venomrat | f33f55bc2eeb3926459be0ee9dcb024f27e31b752a5dbb753c546ce46684503c

Sharing

Copy URL

Twitter E-mail

General

Target

f33f55bc2eeb3926459be0ee9dcb024f27e31b752a5dbb753c546ce46684503c
Size

2.4MB
MD5

36ae45161a9e2b60025b91fae42f1352
SHA1

8e0faf735dfbed33027803db4fbb99321b3a25fb
SHA256

f33f55bc2eeb3926459be0ee9dcb024f27e31b752a5dbb753c546ce46684503c
SHA512

b69b55d8e0b9e5ec85dee62c5a146362c7f735e3d1b85b13841357b9d9fd22c7aeff21b118965d12b906cde642b12c3cc339b7931672ee508774ea4988dff1ce
SSDEEP

24576:BLYWtE02Ew7cnLt3t7tPEI2qasfsFQwusvB+jW8eydsvTj+pZBuZBDZBqZBp:B3dpsQwL8eK3A7I

Score

10^/10

rat venomrat

Malware Config

Signatures

VenomRAT 1 IoCs
Detects VenomRAT.
rat

Processes:

resource yara_rule

sample VenomRAT
Venomrat family
venomrat

resource	yara_rule
sample	VenomRAT

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
f33f55bc2eeb3926459be0ee9dcb024f27e31b752a5dbb753c546ce46684503c

Files

f33f55bc2eeb3926459be0ee9dcb024f27e31b752a5dbb753c546ce46684503c
.dll windows:4 windows x86 arch:x86

82d7ac56626e8ad4c66fc376101214b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
TermsrvSetValueKey
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
CreateHardLinkTransactedA
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
TermsrvSetValueKey
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
Basep8BitStringToDynamicUnicodeString
SystemTimeToTzSpecificLocalTime
RegEnumValueW
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
BeginUpdateResourceA
CreateHardLinkTransactedA
SystemTimeToTzSpecificLocalTime
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
IsValidLocale
IsValidLocale
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
SystemTimeToTzSpecificLocalTime
TermsrvSetValueKey
TermsrvSetValueKey
SystemTimeToTzSpecificLocalTime
ConvertFiberToThread
SystemTimeToTzSpecificLocalTime
GetMemoryErrorHandlingCapabilities
BasepCopyEncryption
SystemTimeToTzSpecificLocalTime
BuildCommDCBW
CreateHardLinkTransactedA
SetTimerQueueTimer
SystemTimeToTzSpecificLocalTime
BeginUpdateResourceA
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SetLocaleInfoW
GetMemoryErrorHandlingCapabilities
SystemTimeToTzSpecificLocalTime
GetFullPathNameA
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
CreateWaitableTimerExW
CreateWaitableTimerExW
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
BaseVerifyUnicodeString
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
TermsrvSetValueKey
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
CreateHardLinkTransactedA
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
TermsrvSetValueKey
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
Basep8BitStringToDynamicUnicodeString
SystemTimeToTzSpecificLocalTime
RegEnumValueW
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
BeginUpdateResourceA
CreateHardLinkTransactedA
SystemTimeToTzSpecificLocalTime
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
IsValidLocale
IsValidLocale
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
TermsrvSetValueKey
SystemTimeToTzSpecificLocalTime
TermsrvSetValueKey
TermsrvSetValueKey
SystemTimeToTzSpecificLocalTime
ConvertFiberToThread
SystemTimeToTzSpecificLocalTime
GetMemoryErrorHandlingCapabilities
BasepCopyEncryption
SystemTimeToTzSpecificLocalTime
BuildCommDCBW
CreateHardLinkTransactedA
SetTimerQueueTimer
SystemTimeToTzSpecificLocalTime
BeginUpdateResourceA
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SetLocaleInfoW
GetMemoryErrorHandlingCapabilities
SystemTimeToTzSpecificLocalTime
GetFullPathNameA
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
CreateWaitableTimerExW
CreateWaitableTimerExW
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTime
BaseVerifyUnicodeString
SystemTimeToTzSpecificLocalTime

gdi32

CreateHatchBrush
GdiTrackHDelete
GdiTrackHDelete
GdiTrackHDelete
GdiTrackHDelete
CreateHatchBrush
GdiTrackHDelete
GdiTrackHDelete
GdiTrackHDelete
GdiTrackHDelete

mscoree

StrongNameErrorInfo
StrongNameErrorInfo
ND_WI8
ND_WI8
GetHashFromAssemblyFileW
GetHashFromAssemblyFileW
GetHashFromBlob
GetHashFromFile
GetHashFromFile
GetHashFromFile
GetHashFromFile
GetHashFromFile
GetHashFromFile
GetHashFromFileW
StrongNameGetBlob
StrongNameKeyDelete
StrongNameSignatureVerificationEx
ND_WI8
ND_WI8
StrongNameTokenFromAssembly
StrongNameTokenFromAssembly
StrongNameTokenFromAssembly

kernelbase

DeleteTimerQueueEx
DeleteTimerQueueEx
DeleteTimerQueueEx
DeleteTimerQueueEx

advapi32

AuditLookupCategoryIdFromCategoryGuid
AuditLookupCategoryIdFromCategoryGuid

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82d7ac56626e8ad4c66fc376101214b1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

mscoree

kernelbase

advapi32

Sections

.text Size: 248KB - Virtual size: 248KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 248KB - Virtual size: 248KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 2.1MB - Virtual size: 2.1MB