TS-240217-14-XenoRAT-659bd6[.]exe[.]vir | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TS-240217-14-XenoRAT-659bd6.exe.vir
Size

45KB
MD5

ea148b6c80a3aa88b66bcc0739f15c17
SHA1

659bd61cd32252e5409c119efae8ea2d45d15f7f
SHA256

f1e9f62cc55b275c853ebe69f0b19a221106d9f3c466a299b39c5abc75111b50
SHA512

ccd27e616366ea196f36cc6a7adf5becb5f499d56b07f68aadc9b9bfe3cada2b444d137dba8f8b8111203b05b336c9ccc4db1b379f9f6577648fdebda6d3f829
SSDEEP

768:WdhO/poiiUcjlJInon+eP3H9Xqk5nWEZ5SbTDa7uI7CPW5I:Aw+jjgn+H9XqcnW85SbTuuIQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TS-240217-14-XenoRAT-659bd6.exe.vir

Files

TS-240217-14-XenoRAT-659bd6.exe.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ