asyncrat | d1cc9c3dfe7a71d641ead1f15911a697b5daa63a6a2ce7030a22d947d9847d91[.]exe | Triage

Sharing

General

Target

d1cc9c3dfe7a71d641ead1f15911a697b5daa63a6a2ce7030a22d947d9847d91.exe
Size

340KB
MD5

71beab388a6fe442ce8736ca8625dd72
SHA1

c594208ed681009338833ef4baa1b43e4f3ff7cf
SHA256

d1cc9c3dfe7a71d641ead1f15911a697b5daa63a6a2ce7030a22d947d9847d91
SHA512

9f6764899ee48ac3cc23cdfd18ef5289565d351c172e08b2699dc455986f6705f98de4d46a015ece1b0f04c1212642e4a121f4e0cd65fbfef49cd73ac9e569a5
SSDEEP

6144:m7xbOgrqt8NiB/gzKETwEMATGKi5fbAl/yEaqne0Z07a7igtEZ:mat8NiVcTwYiKakk/90btEZ

Score

10^/10

rat vmprotect asyncrat

Malware Config

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	asyncrat

Asyncrat family
asyncrat

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1cc9c3dfe7a71d641ead1f15911a697b5daa63a6a2ce7030a22d947d9847d91.exe

Files

d1cc9c3dfe7a71d641ead1f15911a697b5daa63a6a2ce7030a22d947d9847d91.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ