irata | release[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

release.exe
Size

99.1MB
MD5

1e2b28d4b45b8eb708fe85acbc3e1bc7
SHA1

3f12cb10adf03efd6b94239943441841f79147bf
SHA256

e5664ebac656206a3b6abc4610f6c2aae275e51e420d38fe6dbd04535105a884
SHA512

a913a7e90eb95522f3c4e6aaa52aa1a62c878af5910ed6999576f864b7d6da2730e19790741268b6a8497968966022fe076cbd5eda505cd55422b9c595ee12ef
SSDEEP

393216:WYsmngFeXs0Wh+AMIoDYlUbgWXwfyDrfXJUDDQjs2IXf:gmNyh+u8Yl+gWXJDrfZiDQQ2

Score

10^/10

irata

Malware Config

Signatures

Irata family
irata

Irata payload 1 IoCs

resource	yara_rule
sample	family_irata4

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
release.exe

Files

release.exe
.exe windows:6 windows x64 arch:x64

4da1b94d4b556b29619f62d82371e84e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

python311

PyExc_ConnectionAbortedError
PyExc_TimeoutError
PySet_Type
PyExc_NameError
PyExc_IOError
PyFilter_Type
PyFrozenSet_Type
PyExc_RecursionError
PyExc_EnvironmentError
PyExc_WindowsError
PyExc_MemoryError
PyExc_UnboundLocalError
PyExc_BlockingIOError
PyObject_GetAttr
PyExc_BrokenPipeError
PyComplex_Type
PyNumber_Positive
PySuper_Type
PyExc_FileExistsError
PyExc_BufferError
PyUnicode_AsUTF8
PyLong_AsLong
PyList_Size
PyList_SetSlice
PyDict_DelItemString
PyStatus_Exception
PyWideStringList_Append
PyConfig_SetString
PyConfig_SetArgv
PyErr_SetInterrupt
Py_SetProgramName
Py_InitializeFromConfig
Py_ExitStatusException
PySys_SetArgv
_PyWarnings_Init
_PyRuntime_Initialize
_PyConfig_InitCompatConfig
Py_DebugFlag
Py_VerboseFlag
Py_InteractiveFlag
Py_InspectFlag
Py_OptimizeFlag
Py_NoSiteFlag
Py_BytesWarningFlag
Py_FrozenFlag
Py_IgnoreEnvironmentFlag
Py_DontWriteBytecodeFlag
Py_NoUserSiteDirectory
Py_UTF8Mode
PyImport_FrozenModules
PyMem_Malloc
PyMem_Free
PyMem_GetAllocator
PyObject_GetBuffer
PyBuffer_Release
PyType_Ready
PyObject_Str
PyObject_RichCompare
PyObject_RichCompareBool
PyObject_SetAttrString
PyObject_SelfIter
PyObject_GenericSetAttr
PyObject_IsTrue
PyCallable_Check
PyObject_ClearWeakRefs
_Py_Dealloc
PyObject_Realloc
PyObject_Free
PyObject_InitVar
_PyObject_New
_PyObject_GC_Resize
_PyObject_GC_NewVar
PyObject_GC_Del
PyByteArray_FromStringAndSize
PyBytes_FromString
PyBytes_AsString
_PyBytes_Resize
PyUnicode_FromStringAndSize
PyUnicode_FromEncodedObject
PyUnicode_InternInPlace
PyUnicode_FromWideChar
PyUnicode_AsWideCharString
PyUnicode_FromOrdinal
PyUnicode_DecodeUTF8
PyUnicode_Concat
PyUnicode_FindChar
PyUnicode_RichCompare
PyUnicode_Format
PyUnicode_New
_PyUnicode_Ready
PyLong_AsLongAndOverflow
PyLong_AsSsize_t
PyLong_FromString
PyLong_FromUnicodeObject
PyExc_KeyboardInterrupt
_PyLong_Copy
PyFloat_FromString
PyFloat_FromDouble
PyComplex_FromDoubles
PyTuple_New
_PyTuple_MaybeUntrack
PyList_New
PyList_Append
PyList_Sort
PyDict_New
PyDict_GetItem
PyDict_GetItemString
PyDict_SetItemString
_PyDict_MaybeUntrack
_PySet_NextEntry
PyCMethod_New
PyModule_NewObject
PyModule_GetName
PyModule_GetFilenameObject
PyModule_GetDef
PyCode_NewWithPosOnlyArgs
PyCode_Addr2Line
PyErr_WarnEx
_PyWeakref_ClearRef
PyErr_ExceptionMatches
PyErr_BadArgument
PyErr_NoMemory
PyErr_SetFromErrno
PyOS_snprintf
_PyErr_FormatFromCause
_PyErr_WriteUnraisableMsg
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
Py_BuildValue
PyModule_ExecDef
PyModule_FromDefAndSpec2
_PyArg_NoKeywords
PyErr_Print
Py_CompileStringExFlags
PyEval_EvalCodeEx
PyEval_GetFuncName
PyEval_RestoreThread
_PyEval_EvalFrameDefault
PySys_WriteStderr
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_GetModuleDict
PyImport_ImportModule
PyImport_ImportFrozenModule
_PyImport_FixupExtensionObject
PyObject_Call
PyObject_CallFunction
PyObject_CallFunctionObjArgs
PyObject_CallMethodObjArgs
PyObject_GetIter
PyIter_Next
PyIter_Send
PyNumber_Add
PyNumber_Subtract
PyNumber_FloorDivide
PyNumber_Float
PyNumber_InPlaceAdd
PyNumber_InPlaceLshift
PyNumber_InPlaceOr
PyNumber_ToBase
PySequence_List
PySequence_InPlaceConcat
PyMapping_Check
PyObject_LengthHint
PyMarshal_ReadObjectFromString
_PyErr_ChainStackItem
_PyErr_NormalizeException
_PyByteArray_empty_string
PyDictKeys_Type
PyDictValues_Type
PyDictItems_Type
PyModuleDef_Type
PyFunction_Type
PyMethod_Type
PyCode_Type
PyFrame_Type
PyTraceBack_Type
PyEllipsis_Type
PyCallIter_Type
PyGen_Type
PyCoro_Type
PyAsyncGen_Type
_PyAsyncGenWrappedValue_Type
Py_GenericAliasType
_PyWeakref_RefType
_PyWeakref_ProxyType
_PyWeakref_CallableProxyType
PyExc_ImportWarning
_Py_PackageContext
PySlice_Type
PyExc_UnicodeEncodeError
PyExc_LookupError
PyExc_StopAsyncIteration
PyExc_ConnectionResetError
PyFrozenSet_New
PyExc_ConnectionError
_Py_EllipsisObject
PyExc_SystemExit
PyDict_Update
_PyObject_FunctionStr
PyExc_ModuleNotFoundError
PyObject_Dir
PyBool_Type
PyExc_UnicodeError
PyExc_FileNotFoundError
PyReversed_Type
PyNumber_Invert
PyFloat_Type
PyExc_UnicodeDecodeError
PyExc_PermissionError
PyDict_Type
_Py_NotImplementedStruct
PySet_Contains
PyLong_FromVoidPtr
PySet_Add
PySet_New
PyMap_Type
PyProperty_Type
PyObject_DelItem
PyObject_SetAttr
PyExc_EOFError
PyExc_Exception
PyExc_BaseException
PyExc_NotImplementedError
PyExc_SyntaxError
PyEnum_Type
PyTuple_Type
PyUnicode_Join
PyByteArray_FromObject
PyObject_Repr
PyRange_Type
PyLong_Type
PyDict_DelItem
PyExc_ZeroDivisionError
PyExc_RuntimeError
PyExc_ImportError
PyBytes_Type
PyByteArray_Type
PyExc_GeneratorExit
PyObject_IsSubclass
PyObject_GetItem
PyErr_WriteUnraisable
PyMemoryView_Type
PySequence_Tuple
PyDict_MergeFromSeq2
PyDict_Merge
PyNumber_Negative
PyZip_Type
PyExc_OverflowError
PyUnicode_FromFormat
_PyRuntime
PyExc_AssertionError
PyExc_StopIteration
PySeqIter_Type
PySequence_Check
PyEval_AcquireThread
PyEval_SaveThread
Py_MakePendingCalls
Py_Exit
PyExc_IndexError
PyList_Type
PyObject_SetItem
PyLong_FromSsize_t
PyNumber_Long
PyExc_ValueError
PyExc_KeyError
PyExc_OSError
PyModule_Type
PyUnicode_Type
PySequence_Contains
PyNumber_AsSsize_t
PyErr_PrintEx
Py_GenericAlias
PyModule_GetDict
PyUnicode_Find
PyUnicode_GetLength
PyUnicode_Substring
PyObject_GetAttrString
PyType_IsSubtype
PyExc_TypeError
PyExc_SystemError
PyExc_AttributeError
PyCFunction_Type
_Py_NoneStruct
PyBaseObject_Type
PyType_Type
PyObject_IsInstance
PyErr_Format
_PyDict_NewPresized
PyDict_SetItem
_PyType_Lookup
_Py_TrueStruct
_Py_FalseStruct
PySys_SetObject
PySys_GetObject
PyStructSequence_New
PyStructSequence_InitType
PyCapsule_New
PyUnicode_FromString
_PyLong_New

kernel32

WriteConsoleW
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
GetFileType
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetStdHandle
SetConsoleCtrlHandler
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
RtlPcToFileHeader
RaiseException
EncodePointer
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetEnvironmentVariableA
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
FindResourceA
FormatMessageA
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCurrentProcessId
SetErrorMode
WriteFile
GetShortPathNameW
CreateFileW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetDllDirectoryW
OpenProcess
CreateThread
ExitProcess
Sleep
WaitForSingleObject
GetLastError
CloseHandle
SetStdHandle

Sections

.text
Size: 75.7MB - Virtual size: 75.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 958KB - Virtual size: 958KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21.4MB - Virtual size: 21.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4da1b94d4b556b29619f62d82371e84e

Headers

DLL Characteristics

File Characteristics

Imports

python311

kernel32

Sections

.text Size: 75.7MB - Virtual size: 75.7MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 126KB - Virtual size: 2.3MB

.pdata Size: 958KB - Virtual size: 958KB

.rsrc Size: 21.4MB - Virtual size: 21.4MB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 75.7MB - Virtual size: 75.7MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 126KB - Virtual size: 2.3MB

.pdata
Size: 958KB - Virtual size: 958KB

.rsrc
Size: 21.4MB - Virtual size: 21.4MB

.reloc
Size: 9KB - Virtual size: 8KB