Behavioral task
behavioral1
Sample
HEUR-Backdoor.MSIL.Crysan.gen-387a91f2a3775ee7d2a764fa5219c63478cd497c9a0a5625d63666a7561b2640.exe
Resource
win7-20220901-en
General
-
Target
HEUR-Backdoor.MSIL.Crysan.gen-387a91f2a3775ee7d2a764fa5219c63478cd497c9a0a5625d63666a7561b2640.exe
-
Size
58KB
-
MD5
278a0cd8cf2ad02e2f2b139e78406ac9
-
SHA1
e824197381e55771bf91fe67f3652dd0e75bd4fa
-
SHA256
387a91f2a3775ee7d2a764fa5219c63478cd497c9a0a5625d63666a7561b2640
-
SHA512
31bd692fe817af9de4c4aaf26d4f37011827014cf86f8a08e51e9ec77114f0130dd17dcfb9360bb141e0432f0bd9d6ecf59c609e1bb63bdc496fa0309044fbb4
-
SSDEEP
1536:EuyRNTAGo2s7LI5ymUbZFyn62MHKdVal7:Euy/TAGo2s3I5ymUbZ462Mqval7
Malware Config
Extracted
asyncrat
0.5.7B
Default
92.138.188.75:7006
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
anydesk.exe
-
install_folder
%AppData%
Signatures
Files
-
HEUR-Backdoor.MSIL.Crysan.gen-387a91f2a3775ee7d2a764fa5219c63478cd497c9a0a5625d63666a7561b2640.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ