asyncrat | (run first)EAC_Bypass[.]exe | Triage

Resubmissions

10-01-2025 21:15

250110-z35dkaxpdw 10

10-01-2025 21:00

250110-ztfzlsxkev 10

Sharing

General

Target

(run first)EAC_Bypass.exe
Size

145KB
MD5

f8379eded206a33cdaf4e00022c40401
SHA1

e153220ffbe0f0197c39adf7fecacf0ee4727a4b
SHA256

7009882daa758d48b5eecc34009ae9fe2d3b105cf223f27e2d860d6e142e1e36
SHA512

d9e4206111c5e84789ed519693824ca9a5c86e40e92a1776071803920276199c7a78e2ac95a292026380ce4b26322a10f9b0d1b68b6ad78619439c2b87abc43d
SSDEEP

3072:8/hBr0t/UvicxNV+s6K+BXNRuLQJ+cS+KyPMwtqmSiVH1bfWwckYyJQ5EPy9VYD7:v/sV+s6K+BXNRuLQJ+cS+KyPMwkmSsV6

Score

10^/10

rat asyncrat

Malware Config

Signatures

Async RAT payload 1 IoCs

resource	yara_rule
sample	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
(run first)EAC_Bypass.exe

Files

(run first)EAC_Bypass.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\7-25-24\User\source\repos\AIOLauncher\AIOLauncher\obj\Release\AIOLauncher.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ