General
-
Target
download_reversed_27.exe
-
Size
63KB
-
MD5
cfa3c233dbdff5cf57692484c4e50e6a
-
SHA1
80b81f812a3378a4279c680e2ee6b307a9ce14d8
-
SHA256
db4ded7e203382cf90c69455577a23e0526a1b86b95675e59d7ede2362cce2c8
-
SHA512
1aa55705ebb32c281990cacfa6246fda738d33c343f4e62a6078a53630e344d3be7a07858cc5f53ab5a83b4b113a7fd51fced86da213f828dd5d38534a741c37
-
SSDEEP
1536:TmImx6tX2kNff4sKu+UYFLCAOAfbaAPbF6VxnSrPlTGlx:Tm9x6tmkN7Ku+UYFOAffbaBVxSdmx
Malware Config
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
27 27 27 27
wins26junspam.duckdns.org:9003
AsyncMutex_6SIkaPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
Files
-
download_reversed_27.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ