General
-
Target
install.exe
-
Size
47KB
-
MD5
66910731804a08bab77c51103c8023eb
-
SHA1
7b047f9750b7569004403ddfeb36ece9b3b5f11b
-
SHA256
09effa48cafb7ba5d02f97e1e1dcb2490d387bc02453900fe3bd69e07ca00edf
-
SHA512
7b7699e9f9d3d4fedaf1374c5f3c95b6fd07b6510c0b18fb735caf3776f8bc4ccb1d929a81a44a430c83c6eccbdf92531e03a54aaae8a754d5006eef1b03b8cc
-
SSDEEP
768:3d3PjILweUc+biPMaGnPiicf8Yb/gLpZH/vEgK/J7ZVc6KN:3d39koAzbId1nkJ7ZVclN
Malware Config
Extracted
asyncrat
1.0.7
Default
127.0.0.1:61288
146.70.165.10:61288
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
Windows Update.exe
-
install_folder
%AppData%
Signatures
Files
-
install.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ