arrowrat | 4292-137-0x0000000000400000-0x000000000042E000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

4292-137-0...ry.exe

windows7-x64

4292-137-0...ry.exe

windows10-2004-x64

Sharing

Static task

static1

client arrowrat

1 signatures

Behavioral task

behavioral1

Sample

4292-137-0x0000000000400000-0x000000000042E000-memory.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

4292-137-0x0000000000400000-0x000000000042E000-memory.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

4292-137-0x0000000000400000-0x000000000042E000-memory.dmp
Size

184KB
MD5

daf6c599d0f3ab3ddf5208ec164df208
SHA1

3b2ca6d6d3a5b605c79620c4ed46a0a1a0774de7
SHA256

e6ecf5303389e5f97dea2cc998813dc8431887f23ced84365c51914acf935d2a
SHA512

31209fd6336adf88d222b0cc55ad9928ce2630aaa3557e531f87d1839090e463e10f4e0a78343db1b647f643aca5b103eb9ed8b53a339a1b7eb7782c1cd16b50
SSDEEP

3072:VbRJ+0OoCthfbEFtbcfjF45gjryKKqH6JY2doszEmQotEPPcfP98a8Y:VbR80ODhTEPgnjuIJzo+PPcfPV8

Score

10^/10

client arrowrat

Malware Config

Extracted

Family

arrowrat

Botnet

Client

C2

20.100.171.81:1337

Mutex

XWIEUOzKz

Signatures

Arrowrat family
arrowrat

Files

4292-137-0x0000000000400000-0x000000000042E000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy