neshta | PentagonRAT v127[.]0[.]0[.]1 (1)[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

PentagonRAT v127.0.0.1 (1).rar
Size

8.7MB
MD5

499ddcea0d3bb79132a57226f98269f2
SHA1

6030f25774c17cd50dc6bc2c4f6bbdffff3285bc
SHA256

326132eeec32efa4efe6a8da0a4c9c8575e19650d9aa9249162e5178d9326769
SHA512

8bab0f0adc73f733bd8b48f6ac00c2d3ce6f40a87d106cce5463d4777766b6faa13acf38e1de07da8738414da7478da3a386fb9442b9f4a0a07e2fca67b2657d
SSDEEP

196608:h9ltMzUMBsYc9lHe1fJ5O4YbKLQg6z6Lb02Aqrva:h9lmUMvulHYJ3YbKcg6+f02lrva

Score

10^/10

neshta

Malware Config

Signatures

Detect Neshta payload 3 IoCs

resource	yara_rule
static1/unpack001/PentagonRAT v127.0.0.1/PentagonRAT.exe	family_neshta
static1/unpack001/PentagonRAT v127.0.0.1/Stub/MemoryDiagnostic.exe	family_neshta
static1/unpack001/PentagonRAT v127.0.0.1/UPX/mpress.exe	family_neshta

Neshta family
neshta

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PentagonRAT v127.0.0.1/Bunifu_UI_v1.52.dll
unpack001/PentagonRAT v127.0.0.1/DevComponents.DotNetBar2.dll
unpack001/PentagonRAT v127.0.0.1/Mono.Cecil.dll
unpack001/PentagonRAT v127.0.0.1/Notificação.dll
unpack001/PentagonRAT v127.0.0.1/PentagonRAT.exe
unpack001/PentagonRAT v127.0.0.1/Plugin/cam.dll
unpack001/PentagonRAT v127.0.0.1/Plugin/ch.dll
unpack001/PentagonRAT v127.0.0.1/Plugin/fm.dll
unpack001/PentagonRAT v127.0.0.1/Plugin/pw.dll
unpack001/PentagonRAT v127.0.0.1/Plugin/sc2.dll
unpack001/PentagonRAT v127.0.0.1/Stub/MemoryDiagnostic.exe
unpack001/PentagonRAT v127.0.0.1/Stub/Security.exe
unpack001/PentagonRAT v127.0.0.1/UPX/mpress.exe

Files

PentagonRAT v127.0.0.1 (1).rar
.rar
PentagonRAT v127.0.0.1/Bunifu_UI_v1.52.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Developer Zoone\Documents\Visual Studio 2013\Projects\Bunifu_Framework\BunifuUI\WindowsFormsControlLibrary1\obj\Release\Bunifu_UI_v1.52.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PentagonRAT v127.0.0.1/DevComponents.DotNetBar2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.textxc
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datax
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PentagonRAT v127.0.0.1/Icones/Control Panel/AuthFWGP_100.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Faultrep_5201.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_139.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_168.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_17.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_240.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_242.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_244.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_5000.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_5001.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_5002.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_5003.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_5004.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_5005.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_5006.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/Printers/prnfldr_5007.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/baaupdate_1.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/explorer_262.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/imageres_27.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/imageres_78.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/imageres_80.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/imageres_87.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/powercfg_202.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/powercpl_506.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/powercpl_507.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/powercpl_512.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/powercpl_513.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/powercpl_514.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/powercpl_515.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/powercpl_516.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/powrprof_512.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/powrprof_513.ico
PentagonRAT v127.0.0.1/Icones/Control Panel/powrprof_514.ico
PentagonRAT v127.0.0.1/Icones/ico/1.ico
PentagonRAT v127.0.0.1/Icones/ico/10.ico
PentagonRAT v127.0.0.1/Icones/ico/11.ico
PentagonRAT v127.0.0.1/Icones/ico/12.ico
PentagonRAT v127.0.0.1/Icones/ico/13.ico
PentagonRAT v127.0.0.1/Icones/ico/14.ico
PentagonRAT v127.0.0.1/Icones/ico/15.ico
PentagonRAT v127.0.0.1/Icones/ico/16.ico
PentagonRAT v127.0.0.1/Icones/ico/17.ico
PentagonRAT v127.0.0.1/Icones/ico/18.ico
PentagonRAT v127.0.0.1/Icones/ico/2.ico
PentagonRAT v127.0.0.1/Icones/ico/3.ico
PentagonRAT v127.0.0.1/Icones/ico/4.ico
PentagonRAT v127.0.0.1/Icones/ico/5.ico
PentagonRAT v127.0.0.1/Icones/ico/6.ico
PentagonRAT v127.0.0.1/Icones/ico/7.ico
PentagonRAT v127.0.0.1/Icones/ico/8.ico
PentagonRAT v127.0.0.1/Icones/ico/9.ico
PentagonRAT v127.0.0.1/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\njq8\Desktop\jbevain-cecil-0.9.5-73-ga5ffcc0\jbevain-cecil-a5ffcc0\obj\net_2_0_Debug\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PentagonRAT v127.0.0.1/Notificação.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\ST\Desktop\notification_src\NotificationWindow\obj\Debug\Notificação.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PentagonRAT v127.0.0.1/PentagonRAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\ISO\SRC - Coringa-RAT 0.3\Coringa-RAT\obj\Debug\PentagonRAT.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PentagonRAT v127.0.0.1/Plugin/cam.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PentagonRAT v127.0.0.1/Plugin/ch.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PentagonRAT v127.0.0.1/Plugin/fm.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PentagonRAT v127.0.0.1/Plugin/pw.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PentagonRAT v127.0.0.1/Plugin/sc2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PentagonRAT v127.0.0.1/Stub/MemoryDiagnostic.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PentagonRAT v127.0.0.1/Stub/Security.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\ISO\SRC - Coringa-RAT 0.3\Stub\obj\Debug\Security.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PentagonRAT v127.0.0.1/Terror/01.jpg
.jpg
PentagonRAT v127.0.0.1/Terror/02.jpg
.jpg
PentagonRAT v127.0.0.1/Terror/03.jpg
.jpg
PentagonRAT v127.0.0.1/Terror/04.jpg
.jpg
PentagonRAT v127.0.0.1/Terror/05.jpg
.jpg
PentagonRAT v127.0.0.1/Terror/06.jpg
.jpg
PentagonRAT v127.0.0.1/Terror/07.png
.png
PentagonRAT v127.0.0.1/Terror/08.gif
.gif
PentagonRAT v127.0.0.1/UPX/mpress.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 230KB - Virtual size: 229KB

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.textxc Size: 4.9MB - Virtual size: 4.9MB

.datax Size: 4KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 86B

.reloc Size: 4KB - Virtual size: 12B

.rsrc Size: 4KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 303KB - Virtual size: 302KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 26KB - Virtual size: 26KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.sdata Size: 512B - Virtual size: 312B

.rsrc Size: 44KB - Virtual size: 44KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 61KB - Virtual size: 61KB

.rsrc Size: 512B - Virtual size: 512B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 11KB

.text
Size: 230KB - Virtual size: 229KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.textxc
Size: 4.9MB - Virtual size: 4.9MB

.datax
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 86B

.reloc
Size: 4KB - Virtual size: 12B

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 303KB - Virtual size: 302KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 6.9MB - Virtual size: 6.9MB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 44KB - Virtual size: 44KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 61KB - Virtual size: 61KB

.rsrc
Size: 512B - Virtual size: 512B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 512B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 512B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 29KB - Virtual size: 28KB

DATA
Size: 1024B - Virtual size: 536B

BSS
Size: - Virtual size: 42KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 97KB - Virtual size: 96KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 231KB - Virtual size: 230KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 29KB - Virtual size: 28KB

DATA
Size: 1024B - Virtual size: 536B

BSS
Size: - Virtual size: 42KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB