Try VMRay Platform
Malicious
Classifications

Backdoor

Threat Names

AsyncRAT.v057B AsyncRAT Mal/Generic-S

Dynamic Analysis Report

Created on 2022-08-05T12:17:19+00:00

45e87ee0b025a7e4a783a6786564982e7735c8c50d0b3d84a3d5dd90ce735cfe.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\45e87ee0b025a7e4a783a6786564982e7735c8c50d0b3d84a3d5dd90ce735cfe.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Roaming\svchost.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 48.00 KB
MD5 10135b39a4a6d8717ba8ceec380ef060 Copy to Clipboard
SHA1 3669c101670b0b373dea1c7729718340196da4bc Copy to Clipboard
SHA256 45e87ee0b025a7e4a783a6786564982e7735c8c50d0b3d84a3d5dd90ce735cfe Copy to Clipboard
SSDeep 768:wuK49TH4EjZWUR+ejmo2qrw8sJrKKIixPIAoqVcg0b1G24HftYUpG5ilsga8yBDu:wuK49THf52HtuAo9rbMNYUpnfMdh+ Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x0040D0AE
Size Of Code 0x0000B200
Size Of Initialized Data 0x00000C00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2020-05-10 07:24 (UTC+2)
Version Information (11)
»
Comments
CompanyName Microsoft Corporation
FileDescription Host Process for Windows Services
FileVersion 10.0.19041.1
InternalName
LegalCopyright Microsoft®
LegalTrademarks
OriginalFilename
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.19041.1
Assembly Version 10.0.19041.1
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x0000B0B4 0x0000B200 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.62
.rsrc 0x0040E000 0x000008C8 0x00000A00 0x0000B400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.07
.reloc 0x00410000 0x0000000C 0x00000200 0x0000BE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.08
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x0000D084 0x0000B284 0x00000000
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
45e87ee0b025a7e4a783a6786564982e7735c8c50d0b3d84a3d5dd90ce735cfe.exe 1 0x00400000 0x00411FFF Relevant Image False 32-bit - False
...
45e87ee0b025a7e4a783a6786564982e7735c8c50d0b3d84a3d5dd90ce735cfe.exe 1 0x00400000 0x00411FFF Process Termination False 32-bit - False
...
svchost.exe 9 0x00400000 0x00411FFF Relevant Image False 32-bit - False
...
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
AsyncRAT AsyncRAT Backdoor
5/5
...
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpB6E4.tmp.bat Dropped File Text
Clean
...
»
Also Known As \??\C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpB6E4.tmp.bat (Accessed File)
tmpB6E4.tmp.bat (Accessed File)
MIME Type text/x-msdos-batch
File Size 165 Bytes
MD5 c40ed0d8d721aa287bb30ec1f3ff2260 Copy to Clipboard
SHA1 33828e35a94811ccc675a006af7bddbefce60d46 Copy to Clipboard
SHA256 6bd696e0922144b9549c56e98731fc12e8522962fb1092ba25228682a91dfdb2 Copy to Clipboard
SSDeep 3:mKDDCMNqTtvL5oOc96VkEaKC5ZACSmqRDOc96VkE2J5xAInTRINwLRIVzVZPy:hWKqTtT6Oc9+NaZ5Omq1Oc9+N23fT/Iw Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpB6E4.tmp Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image