× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: aa2db36083bc2419b893b2b5f5c529eead158eb354cd1ba9ecd4f4229592c79a
File name: DarkRat.exe
Detection ratio: 10 / 58
Analysis date: 2017-03-05 14:36:54 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
AegisLab Troj.Gen!c 20170305
Bkav W32.Clod119.Trojan.168c 20170303
ClamAV Win.Trojan.Agent-5748589-0 20170305
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170130
Fortinet Malicious_Behavior.SB 20170305
McAfee Artemis!D6ACBD7A75DC 20170305
McAfee-GW-Edition Artemis 20170305
Rising Malware.Undefined!8.C (cloud:NbPt3dZPJUT) 20170305
Symantec Trojan Horse 20170304
TrendMicro-HouseCall TROJ_GEN.R00XH05BN17 20170305
Ad-Aware 20170305
AhnLab-V3 20170305
Alibaba 20170228
ALYac 20170305
Antiy-AVL 20170305
Arcabit 20170305
Avast 20170305
AVG 20170305
Avira (no cloud) 20170305
AVware 20170305
Baidu 20170303
BitDefender 20170305
CAT-QuickHeal 20170304
CMC 20170305
Comodo 20170305
Cyren 20170305
DrWeb 20170305
Emsisoft 20170305
Endgame 20170222
ESET-NOD32 20170305
F-Prot 20170305
F-Secure 20170305
GData 20170305
Ikarus 20170305
Sophos ML 20170203
Jiangmin 20170301
K7AntiVirus 20170305
K7GW 20170305
Kaspersky 20170305
Kingsoft 20170305
Malwarebytes 20170305
Microsoft 20170305
eScan 20170305
NANO-Antivirus 20170305
nProtect 20170305
Panda 20170305
Qihoo-360 20170305
Sophos AV 20170305
SUPERAntiSpyware 20170305
Tencent 20170305
TheHacker 20170305
TrendMicro 20170305
Trustlook 20170305
VBA32 20170303
VIPRE 20170305
ViRobot 20170305
Webroot 20170305
WhiteArmor 20170303
Yandex 20170225
Zillya 20170304
Zoner 20170305
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name ?????????? ??????? RX.exe
Internal name ?????????? ??????? RX.exe
File version 1.0.0.0
Comments Modified by an unpaid evaluation copy of Resource Tuner 2 (www.heaventools.com)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-29 19:51:23
Entry Point 0x01091CFA
Number of sections 3
.NET details
Module Version ID 861b27ca-7219-47c9-8168-2c84f4f3a131
TypeLib ID d7c6356b-75b1-4e7a-9dbc-1ead627e5c02
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Comments
Modified by an unpaid evaluation copy of Resource Tuner 2 (www.heaventools.com)

InitializedDataSize
124416

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
48.0

FileTypeExtension
exe

OriginalFileName
RX.exe

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2017:01:29 20:51:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
RX.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
17366528

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1091cfa

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 d6acbd7a75dc911c097008d0756e501b
SHA1 ae218f8f8b78a74e68ac726ec592f32159b0035f
SHA256 aa2db36083bc2419b893b2b5f5c529eead158eb354cd1ba9ecd4f4229592c79a
ssdeep
393216:HC2P/okZJzEMO7SSr/rjHg8QY8c7SMju4B:i2PgkZBE373r/nA82KSMh

authentihash 64bd1ef62b4c892d2e885ecc6d3e53bdf7349a5ae6abbcdd46e88d708f4d6b7b
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 16.7 MB ( 17491456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-02-01 10:11:20 UTC ( 6 months, 2 weeks ago )
Last submission 2017-03-05 14:36:54 UTC ( 5 months, 2 weeks ago )
File names DarkRat.exe
?????????? ??????? RX.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications