AsyncRAT | faaddcf1294c

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\faaddcf1294c8358fc6ccc4c36ecdc9fccd03ac345b3d022db144798d611397d.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\iexplore\iexplore.exe (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	3.00 MB
MD5	30e619eed663b6696ba1269dec11e1a9
SHA1	04ad1454bb163c8e1c5820ba591ae613dd6f6d45
SHA256	faaddcf1294c8358fc6ccc4c36ecdc9fccd03ac345b3d022db144798d611397d
SSDeep	6144:Pnsnxlpl/4MgsaffkOiBxqwuhiowOskDnlat1JLfwyTeiB0PJo3zzn:fs3pZ4MgzffDwsbikcJpnfn
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Version Information (7)

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00048884	0x00048A00	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.63
.rsrc	0x0044C000	0x0002BF72	0x0002C000	0x00048C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.52
.reloc	0x00478000	0x0000000C	0x00000200	0x00074C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x0004A858	0x00048A58	0x00000000

Memory Dumps (6)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
faaddcf1294c8358fc6ccc4c36ecdc9fccd03ac345b3d022db144798d611397d.exe	1	0x01350000	0x013C9FFF	Relevant Image	32-bit	0x013832FC	... Actions Go to Process Go to YARA Match Download Dump
faaddcf1294c8358fc6ccc4c36ecdc9fccd03ac345b3d022db144798d611397d.exe	1	0x01350000	0x013C9FFF	Process Termination	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
iexplore.exe	11	0x003F0000	0x00469FFF	Relevant Image	32-bit	0x004232FC	... Actions Go to Process Go to YARA Match Download Dump
iexplore.exe	11	0x003F0000	0x00469FFF	Process Termination	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
iexplore.exe	23	0x003F0000	0x00469FFF	Relevant Image	32-bit	0x004232FC	... Actions Go to Process Go to YARA Match Download Dump
iexplore.exe	23	0x003F0000	0x00469FFF	Process Termination	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump

YARA Matches (3)

Rule Name	Rule Description	Classification	Score	Actions
MultipleNetObfuscatorAttributes	.NET file contains multiple obfuscator attributes	-	2/5	... Actions Show Ruleset Show Match
YanoObfuscatorAttributes	Yano Obfuscator Attributes	-	VTIRuleScore.INFORMATIVE/5	... Actions Show Ruleset Show Match
BabelObfuscatorAttributes	Babel Obfuscator Attributes	-	VTIRuleScore.INFORMATIVE/5	... Actions Show Ruleset Show Match

902cca93c7d7b54c284be59ed63ac8f882b9a1cc58b8bc18da471be3264b196f

Code Dump File

Stream

MIME Type	application/octet-stream
File Size	42.00 KB
MD5	12a2d25cb5bada1d69199fe75ce47b92
SHA1	906f3c40be46cf6dfcff3860819945d48cca00e1
SHA256	902cca93c7d7b54c284be59ed63ac8f882b9a1cc58b8bc18da471be3264b196f
SSDeep	768:suwCfTg46YbWUn8jjmo2qryDwIz90PIUzjbNgX3WpdnUdphBDZ:suwCfTgp/2XP5U3baXGCdpfd
ImpHash	-

607c7b32ca17ef830932ceb8f5568e91d51c54555d84ab9f5dddda9ef61fd354

Extracted File

Image

Parent File	C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\iexplore\iexplore.exe
MIME Type	image/png
File Size	14.82 KB
MD5	358a23e6485c2eccf3d0e3881e59b9ba
SHA1	07d3d52af86fd24dcdb9f88f473497bf9be4fff2
SHA256	607c7b32ca17ef830932ceb8f5568e91d51c54555d84ab9f5dddda9ef61fd354
SSDeep	384:MrPqXdXyRc+eMekKSYOH2t9mXlYMQNE881ViUzQk09/nnFn:iqXdXyRcweSjYIikQkQp
ImpHash	-