QuasarRAT.v1 | 5f32994ba6ed

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\kEecfMwgj\Desktop\explorer.exe

Sample File

Binary

Also Known As	C:\Windows\system32\explorer\explorer.exe (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	3.13 MB
MD5	37ff611acff052ee0564c5b0f2cb699d
SHA1	c15667c4437bae6684b51a289d7b8f732264f9f5
SHA256	5f32994ba6ed6ae9e0e77f719c38578d62fa20e17e6120a2adede2671dc7c5cc
SSDeep	49152:Mv+I22SsaNYfdPBldt698dBcjHfPVimCtLoGJZTHHB72eh2NT:Mvz22SsaNYfdPBldt6+dBcjHfPVE
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Version Information (11)

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x0031C404	0x0031C600	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.08
.rsrc	0x00720000	0x00005BD0	0x00005C00	0x0031C800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.1
.reloc	0x00726000	0x0000000C	0x00000200	0x00322400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.08

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x0031E3D4	0x0031C5D4	0x00000000

Memory Dumps (10)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
explorer.exe	1	0x001E0000	0x00507FFF	Relevant Image	64-bit	-	... Actions Go to Process Go to YARA Match Download Dump
explorer.exe	1	0x001E0000	0x00507FFF	Final Dump	64-bit	-	... Actions Go to Process Go to YARA Match Download Dump
explorer.exe	4	0x00E00000	0x01127FFF	Relevant Image	64-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	4	0x1BFDA000	0x1BFDFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	4	0x1B3DF000	0x1B3DFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	4	0x1BB16000	0x1BB1FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	4	0x1AA2D000	0x1AA2FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	4	0x00140000	0x0014FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
explorer.exe	4	0x00E00000	0x01127FFF	First Network Behavior	64-bit	-	... Actions Go to Process Go to YARA Match Download Dump
explorer.exe	4	0x00E00000	0x01127FFF	Final Dump	64-bit	-	... Actions Go to Process Go to YARA Match Download Dump

YARA Matches (1)

Rule Name	Rule Description	Classification	Score	Actions
QuasarRAT	QuasarRAT	Backdoor	5/5	... Actions Show Ruleset Show Match

b1ddae9103ff37040266924c81735aec0dba1fc209179dfd2e8396bb7804f32d

Extracted File

Image

Parent File	C:\Users\kEecfMwgj\Desktop\explorer.exe
MIME Type	image/png
File Size	4.97 KB
MD5	fa8df37350b25ff8773d6fef854a1b76
SHA1	35d1d0fb96509364855b9ec318dd3554f4359add
SHA256	b1ddae9103ff37040266924c81735aec0dba1fc209179dfd2e8396bb7804f32d
SSDeep	96:dPHOYAKLuKZdwJ4iP0c0lSX2iiiiiii+KyonT2hBJtF5gMVDAK2B:dOBKZdwUGXKKyoTQF5gM2
ImpHash	-