arrowrat | bDiL[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

bDiL.exe

windows7-x64

bDiL.exe

windows10-2004-x64

Sharing

Static task

static1

il61hb arrowrat

1 signatures

Behavioral task

behavioral1

Sample

bDiL.exe

Resource

win7-20230220-en

arrowrat il61hb persistence rat

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bDiL.exe

Resource

win10v2004-20230220-en

arrowrat il61hb persistence rat

windows10-2004-x64

12 signatures

150 seconds

General

Target

bDiL.exe
Size

138KB
MD5

fcc0c059b3a4b6f9f865fcde362b9acb
SHA1

23edfe65a519d095ca11f3987bfe6de661953f49
SHA256

17a76858f5bba3812b8f429e261ba0e84baf8197fe1f4478aa6c7adc5d8dd6ff
SHA512

0ebd9972df18c0de58077dceaf0e9618e4e6c004d53775272c8db9613a8db90834e10a255213f55ff492ae489498cc9bdbecf386986cdb1d5a0d2cfe45785b43
SSDEEP

3072:2bvt5mz7Bqh1v59Y08mAjs0Ltel+qOeJHlpV8b+Y/YO:2bv7S7BqjjYHdrqkL/

Score

10^/10

il61hb arrowrat

Malware Config

Extracted

Family

arrowrat

Botnet

IL61HB

C2

windowsii.duckdns.org:1338

Mutex

3W69EU

Signatures

Arrowrat family
arrowrat

Files

bDiL.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy