505af7c814b371ce2878d1587dd5532c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2022-Mar-23 20:17:06
FileDescription
FileVersion 0.0.0.0
InternalName VenomRAT_ Cracked By Axnx.exe
LegalCopyright
OriginalFilename VenomRAT_ Cracked By Axnx.exe
ProductVersion 0.0.0.0
Assembly Version 0.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C# v7.0 / Basic .NET
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • sc.exe
Looks for VMWare presence:
  • VMware
May have dropper capabilities:
  • CurrentVersion\Run
  • Programs\Startup
Contains another PE executable:
  • This program cannot be run in DOS mode.
Miscellaneous malware strings:
  • Exploit
Contains domain names:
  • No-Ip.com
  • anonfile.com
  • api.anonfile.com
  • dashboard.ngrok.com
  • dynupdate.no-ip.com
  • ezgif.com
  • github.com
  • http://dashboard.ngrok.com
  • http://dashboard.ngrok.com/status
  • http://dynupdate.no-ip.com
  • http://dynupdate.no-ip.com/nic/update?hostname
  • http://pastebin.com
  • http://schemas.microsoft.com
  • http://schemas.microsoft.com/SMI/2005/WindowsSettings
  • http://www.gnu.org
  • http://www.gnu.org/licenses/
  • https://api.anonfile.com
  • https://api.anonfile.com/upload
  • https://dashboard.ngrok.com
  • https://dashboard.ngrok.com/status
  • https://github.com
  • https://the.earth.li
  • https://the.earth.li/
  • ipchicken.com
  • microsoft.com
  • ngrok.com
  • no-ip.com
  • paint.net
  • pastebin.com
  • schemas.microsoft.com
  • www.gnu.org
  • www.ipchicken.com
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to SHA1
Uses constants related to SHA256
Malicious VirusTotal score: 28/70 (Scanned on 2022-03-26 20:35:36) Elastic: malicious (high confidence)
MicroWorld-eScan: Gen:Variant.MSILPerseus.224470
FireEye: Generic.mg.505af7c814b371ce
ALYac: Zum.Rastarby.4
Malwarebytes: Trojan.Agent.MSIL
Cybereason: malicious.814b37
BitDefenderTheta: Gen:NN.ZemsilF.34294.@p0@auHDgX
ESET-NOD32: multiple detections
ClamAV: Win.Malware.Bulz-9864844-0
Kaspersky: HEUR:Backdoor.MSIL.Quasar.gen
BitDefender: Gen:Variant.MSILPerseus.224470
Avast: Win32:BackdoorX-gen [Trj]
Rising: Trojan.Generic/MSIL@AI.90 (RDM.MSIL:s+cYXB93QbqUoS3BDkVYEg)
Ad-Aware: Gen:Variant.MSILPerseus.224470
Emsisoft: Gen:Variant.MSILPerseus.224470 (B)
Avira: HEUR/AGEN.1235692
MAX: malware (ai score=88)
Microsoft: Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm: HEUR:Trojan.Win32.Generic
GData: Zum.Rastarby.4
Cynet: Malicious (score: 99)
VBA32: TScope.Trojan.MSIL
Cylance: Unsafe
APEX: Malicious
SentinelOne: Static AI - Malicious PE
MaxSecure: Trojan.Malware.300983.susgen
AVG: Win32:BackdoorX-gen [Trj]
CrowdStrike: win/malicious_confidence_60% (D)

Hashes

MD5 505af7c814b371ce2878d1587dd5532c
SHA1 cb2a1786e610c2970fdea261114468e61977817b
SHA256 cbb4eb0773572bd1de19122ec46e67a51f47bf7ab2f4ea0973a2ad93b0ef4de0
SHA3 65d466a7c9d39f530e6fc39933c08cece45ca6de9871c38b38dc01e5abbac2bf
SSDeep 196608:9ThKmURVoq/uR12RVoq/uR1bnhmdmARsDymuPP3ma2gh28w9r2:1Cd/i14d/i1bn0oAWdG3ma2828w9r2
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2022-Mar-23 20:17:06
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 11.0
SizeOfCode 0xdd5400
SizeOfInitializedData 0x1ec00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00DD72CE (Section: .text)
BaseOfCode 0x2000
BaseOfData 0xdd8000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xdfa000
SizeOfHeaders 0x200
Checksum 0xdfe1df
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 15

.text

MD5 a5d265390352e451c289d5002ef21d67
SHA1 24b4e345d96fe45de5691ae85002b2291edc0daf
SHA256 e7ea2818f1840d43541a1ec63556fcc835a5fe7acce0e67590a065b427881604
SHA3 46d6702989ba29162f7ffd73cb62eb2a1e4737e802b73b8ff30dbd769195972f
VirtualSize 0xdd52d4
VirtualAddress 0x2000
SizeOfRawData 0xdd5400
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.6276

.rsrc

MD5 f44e27efc27831332c0b56b0cf98faa3
SHA1 5bef45b046b146359bdc765546a5d553edbf1103
SHA256 f2aedf00dee6986cc01916fba51cab1962c79f7047631f641948954cf6f943f9
SHA3 f1d6a84c56a771d923e984f5684e5c7ba57c4913e96380ab5a23103ee34266bc
VirtualSize 0x1e814
VirtualAddress 0xdd8000
SizeOfRawData 0x1ea00
PointerToRawData 0xdd5600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.8964

.reloc

MD5 0597ca7d3af6aac73c3e887b9f14cbaf
SHA1 82ad990b188ee3c546eb00a39672eade36168a45
SHA256 b738aaa22d9c2cdf05232d948424ee7bf2729f7c6b79e57218b498a089c6ae99
SHA3 30a30ae22703d325b023b515a18922c7a16d78fcc42ded33be0c6247038a04a4
VirtualSize 0xc
VirtualAddress 0xdf8000
SizeOfRawData 0x200
PointerToRawData 0xdf4000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

50

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x5c03
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.97061
Detected Filetype PNG graphic file
MD5 8720b64f85278e5740e80fb5f2b254fd
SHA1 b3ae3df00c2ed98bf6f3f97850721d7f644dec0b
SHA256 a0ccb6bd66a08c951bc8cf970806c781d83e1f91353621ac820eeb23ecdaa532
SHA3 062736c169c932a2eff42d592106def09a36fa6170937a8970edb3974dfd9062

51

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.26032
MD5 beee8197a9b9203a07bfdaf117a757f6
SHA1 4f7f714dc4d551bdb8514ec6fbb67a5123d025d6
SHA256 5a6eb24dacc93956ee030505300bdaafc3d98861ea85e09d8fe7ff370173b8e8
SHA3 584e3541749bdc47c5d6074be6e89d1f68526adca7ccf5bb4840bdd8d59e95c4

52

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.56379
MD5 339bf4d9418af7f0a9830b6f5d52e2a0
SHA1 7ba695be59d78f27cfe819942097eae83815b06c
SHA256 90217e10dc04a363895a008331f3e458692bbc1689c695fbcc849ad0d008f413
SHA3 148b4cd42c99147e91f147e1367e590920a1a9ed7a868dcdafdb0ed38ea2b676

53

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.71335
MD5 4cf4a21d593a9d2a0a6779f5737c5391
SHA1 91a17829fc254fb6ce8e1bed79ebe5e8a2e94342
SHA256 926f8750908a431c3c073257251a764693bb9cc6c11c747a36e5eecb911bf2c0
SHA3 b2d196f88bdc6bbe0de35a4207824de852a549dcd050ffb93e3e8e2792853e61

54

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.93965
MD5 fce290487ea5aab3f151a76384f50ce3
SHA1 bed916cb6114a6c8abbb521b87df7a72d850337d
SHA256 ee41b05bdb9524073f8134aa8f6f5feb60c534a888c529e475f89b9ade64ca7f
SHA3 5f385befd001d39591ebb7ea7f15db040abee7b8384133155c777ee8f8f70253

55

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.19071
MD5 8bee261833276d69294266f8c8b0c23c
SHA1 f1dcf17ccb9b10b4bff964997ea08530f051bea3
SHA256 a2907cdf48ca3eb713a948b9c3404117fccc42486f70a966bf3520b57f81a07a
SHA3 a5a1f5b423f5ce5bc8fb5a2ac4a39f8b13a5fa229eacfce00bd224b9b972426b

MAINICON

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.89385
Detected Filetype Icon file
MD5 73317d777b73f0dc8afe14637e537ff5
SHA1 1c6674c1e84d4623e77679b882491e2782a5cfcd
SHA256 78a8213c291d3e26daa588a042f183899accc0d5fa0019b81c42d6890194d0c4
SHA3 3f9614efb1a71c94f42ed49be587d08bc9ea2fb2a5475c0ad9a2210eb9e91f52

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x28c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.2662
MD5 fb72f3b4719d8bb5db94624d14b770b3
SHA1 55714b90a5da4069f2361465e81ee8d43b93859f
SHA256 3e04aa1b73d0e2278de9ccfbf619cdfedde04f4011cbad6844f1f3dd42bc6f30
SHA3 2e65d89f2d4b3f6e9c1e9b8aafa60397eb3f6467af26d79960cb1637f3655015

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 a19a2658ba69030c6ac9d11fd7d7e3c1
SHA1 879dcf690e5bf1941b27cf13c8bcf72f8356c650
SHA256 c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f
SHA3 93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.0.0.0
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
FileDescription
FileVersion (#2) 0.0.0.0
InternalName VenomRAT_ Cracked By Axnx.exe
LegalCopyright
OriginalFilename VenomRAT_ Cracked By Axnx.exe
ProductVersion (#2) 0.0.0.0
Assembly Version 0.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->