Malicious
Classifications
Backdoor
Threat Names
AsyncRAT.v057B AsyncRAT Mal/Generic-S
Dynamic Analysis Report
Created on 2022-08-05T12:17:19+00:00
45e87ee0b025a7e4a783a6786564982e7735c8c50d0b3d84a3d5dd90ce735cfe.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\45e87ee0b025a7e4a783a6786564982e7735c8c50d0b3d84a3d5dd90ce735cfe.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x0040D0AE |
Size Of Code | 0x0000B200 |
Size Of Initialized Data | 0x00000C00 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2020-05-10 07:24 (UTC+2) |
Version Information (11)
»
Comments | |
CompanyName | Microsoft Corporation |
FileDescription | Host Process for Windows Services |
FileVersion | 10.0.19041.1 |
InternalName | |
LegalCopyright | Microsoft® |
LegalTrademarks | |
OriginalFilename | |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 10.0.19041.1 |
Assembly Version | 10.0.19041.1 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x0000B0B4 | 0x0000B200 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.62 |
.rsrc | 0x0040E000 | 0x000008C8 | 0x00000A00 | 0x0000B400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.07 |
.reloc | 0x00410000 | 0x0000000C | 0x00000200 | 0x0000BE00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.08 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x0000D084 | 0x0000B284 | 0x00000000 |
Memory Dumps (3)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
45e87ee0b025a7e4a783a6786564982e7735c8c50d0b3d84a3d5dd90ce735cfe.exe | 1 | 0x00400000 | 0x00411FFF | Relevant Image | 32-bit | - |
...
|
||
45e87ee0b025a7e4a783a6786564982e7735c8c50d0b3d84a3d5dd90ce735cfe.exe | 1 | 0x00400000 | 0x00411FFF | Process Termination | 32-bit | - |
...
|
||
svchost.exe | 9 | 0x00400000 | 0x00411FFF | Relevant Image | 32-bit | - |
...
|
YARA Matches (1)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
AsyncRAT | AsyncRAT | Backdoor |
5/5
|
...
|
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpB6E4.tmp.bat | Dropped File | Text |
Clean
|
...
|
»
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpB6E4.tmp | Dropped File | Empty |
Clean
|
...
|
»