AnonymousRat[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AnonymousRat.exe
Size

37.8MB
MD5

51285738346f46774e03ea439a61c1b6
SHA1

5a2ee3ce2c9ce0ba92851a5bc43c0ab422c54add
SHA256

c60a7039b637af6417eebe8504e65aa0271e68065c90108bb653859d1109138f
SHA512

9c53be2a773db8ed0d8f06bf289c5ce4aed38a337676d46fcc2c3e813585d39b3bfb176b3538aadf80bc0b4e8c91e6a17ba45fcccdf6d7232fb20859fd209cd0
SSDEEP

786432:Qc7/qSmA60bxsGu+/AxpoOq+AEa53JHfPYMoSwOTyGR5ZHw2HFTqie7UMbMP:Q+mANxsGpYxBq4a53FPJ9SwplOf7jbMP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AnonymousRat.exe

Files

AnonymousRat.exe
.exe windows:4 windows x86

32c5de998b5f069b26c94c8143b13c06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

kernel32

GetModuleFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 36.9MB - Virtual size: 36.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 736KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ