asyncrat | a7775c2796f5f3db57db8fa64d5ab360235bd687dddefe678a9e0804f4a90e51

General

Target

a7775c2796f5f3db57db8fa64d5ab360235bd687dddefe678a9e0804f4a90e51
Size

12KB
MD5

4ab015521e5c09ddcd919c0c325775c2
SHA1

e81953d1ab2e13d21d3093a0a0c5dd7539d925d9
SHA256

a7775c2796f5f3db57db8fa64d5ab360235bd687dddefe678a9e0804f4a90e51
SHA512

b04bbdd7c1cb2aead9e14cb891802de747d0defe74912c0b50de683915c16feaae0a8008d42175283e0951b2fb8213b702addde493b1d4e9a75b7729084c7154
SSDEEP

192:F78Q1DA58XuKNs5TuJzUpF/f2WLi5E9VWvXJtj8M7MNHw0LnKkLXcY:VV185d5i+/G5EKB2jNqkLXB

Score

10^/10

rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/ae549e5f222645c4ec05d5aa5e2f0072f4e668da89f711912475ee707ecc871e	family_asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ae549e5f222645c4ec05d5aa5e2f0072f4e668da89f711912475ee707ecc871e

a7775c2796f5f3db57db8fa64d5ab360235bd687dddefe678a9e0804f4a90e51
.zip

Password: infected
ae549e5f222645c4ec05d5aa5e2f0072f4e668da89f711912475ee707ecc871e
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ