venomrat | e33cb42b50d6d18a3f72389f7ddc144482c3f7303d21722ffe393e19e46f877e

Sharing

Copy URL

Twitter E-mail

General

Target

e33cb42b50d6d18a3f72389f7ddc144482c3f7303d21722ffe393e19e46f877e
Size

351KB
MD5

282281b735c69aa31a6037a02ad3c836
SHA1

0a599c2b1920047e1d4f4a32d8d634940fbbdfa9
SHA256

e33cb42b50d6d18a3f72389f7ddc144482c3f7303d21722ffe393e19e46f877e
SHA512

fa9c3794ca2c0769d79cbbeb2647bd5cb7be3931e8a6f2ccdbe2aa22d174578be3d9b281a3246ce5c7129deebb4a0c16e90a38a2665946b580e400d2956abbb3
SSDEEP

6144:UeWrvP5mj3XyyY0Pvo6i8GLGKlUgpApMOTf5fSPMVd5mb84qOaQi:UeWrH5mjzo6V0lUwASOj5fP5j4qPQi

Score

10^/10

rat venomrat

Malware Config

Signatures

VenomRAT 1 IoCs
Detects VenomRAT.
rat

Processes:

resource yara_rule

sample VenomRAT
Venomrat family
venomrat

resource	yara_rule
sample	VenomRAT

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
e33cb42b50d6d18a3f72389f7ddc144482c3f7303d21722ffe393e19e46f877e

Files

e33cb42b50d6d18a3f72389f7ddc144482c3f7303d21722ffe393e19e46f877e
.exe windows:6 windows x86 arch:x86

ca42d79bff41dd6faae2d2ba487ff6cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\noure\Desktop\Process-Hollowing-main\Source\Release\Process Hollowing.pdb

Imports

kernel32

GetModuleFileNameW
WaitForSingleObject
CloseHandle
CreateProcessW
GetExitCodeProcess
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapValidate
GetSystemInfo
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
WriteConsoleW
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW

Sections

.text
Size: 199KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca42d79bff41dd6faae2d2ba487ff6cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 199KB - Virtual size: 200KB

.rdata Size: 61KB - Virtual size: 64KB

.data Size: 80KB - Virtual size: 84KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 199KB - Virtual size: 200KB

.rdata
Size: 61KB - Virtual size: 64KB

.data
Size: 80KB - Virtual size: 84KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB