asyncrat | fixer[.]exe | Triage

Sharing

General

Target

fixer.exe
Size

49KB
MD5

041086a69579dc26514645814a4bba5c
SHA1

07c7bf2bf5953ba3369ab727ff8a06e93fc2ccfd
SHA256

c633b31880ac53ee6282c0d7a7daae5c9ecc024055de85b77a17ffe9be5ebe08
SHA512

07a18aa25f2b201613e26c5c50aef20b8d2d77b2a89ac983ee00d4ed223f6dbdec424b673735baa22b76d6fb31367de912ad56e8066c8e470bcb886e1959dd77
SSDEEP

768:aBxKJlVRLxt5A0fjXiqVNcr4Lp2FimUbgCxB/yzuoxGZkpqKYhY7:f37/jXi+L7NECvyzz4kpqKmY7

Score

10^/10

rat asyncrat

Malware Config

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fixer.exe

Files

fixer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ