General
-
Target
IDAT_final_payload_pjoxwh.bin
-
Size
48KB
-
MD5
22aa81b53cc94844e648969679c978c1
-
SHA1
e0938c5518d0263553af3b30415de8bae64b956e
-
SHA256
133471e941bcec6504c129976a52207d0b0d2c7122fc8845a299f385fdd73937
-
SHA512
b9168d975e46f7a2d82d3e0a1b94c0a1f53b2621983d2adb1b824901631f840b46fb4337421e9f064c88414f48ae86c9c60481e9508ae0787ddfc58f36d37383
-
SSDEEP
768:X6T3ILNCKi+DinBLFhCl52iO4Yb0oge0IVg8ykPkvEgK/JnZVc6KNgbVbVbVD:X6YmFKC3bqQV8kcnkJnZVclNgbVbVbVD
Malware Config
Extracted
asyncrat
1.0.7
**** 2828 ****
26agtwins.duckdns.org:9004
sdtyay
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
Files
-
IDAT_final_payload_pjoxwh.bin.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
Imports
mscoree
_CorExeMain
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ