Manalyze report for 7d46df2b69b2cc07bf2c907dd479e335

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2084-Mar-20 18:56:28
Comments
CompanyName
FileDescription	Discord rat
FileVersion	`1.0.0.0`
InternalName	Discord rat.exe
LegalCopyright	Copyright © 2022
LegalTrademarks
OriginalFilename	Discord rat.exe
ProductName	Discord rat
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: SCHTASK` `Contains references to security software: rshell.exe` `May have dropper capabilities: CurrentVersion\Run` `Miscellaneous malware strings: cmd.exe` Contains domain names: discord.com geolocation-db.com githubusercontent.com google.com http://www.google.com http://www.google.com/maps/place/ https://discord.com https://file.io https://geolocation-db.com https://raw.githubusercontent.com https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/PasswordStealer.dll https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/rootkit.dll https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/unrootkit.dll raw.githubusercontent.com www.google.com
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`7d46df2b69b2cc07bf2c907dd479e335`
SHA1	`5a65436aaef59f565a6ede593b02e950c1d95620`
SHA256	`b3854f0bce754767283bd1810749687f57ab2a1469864effac2a946646497b41`
SHA3	`003e14b442a0c23c487da10de91d032b7ad4e735a3ec3a47ec134a042023661c`
SSDeep	`1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+PPIC:5Zv5PDwbjNrmAE+3IC`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`2`
TimeDateStamp	2084-Mar-20 18:56:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`48.0`
SizeOfCode	`0x13200`
SizeOfInitializedData	`0x600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000000000 (Section: ?)`
BaseOfCode	`0x2000`
ImageBase	`0x140000000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x18000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f391321d151fd5e10f7c8e3f4975192c`
SHA1	`736b4a547e17c5990d1ad8b5665f3962ff3d9b26`
SHA256	`716ede27404d4826ba9896533c193b83e4af558ef5ac9dd93a9598d517d72de3`
SHA3	`f9c5f3dcaab74d6c4f1c770cb12805991e699d9daf4232c6ecc90ed639a81042`
VirtualSize	`0x13038`
VirtualAddress	`0x2000`
SizeOfRawData	`0x13200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.50828`

.rsrc

MD5	`bea68bc442fa63fbe2807c2fdac84be0`
SHA1	`33b32cf2f4246a9195d793df18bac3ba656fc167`
SHA256	`332947d05281100d6d9d606132f0ed8ee82f2d924dd3a2fa4f29a55bd9dc85aa`
SHA3	`712e6bd6608a464730d3a784e340a6ad4b26c697331cbf069b1cadda56bfb6f0`
VirtualSize	`0x5b6`
VirtualAddress	`0x16000`
SizeOfRawData	`0x600`
PointerToRawData	`0x13400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.0892`

Imports

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x32c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27174`
MD5	`2c3dc1ba749742f1575d98def86a37b8`
SHA1	`863b4f34307ae46d0b8abf24c5350af49ae154d1`
SHA256	`85848dc776e17084aaf5e09a3ab0c239e58224304ea3ff4befcafd03ca45b07a`
SHA3	`dd13cf15a7fa09fc7cf598ef52adfdb6fa1704b7094a46ffabcede78ea7f3e5b`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	Discord rat
FileVersion (#2)	1.0.0.0
InternalName	Discord rat.exe
LegalCopyright	Copyright © 2022
LegalTrademarks
OriginalFilename	Discord rat.exe
ProductName	Discord rat
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

7d46df2b69b2cc07bf2c907dd479e335

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors