cfc16d3808ff73ff098afb0bbe146f5852ab39666110fd
SSDEEP

98304:NEY/ZX7SimWWgOsdE4nv6etBgonhAShQFy9yX3:NEYBX7bmWWyCehhASmwW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-09_4e123fef9970ea0efced14ab93e3953c_poet-rat_snatch

Files

2024-10-09_4e123fef9970ea0efced14ab93e3953c_poet-rat_snatch
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_cgo_panic
_cgo_topofstack
authorizerTrampoline
callbackTrampoline
commitHookTrampoline
compareTrampoline
crosscall2
doneTrampoline
rollbackHookTrampoline
stepTrampoline
updateHookTrampoline

Sections

.MPRESS1
Size: 6.4MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE