DemonicRat[.]exe | Triage

Sharing

General

Target

DemonicRat.exe
Size

92.2MB
MD5

a14eceecde0122a246d1fa026f8bd7b7
SHA1

ab10f646cd84da146bff2a7b2659515d4ea6e45a
SHA256

2ad1440758ab2ea7297a288ed1b018444054dbc82f67a7fe9e888151cd19f25c
SHA512

d489205ff29c0506b198d684a443825399ddf7383d5fc026acad579e98852ac1c3772c31d50993c0546502fb9ce413fdc807bee8beeadcc9fd514b39e6b1229b
SSDEEP

49152:2hpWTHXw/twZXyD8GAVVBWpJ87xTrJZIJ87xTRW0I4anWY9BW9twZXyD8GAVVBWE:

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DemonicRat.exe

Files

DemonicRat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92.2MB - Virtual size: 92.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ