AsyncRAT,DCRat | 3f992a9724fa

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\Client.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	104.50 KB
MD5	e7a068d43b883388322f26512b8c07e6
SHA1	7852efb26c825fdb1f03c74228b94a192c661c92
SHA256	3f992a9724fad98b398c0369e94cf4dc8487015c115eaa7b94261310e1097af9
SSDeep	1536:TS8KrAXzsprs4yV2iBL4B0g1dbq/zsEefusI9sXKG12dzKX3UtpqKmY7:T3KAUY3Bg0Gbq/WpIikdkk2z
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict

Malicious

PE Information

Version Information (11)

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00018E14	0x00019000	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.76
.rsrc	0x0041C000	0x00000DB5	0x00000E00	0x00019200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.03
.reloc	0x0041E000	0x0000000C	0x00000200	0x0001A000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x0001ADDC	0x00018FDC	0x00000000

Memory Dumps (6)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
client.exe	1	0x00BC0000	0x00BDFFFF	Relevant Image	64-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	1	0x1AC6A000	0x1AC6FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1A72D000	0x1A72FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00143000	0x0014FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
client.exe	1	0x00BC0000	0x00BDFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Go to YARA Match Download Dump
client.exe	1	0x00BC0000	0x00BDFFFF	Final Dump	64-bit	-	... Actions Go to Process Go to YARA Match Download Dump

YARA Matches (2)

Rule Name	Rule Description	Classification	Score	Actions
AsyncRAT	AsyncRAT	Backdoor	5/5	... Actions Show Ruleset Show Match
DCRat	DCRat	Spyware	5/5	... Actions Show Ruleset Show Match

f62ed6e6f7162e7886a16bdeb75928e9c72b6b28a4e575ac9ca378854d0c539b

Downloaded File

Text