Malicious
Classifications
Backdoor
Threat Names
QuasarRAT xRAT Mal/Generic-S QuasarRAT.v1
Dynamic Analysis Report
Created on 2024-05-24T04:31:38+00:00
Client.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\Client.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x79007BF0 |
Size Of Code | 0x00056800 |
Size Of Initialized Data | 0x00000A00 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2018-05-04 16:29 (UTC) |
Version Information (7)
»
FileDescription | |
FileVersion | 1.3.0.0 |
InternalName | Client.exe |
LegalCopyright | |
OriginalFilename | Client.exe |
ProductVersion | 1.3.0.0 |
Assembly Version | 1.3.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x00056724 | 0x00056800 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.43 |
.rsrc | 0x0045A000 | 0x00000800 | 0x00000800 | 0x00056A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.71 |
.reloc | 0x0045C000 | 0x0000000C | 0x00000200 | 0x00057200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x000586F0 | 0x000568F0 | 0x00000000 |
YARA Matches (2)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
xRAT_1 | xRAT malware | Backdoor |
5/5
|
...
|
QuasarRAT | QuasarRAT | Backdoor |
5/5
|
...
|