Try VMRay Platform
Malicious
Classifications

Backdoor

Threat Names

QuasarRAT xRAT Mal/Generic-S QuasarRAT.v1

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\Client.exe Sample File Binary
Malicious
»
MIME Type application/vnd.microsoft.portable-executable
File Size 349.00 KB
MD5 54b8f756beb83bbbb5a1941e9abc5f1c Copy to Clipboard
SHA1 3b27d4d314483e4123a1642c98dfd6e2306392b5 Copy to Clipboard
SHA256 601768671271d499533a4360f1272fdb5a86ce4c87649811b80fc463422dff41 Copy to Clipboard
SSDeep 6144:4KMJx4pweP7kJS3ieCxMNr3jOyCJIZO6SVkDtOkb102ofRili6d96:4KoSF/TOnJIc6S6DtOkUZiUA96 Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x79007BF0
Size Of Code 0x00056800
Size Of Initialized Data 0x00000A00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2018-05-04 16:29 (UTC)
Version Information (7)
»
FileDescription
FileVersion 1.3.0.0
InternalName Client.exe
LegalCopyright
OriginalFilename Client.exe
ProductVersion 1.3.0.0
Assembly Version 1.3.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x00056724 0x00056800 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.43
.rsrc 0x0045A000 0x00000800 0x00000800 0x00056A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.71
.reloc 0x0045C000 0x0000000C 0x00000200 0x00057200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x000586F0 0x000568F0 0x00000000
YARA Matches (2)
»
Rule Name Rule Description Classification Score Actions
xRAT_1 xRAT malware Backdoor
5/5
QuasarRAT QuasarRAT Backdoor
5/5
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image