a3c65e60d41f3d1e8132e948cfd2c72a

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2084-Mar-20 18:56:28
Comments
CompanyName
FileDescription Discord rat
FileVersion 1.0.0.0
InternalName Discord rat.exe
LegalCopyright Copyright © 2022
LegalTrademarks
OriginalFilename Discord rat.exe
ProductName Discord rat
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • SCHTASK
 Contains references to security software:
  • rshell.exe
 May have dropper capabilities:
  • CurrentVersion\Run
 Miscellaneous malware strings:
  • cmd.exe
 Contains domain names:
  • discord.com
  • geolocation-db.com
  • githubusercontent.com
  • google.com
  • http://www.google.com
  • http://www.google.com/maps/place/
  • https://discord.com
  • https://file.io
  • https://geolocation-db.com
  • https://raw.githubusercontent.com
  • https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/PasswordStealer.dll
  • https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll
  • https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll
  • https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/rootkit.dll
  • https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/unrootkit.dll
  • raw.githubusercontent.com
  • www.google.com
Suspicious The PE is possibly packed. The PE only has 0 import(s).
Malicious VirusTotal score: 51/72 (Scanned on 2026-01-29 16:24:32) ALYac: Gen:Variant.Application.msilheracles.1255
APEX: Malicious
AVG: Win64:MalwareX-gen [Expl]
AhnLab-V3: Trojan/Win.Generic.C5217098
Antiy-AVL: Trojan/Win32.Agent
Arcabit: Trojan.Application.msilheracles.D4E7
Avast: Win64:MalwareX-gen [Expl]
Avira: HEUR/AGEN.1378898
BitDefender: Gen:Variant.Application.msilheracles.1255
Bkav: W64.AIDetectMalware.CS
CTX: exe.unknown.msilheracles
ClamAV: Win.Malware.Tedy-9965181-0
CrowdStrike: win/malicious_confidence_100% (D)
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
DrWeb: BackDoor.SpyBotNET.70
ESET-NOD32: MSIL/Agent.DZT trojan
Elastic: malicious (high confidence)
Emsisoft: Gen:Variant.Application.msilheracles.1255 (B)
F-Secure: Heuristic.HEUR/AGEN.1378898
Fortinet: MSIL/Agent.DZT!tr
GData: MSIL.Backdoor.DiscordRAT.B
Google: Detected
Ikarus: Trojan-Downloader.MSIL.Agent
K7AntiVirus: Trojan ( 005b0c8d1 )
K7GW: Trojan ( 005b0c8d1 )
Kaspersky: Trojan.Win32.Injuke.pflk
Malwarebytes: Generic.Malware.Gen.DDS
MaxSecure: Trojan.Malware.349262377.susgen
McAfeeD: ti!BE1C1E4C686E
MicroWorld-eScan: Gen:Variant.Application.msilheracles.1255
Microsoft: Trojan:MSIL/Dcstl.psyX!MTB
Rising: Backdoor.DiscordRAT!1.F9B9 (CLASSIC)
SUPERAntiSpyware: Trojan.Agent/Gen-Jalapeno
Sangfor: Suspicious.Win32.Save.a
SentinelOne: Static AI - Malicious PE
Skyhigh: DiscordRAT!A3C65E60D41F
Sophos: Mal/Stealer-J
Symantec: ML.Attribute.HighConfidence
Tencent: Trojan.MSIL.Agent.kp
TrellixENS: DiscordRAT!A3C65E60D41F
TrendMicro: Backdoor.MSIL.DISCOGRAT.SMPI
TrendMicro-HouseCall: Backdoor.MSIL.DISCOGRAT.SMPI
VBA32: Backdoor.SpyBotNET
VIPRE: Gen:Variant.Application.msilheracles.1255
Varist: W64/Agent.EWH.gen!Eldorado
VirIT: Trojan.Win64.Agent.BBO
Webroot: W32.Trojan.Gen
Zillya: Trojan.Agent.Win32.4102040
ZoneAlarm: Mal/Stealer-J
huorong: TrojanSpy/MSIL.Stealer.add!crit

Hashes

MD5 a3c65e60d41f3d1e8132e948cfd2c72a
SHA1 b595e6298bf9929283cc2c2d225871e1794d0dc3
SHA256 be1c1e4c686ef114216bec654544a06b751dcdf25006ebdffe34e5d23c023c0f
SHA3 a4ce33c062cd36c8459a60776a0ebaedf36d6c936484f87cadcb625f5676d791
SSDeep 1536:52WjO8XeEXFhJP7v88wbjNrfxCXhRoKV6+V+iPIC:5ZvJPDwbjNrmAE+OIC
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 2
TimeDateStamp 2084-Mar-20 18:56:28
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 48.0
SizeOfCode 0x13200
SizeOfInitializedData 0x600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000000000 (Section: ?)
BaseOfCode 0x2000
ImageBase 0x140000000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x18000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x400000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x2000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 cadeb4a5cf8e2ec263e012ecbef4d38f
SHA1 1da5ec01abd15a447aefbb769c0eacca259de640
SHA256 7518b2953b5a6ccfb211ec42fbeb7b38ccd77417fccfde69b5f5775b5c218a41
SHA3 d0466e586aeb505737cce659dfa29eeb80d323f9100a9b6cd44e86e7290c3edd
VirtualSize 0x13038
VirtualAddress 0x2000
SizeOfRawData 0x13200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.50805

.rsrc

MD5 bea68bc442fa63fbe2807c2fdac84be0
SHA1 33b32cf2f4246a9195d793df18bac3ba656fc167
SHA256 332947d05281100d6d9d606132f0ed8ee82f2d924dd3a2fa4f29a55bd9dc85aa
SHA3 712e6bd6608a464730d3a784e340a6ad4b26c697331cbf069b1cadda56bfb6f0
VirtualSize 0x5b6
VirtualAddress 0x16000
SizeOfRawData 0x600
PointerToRawData 0x13400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.0892

Imports

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x32c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.27174
MD5 2c3dc1ba749742f1575d98def86a37b8
SHA1 863b4f34307ae46d0b8abf24c5350af49ae154d1
SHA256 85848dc776e17084aaf5e09a3ab0c239e58224304ea3ff4befcafd03ca45b07a
SHA3 dd13cf15a7fa09fc7cf598ef52adfdb6fa1704b7094a46ffabcede78ea7f3e5b

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 b7db84991f23a680df8e95af8946f9c9
SHA1 cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3 4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName
FileDescription Discord rat
FileVersion (#2) 1.0.0.0
InternalName Discord rat.exe
LegalCopyright Copyright © 2022
LegalTrademarks
OriginalFilename Discord rat.exe
ProductName Discord rat
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors