AsyncRAT | 9d19de1d4be4

C:\Users\RDhJ0CNFevzX\Desktop\9d19de1d4be447775e3345eae357a9571bd86a607eaf25df48a6840acbc390cc.exe

Sample File

Binary

»

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Roaming\.exe (Accessed File) C:\Users\RDhJ0CNFevzX\AppData\Roaming\ZgolgcKGNozdg.exe (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	616.50 KB
MD5	d4278af4c129db3ea1c48d890304abd1
SHA1	b6ca93a2c12c164a73339020070662b618723744
SHA256	9d19de1d4be447775e3345eae357a9571bd86a607eaf25df48a6840acbc390cc
SSDeep	12288:AzTgQCM0ei0Hth5PSQ7OBOXhsAOf9vHg6SKlpx:tTAhPSkOBOPOf9vJLlpx
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

»

Verdict	Malicious
Names	Mal/Generic-S

PE Information

»

Image Base	0x00400000
Entry Point	0x0049B6AE
Size Of Code	0x00099800
Size Of Initialized Data	0x00000800
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2038-03-30 05:04 (UTC+2)

Version Information (11)

»

Comments
CompanyName
FileDescription	Lib Mang Sys
FileVersion	1.0.0.0
InternalName	CommonSecurityDescrip.exe
LegalCopyright	Copyright © 2020
LegalTrademarks
OriginalFilename	CommonSecurityDescrip.exe
ProductName	Lib Mang Sys
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x000996CC	0x00099800	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.36
.rsrc	0x0049C000	0x000005EC	0x00000600	0x00099A00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.18
.reloc	0x0049E000	0x0000000C	0x00000200	0x0009A000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

»

mscoree.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x0009B684	0x00099884	0x00000000

Memory Dumps (11)

»

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
9d19de1d4be447775e3345eae357a9571bd86a607eaf25df48a6840acbc390cc.exe	1	0x00400000	0x0049FFFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02280000	0x0228FFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x004A0000	0x004A2FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0A150000	0x0A1ABFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
9d19de1d4be447775e3345eae357a9571bd86a607eaf25df48a6840acbc390cc.exe	1	0x00400000	0x0049FFFF	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00920000	0x0092FFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00411FFF	Content Changed	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
9d19de1d4be447775e3345eae357a9571bd86a607eaf25df48a6840acbc390cc.exe	1	0x00400000	0x0049FFFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00411FFF	Process Termination	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
.exe	14	0x00400000	0x0049FFFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	14	0x04850000	0x0485FFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump

7fc94904b3e7c90d488652ccf304745d9d2ed0ecd1d287d8e02c4004279738ad

Code Dump File

Stream

»

MIME Type	application/octet-stream
File Size	44.50 KB
MD5	12f5d6084b1aa9e9f9e243f095b96023
SHA1	c10bd4d95c3470ea3457b0690e2bcf4a2e1b33b1
SHA256	7fc94904b3e7c90d488652ccf304745d9d2ed0ecd1d287d8e02c4004279738ad
SSDeep	768:DuIadTsErkZTWU/APhmo2qb2WkKSu5CyCHUPIhRCO0bVJTdVLBPO5TXiuDqVBDZ:DuIadTsX22HWQmCdZhRybVJpNBPe7iEe
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmp95DB.tmp

Dropped File

Text

»

MIME Type	text/xml
File Size	1.56 KB
MD5	9e7a6ad73b118f1b9fd416f36eb6c5ec
SHA1	0b7ebdd9fbd9c7cda0ac14458d321a9342640ad9
SHA256	0e7126bff40cd57601121dc11ec5f2db9c88bb6b68b0aab3cf3e15e1782124ea
SSDeep	24:2di4+S2qh9Y1Sy1mlUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt5xvn:cge2UYrFdOFzOzN33ODOiDdKrsuTvv
ImpHash	-

\??\C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpDAB.tmp.bat

Dropped File

Text

»

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpDAB.tmp.bat (Accessed File, Dropped File) tmpDAB.tmp.bat (Accessed File)
MIME Type	text/x-msdos-batch
File Size	157 Bytes
MD5	a2318a9bbc40bf1668a479c67dcfda21
SHA1	49d249dda6f4bfd2bc25a458ccea8062c980899b
SHA256	a1f8c3d64e72fb887033132465cde2da3a2a7d6c86b55d296e92babfdf4d8933
SSDeep	3:mKDDCMNqTtvL5oOc96VkEaKC50CSmqRDOc96VkE2J5xAInTRILEazVZPy:hWKqTtT6Oc9+NaZ50Zmq1Oc9+N23fTzN
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpDAB.tmp

Dropped File

Empty

»

MIME Type	application/x-empty
File Size	0 Bytes
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information