rat.exe

First submission 2022-08-02 20:12:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 1623.61 KB (1662572 bytes)
Compile time: 2020-12-01 19:00:55
MD5: c8ae3010b329c7a23fbf74e6970d51ae
SHA1: ca4427123f468099ad2d80a6f48eba9ad9899ed3
SHA256: 6ce2ef7081fdff206c456b6af0e4ee964a08ce0d802b41db703df00808140e7c
Import Hash : fcf1390e9ce472c7270447fc5c61a0c1
Sections 6 .text .rdata .data .didat .rsrc .reloc
Directories 5 import export resource debug relocation
Virus Total: 36/71 VT report date: 2022-08-02 17:48:05

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://915111.ru/wp-includes/rat.exe VirusTotal Report 915111.ru VirusTotal Report 2022-08-02 20:12:03

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x310ea 201216 85ba0e85c3b341d29903bac4cc9748b86b5aec59 c5bf61bbedb6ad471e9dc6266398e965
.rdata 0x33000 0xa612 43008 d1c65ab34aba92c118fabac07f130027d9afd450 7980b588d5b28128a2f3c36cabe2ce98
.data 0x3e000 0x23728 4096 6b160855a24650fb6df8fda051e6a773aefbb0ae 201530c9e56f172adf2473053298d48f
.didat 0x62000 0x188 512 a82f4d348f331c812feea68e9dd6ac1b771f1e66 c5d41d8f254f69e567595ab94266cfdc
.rsrc 0x63000 0xdfd0 57344 7aa38184413693ee0eb9c0e0bd3ddfaf7dbbc74e f6c0f34fae6331b50a7ad2efc4bfefdb
.reloc 0x71000 0x2268 9216 35955d28bc54fd26de6997c8b4b80a3cb02dda5c c7a942b723cb29d9c02f7c611b544b50

PE Resources 6

Name Language Sublanguage Offset Size Data
PNG LANG_ENGLISH SUBLANG_ENGLISH_US 0x64198 5545
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x6aeb8 15729
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x6ec98 594
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_US 0x70ef8 214
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x6ec30 104
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x6f810 1875

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Temporary
%s.%d.tmp
winrarsfxmappingfile.tmp
Library
Crypt32.dll
peerdist.dll
msasn1.dll
profapi.dll
RpcRtRemote.dll
sfc_os.dll
XmlLite.dll
USERENV.dll
ntmarta.dll
rasadhlp.dll
mscoree.dll
mlang.dll
cryptsp.dll
linkinfo.dll
UxTheme.dll
imageres.dll
VERSION.dll
cscapi.dll
usp10.dll
wkscli.dll
devrtl.dll
secur32.dll
wintrust.dll
atl.dll
WINNSI.DLL
rsaenh.dll
riched20.dll
comres.dll
cryptui.dll
ntshrui.dll
slc.dll
oleaccrc.dll
PSAPI.DLL
propsys.dll
NETAPI32.dll
aclui.dll
dhcpcsvc6.dll
cryptbase.dll
ws2help.dll
SHELL32.dll
samlib.dll
KERNEL32.dll
shdocvw.dll
dwmapi.dll
cabinet.dll
MPR.dll
WS2_32.dll
WindowsCodecs.dll
dnsapi.dll
SSPICLI.DLL
samcli.dll
apphelp.dll
dfscli.dll
DXGIDebug.dll
dsrole.dll
ieframe.dll
lpk.dll
netutils.dll
clbcatq.dll
dhcpcsvc.dll
IPHLPAPI.DLL
srvcli.dll
browcli.dll
SETUPAPI.dll
SHLWAPI.dll
USER32.dll
COMCTL32.dll
ole32.dll
ADVAPI32.dll
GDI32.dll
gdiplus.dll
WINMM.dll
COMDLG32.dll

Strings analysis - Possible URLs found 2

http://schemas.microsoft.com/SMI/2005/WindowsSettings
file:///

Import functions

Name Latest seen MD5
B-Server.exe 2021-10-29 19:36:02 b10006163a7219e99b2049a680226d2a
5334_1636030207_6453.exe 2021-11-04 17:55:02 d32aed7204ae5bf456dc9d1be2c53d9e
zzz123.exe 2021-11-11 22:15:05 265f7662aea5f1c136abd35abf1a609b
zzz666.exe 2021-11-11 22:17:03 f27817607704cc0048e2bd0c422df41b
CS.exe 2021-11-17 14:34:02 fc131e5270a4ca9965e85a5baba85396
2658_1639662282_3042.exe 2021-12-18 18:38:06 e5143cf7bbacb85e29de7655f242b3da
kill.exe 2021-12-19 16:46:02 f459a6576c7bc216db259ee91b38d220
5838_1640039508_9010.exe 2021-12-25 20:22:15 1b79ca2e04760d945156dcc24689fe32
dc.exe 2022-01-08 09:07:02 60c2cc7d9124cafbdfcf8b539d1231e8
dcc.exe 2022-01-09 23:45:04 9d09081930b462178f428938e9068d3d
5534_1642620796_6324.exe 2022-01-21 16:12:12 37f7c276b3afec9c7279c968f518b68c
9779_1642626174_8271.exe 2022-01-25 07:06:06 c290c1040541f8375f20cb4bea188611
dc.exe 2022-03-04 02:54:02 804afd26ef6b8984d8ea9a5940a174b5
Company_Business_Card.pdf.vbs.exe 2022-03-17 12:22:01 4e6f023d27d18a99f183d79342bc88ff
399_1647656031_5155.exe 2022-03-22 03:56:02 95d28a26ea388b7c29f6760bad5835bd
486_1647654996_188.exe 2022-03-23 12:06:07 e6817e20bf11de314ed17d9e1151c05f
DCRatBuild.exe 2022-04-11 09:41:04 4fc907e57164cebf549be54620ecdd04
ec6f9069daa80029e880d76fc3bf6a0698a7d554.bin 2022-04-13 12:21:02 e7d858bd5c4e863486db56523e9a43cb
bkjbgaionkgkjhjdhjdjgjhaionkgkjhjdhjdjgjbkjbg.exe 2022-04-27 10:07:03 b5a4548b69a7b6f11b13ae9058d39aa6
IE.exe 2022-05-10 03:45:03 59aa84cf2e843581002f74710e77dc9e
11.exe 2022-05-11 15:34:03 0e68c3f13c43fd4e5f8c26c10ddf2abd
migrate.sfx.exe 2022-05-18 10:09:03 691a5af1f4de0847005160f0f5d07841
file4.exe 2022-06-09 16:35:02 19e086b50b1dacc8847f0f764e137088
c9675be9896d63f4d3020729f4f2bddd854a7000.bin 2022-06-11 02:41:02 fedb0a25a5baea395ef40257c9a76375
01actfinal6.exe 2022-06-17 20:11:04 5fd03f210285cd0e8335fa4c3aa1e7e0
01actfinal5.exe 2022-06-17 20:12:04 fc59789c6a2c12296150feaa71405291
01actfinal4.exe 2022-06-17 20:13:03 b984d80deb9a55764dd0f1762728d375
01actfinal7.exe 2022-06-17 20:14:03 c37ffea9b9ba78c03a9296b73d3d55bd
1004.exe 2022-06-22 17:27:22 20fd8d994722ed867d3a7e8e252aa07b
Lanskoy.exe 2022-06-24 08:02:03 497c81d4177c2f2c0724b57da4e3beca
01actfinal8.exe 2022-06-30 23:54:03 7b098b4ef567a0bb0782023906f09d8e
updat.dat 2022-07-24 01:54:04 fef9467fd9a19ab3925c5ba35c5c5d24
DCRatBuild.exe 2022-08-01 18:43:02 67102f1512d76f7c6e29b72a61fead26