Malicious
Classifications
Injector Backdoor
Threat Names
AsyncRAT.v057B AsyncRAT Mal/Generic-S
Dynamic Analysis Report
Created on 2022-08-05T14:25:42+00:00
faaddcf1294c8358fc6ccc4c36ecdc9fccd03ac345b3d022db144798d611397d.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\faaddcf1294c8358fc6ccc4c36ecdc9fccd03ac345b3d022db144798d611397d.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x0044A87E |
Size Of Code | 0x00048A00 |
Size Of Initialized Data | 0x0002C200 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2022-08-05 08:22 (UTC+2) |
Version Information (7)
»
Comments | |
CompanyName | |
FileVersion | , , , |
FileDescription | |
LegalCopyright | |
ProductName | |
ProductVersion | , , , |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x00048884 | 0x00048A00 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.63 |
.rsrc | 0x0044C000 | 0x0002BF72 | 0x0002C000 | 0x00048C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.52 |
.reloc | 0x00478000 | 0x0000000C | 0x00000200 | 0x00074C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x0004A858 | 0x00048A58 | 0x00000000 |
Memory Dumps (6)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
faaddcf1294c8358fc6ccc4c36ecdc9fccd03ac345b3d022db144798d611397d.exe | 1 | 0x01350000 | 0x013C9FFF | Relevant Image | 32-bit | 0x013832FC |
...
|
||
faaddcf1294c8358fc6ccc4c36ecdc9fccd03ac345b3d022db144798d611397d.exe | 1 | 0x01350000 | 0x013C9FFF | Process Termination | 32-bit | - |
...
|
||
iexplore.exe | 11 | 0x003F0000 | 0x00469FFF | Relevant Image | 32-bit | 0x004232FC |
...
|
||
iexplore.exe | 11 | 0x003F0000 | 0x00469FFF | Process Termination | 32-bit | - |
...
|
||
iexplore.exe | 23 | 0x003F0000 | 0x00469FFF | Relevant Image | 32-bit | 0x004232FC |
...
|
||
iexplore.exe | 23 | 0x003F0000 | 0x00469FFF | Process Termination | 32-bit | - |
...
|
YARA Matches (3)
»
Rule Name | Rule Description | Classification | Score | Actions |
---|---|---|---|---|
MultipleNetObfuscatorAttributes | .NET file contains multiple obfuscator attributes | - |
2/5
|
...
|
YanoObfuscatorAttributes | Yano Obfuscator Attributes | - |
VTIRuleScore.INFORMATIVE/5
|
...
|
BabelObfuscatorAttributes | Babel Obfuscator Attributes | - |
VTIRuleScore.INFORMATIVE/5
|
...
|
902cca93c7d7b54c284be59ed63ac8f882b9a1cc58b8bc18da471be3264b196f | Code Dump File | Stream |
Malicious
|
...
|
»
607c7b32ca17ef830932ceb8f5568e91d51c54555d84ab9f5dddda9ef61fd354 | Extracted File | Image |
Clean
|
...
|
»