babylonrat | 59c229ec321e2aac11ce56baddadcc50N | Triage

Sharing

General

Target

59c229ec321e2aac11ce56baddadcc50N
Size

733KB
MD5

59c229ec321e2aac11ce56baddadcc50
SHA1

76ca8a9d32fd60c2a392e2268f6ff6f8d0034c52
SHA256

c7a0cde23642b5f727902fc5ce1ee2d0f38d865dd0aa4223851e6985f331542f
SHA512

3a77072788b8ef978a03e2734c72a7d526a720f3dfb0f58fd546cdd15848ebe0497cc1563539b14130f7b20945a1f8ddf3f534da56a5f8d1dbbbeefb1d029172
SSDEEP

12288:8qzcpVgUXzL0TTUKZHTNloEkOpnKgofuIwV6eAj0SZxxXMcEen3paPcg:8qzcpKIL0TvZzNlNky0wVW0SZxJVg

Score

10^/10

babylonrat

Malware Config

Signatures

Babylonrat family
babylonrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59c229ec321e2aac11ce56baddadcc50N

Files

59c229ec321e2aac11ce56baddadcc50N
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ