7d46df2b69b2cc07bf2c907dd479e335

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2084-Mar-20 18:56:28
Comments
CompanyName
FileDescription Discord rat
FileVersion 1.0.0.0
InternalName Discord rat.exe
LegalCopyright Copyright © 2022
LegalTrademarks
OriginalFilename Discord rat.exe
ProductName Discord rat
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • SCHTASK
Contains references to security software:
  • rshell.exe
May have dropper capabilities:
  • CurrentVersion\Run
Miscellaneous malware strings:
  • cmd.exe
Contains domain names:
  • discord.com
  • geolocation-db.com
  • githubusercontent.com
  • google.com
  • http://www.google.com
  • http://www.google.com/maps/place/
  • https://discord.com
  • https://file.io
  • https://geolocation-db.com
  • https://raw.githubusercontent.com
  • https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/PasswordStealer.dll
  • https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll
  • https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll
  • https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/rootkit.dll
  • https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/unrootkit.dll
  • raw.githubusercontent.com
  • www.google.com
Suspicious The PE is possibly packed. The PE only has 0 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 7d46df2b69b2cc07bf2c907dd479e335
SHA1 5a65436aaef59f565a6ede593b02e950c1d95620
SHA256 b3854f0bce754767283bd1810749687f57ab2a1469864effac2a946646497b41
SHA3 003e14b442a0c23c487da10de91d032b7ad4e735a3ec3a47ec134a042023661c
SSDeep 1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+PPIC:5Zv5PDwbjNrmAE+3IC
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 2
TimeDateStamp 2084-Mar-20 18:56:28
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 48.0
SizeOfCode 0x13200
SizeOfInitializedData 0x600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000000000 (Section: ?)
BaseOfCode 0x2000
ImageBase 0x140000000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x18000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x400000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x2000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 f391321d151fd5e10f7c8e3f4975192c
SHA1 736b4a547e17c5990d1ad8b5665f3962ff3d9b26
SHA256 716ede27404d4826ba9896533c193b83e4af558ef5ac9dd93a9598d517d72de3
SHA3 f9c5f3dcaab74d6c4f1c770cb12805991e699d9daf4232c6ecc90ed639a81042
VirtualSize 0x13038
VirtualAddress 0x2000
SizeOfRawData 0x13200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.50828

.rsrc

MD5 bea68bc442fa63fbe2807c2fdac84be0
SHA1 33b32cf2f4246a9195d793df18bac3ba656fc167
SHA256 332947d05281100d6d9d606132f0ed8ee82f2d924dd3a2fa4f29a55bd9dc85aa
SHA3 712e6bd6608a464730d3a784e340a6ad4b26c697331cbf069b1cadda56bfb6f0
VirtualSize 0x5b6
VirtualAddress 0x16000
SizeOfRawData 0x600
PointerToRawData 0x13400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.0892

Imports

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x32c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.27174
MD5 2c3dc1ba749742f1575d98def86a37b8
SHA1 863b4f34307ae46d0b8abf24c5350af49ae154d1
SHA256 85848dc776e17084aaf5e09a3ab0c239e58224304ea3ff4befcafd03ca45b07a
SHA3 dd13cf15a7fa09fc7cf598ef52adfdb6fa1704b7094a46ffabcede78ea7f3e5b

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 b7db84991f23a680df8e95af8946f9c9
SHA1 cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3 4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName
FileDescription Discord rat
FileVersion (#2) 1.0.0.0
InternalName Discord rat.exe
LegalCopyright Copyright © 2022
LegalTrademarks
OriginalFilename Discord rat.exe
ProductName Discord rat
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->