popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Private_RunPe.dll

AsyncRAT
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 April 19, 2021, 8:46 a.m. April 19, 2021, 8:47 a.m.
Size 305.5KB
Type PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 dc1be938a5696dc6cdba439e6b4c5010
SHA256 1fe07434f89a046c4c23246bd3a1522d7a61ff20295206a019ccd9c551089b7d
CRC32 007DB020
ssdeep 3072:rJadqAh5FPpvD2h+DrERgD28bJirdjD3goemIwtfmckao1oo4X+/utxgFL+nVSkK:rodjbFPdDKG28SIImcNoWtsutuLu
PDB Path turk.pdb
Yara
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature Zero
  • network_tcp_listen - Listen for incoming communication
  • IsPE32 - (no description)
  • IsNET_DLL - (no description)
  • IsDLL - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasDebugData - DebugData Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path turk.pdb
section {u'size_of_data': u'0x00049600', u'virtual_address': u'0x00002000', u'entropy': 7.182885486374333, u'name': u'.text', u'virtual_size': u'0x00049424'} entropy 7.18288548637 description A section with a high entropy has been found
entropy 0.962295081967 description Overall entropy of this PE file is high
MicroWorld-eScan Trojan.GenericKD.36716307
FireEye Trojan.GenericKD.36716307
ALYac Trojan.GenericKD.36716307
Sangfor Trojan.Win32.GenericKD.36716307
CrowdStrike win/malicious_confidence_60% (W)
Arcabit Trojan.Generic.D2303F13
ESET-NOD32 a variant of Generik.ISBWFEB
BitDefender Trojan.GenericKD.36716307
Avast Win32:Trojan-gen
Ad-Aware Trojan.GenericKD.36716307
Emsisoft Trojan.GenericKD.36716307 (B)
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition Artemis
Ikarus Trojan.SuspectCRC
GData Trojan.GenericKD.36716307
McAfee Artemis!DC1BE938A569
MAX malware (ai score=87)
TrendMicro-HouseCall TROJ_GEN.R002H09DH21
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_61%
Fortinet W32/PossibleThreat
AVG Win32:Trojan-gen