b406ea5b8628cb7801f47c0189b96182
Hash
- MD5: b406ea5b8628cb7801f47c0189b96182
- SHA1: 937c21ed4fa8ee6f6b8ff22ce300b03b3f7c3595
- SHA256: 70a7f0aeda59f8563031b5ab4554b52f32118a96d197871181aca4ba91168cff
- First Seen: 2026-05-13
- Last Seen: 2026-05-13
-
1
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "70a7f0aeda59f8563031b5ab4554b52f32118a96d197871181aca4ba91168cff",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/70a7f0aeda59f8563031b5ab4554b52f32118a96d197871181aca4ba91168cff"
},
"attributes": {
"unique_sources": 1,
"magic": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
"times_submitted": 3,
"type_description": "Win32 EXE",
"crowdsourced_yara_results": [
{
"ruleset_id": "00c291ca7f",
"ruleset_version": "00c291ca7f|e76c93dcdedff04076380ffc60ea54e45b313635",
"ruleset_name": "indicator_packed",
"rule_name": "INDICATOR_EXE_Packed_Fody",
"match_date": 1780688935,
"description": "Detects executables manipulated with Fody",
"author": "ditekSHen",
"source": "https://github.com/ditekshen/detection"
}
],
"detectiteasy": {
"filetype": "PE32",
"values": [
{
"type": "Compiler",
"name": "VB.NET"
},
{
"version": "v4.0.30319",
"type": "Library",
"name": ".NET"
},
{
"version": "8.0",
"type": "Linker",
"name": "Microsoft Linker"
}
]
},
"last_analysis_stats": {
"malicious": 55,
"suspicious": 0,
"undetected": 15,
"harmless": 0,
"timeout": 0,
"confirmed-timeout": 0,
"failure": 1,
"type-unsupported": 4
},
"total_votes": {
"harmless": 0,
"malicious": 0
},
"type_tag": "peexe",
"last_modification_date": 1780696108,
"filecondis": {
"raw_md5": "e6f911b5c50b2b715e5514dbb47a0cde",
"dhash": "f8783e1c2e264700"
},
"popular_threat_classification": {
"suggested_threat_label": "trojan.asyncrat/msil",
"popular_threat_category": [
{
"count": 34,
"value": "trojan"
}
],
"popular_threat_name": [
{
"count": 20,
"value": "asyncrat"
},
{
"count": 11,
"value": "msil"
},
{
"count": 4,
"value": "sheetrat"
}
]
},
"meaningful_name": "rTom.exe",
"sha256": "70a7f0aeda59f8563031b5ab4554b52f32118a96d197871181aca4ba91168cff",
"reputation": 0,
"first_seen_itw_date": 1779073507,
"creation_date": 1773629078,
"last_analysis_results": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "8.2.40(8338)",
"engine_update": "20260605",
"category": "malicious",
"result": "W32.Malware.20C59AE8"
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260605",
"category": "malicious",
"result": "Trojan.Win32.AsyncRAT.4!c"
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": "v0.1.4",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260605",
"category": "malicious",
"result": "IL:Trojan.AsyncRAT.2"
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"CMC": {
"method": "blacklist",
"engine_name": "CMC",
"engine_version": "2.4.2022.1",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": "v2021.2.0+4045",
"engine_update": "20260605",
"category": "malicious",
"result": "Artemis!Trojan"
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260605",
"category": "malicious",
"result": "IL:Trojan.AsyncRAT.2"
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.238",
"engine_update": "20260605",
"category": "malicious",
"result": "Malware.AI.4287388130"
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260605",
"category": "malicious",
"result": "IL:Trojan.AsyncRAT.2"
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260605",
"category": "malicious",
"result": "Trojan.Win32.Asyncrat.V4si"
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20251219",
"category": "malicious",
"result": "win/malicious_confidence_90% (W)"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260605",
"category": "malicious",
"result": "IL:Trojan.AsyncRAT.2"
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.55.59729",
"engine_update": "20260605",
"category": "malicious",
"result": "Backdoor ( 005cee991 )"
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.55.59728",
"engine_update": "20260605",
"category": "malicious",
"result": "Backdoor ( 005cee991 )"
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260605",
"category": "malicious",
"result": "IL:Trojan.AsyncRAT.2"
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1222",
"engine_update": "20260605",
"category": "malicious",
"result": "Trojan.Win32.MSIL_Heur.A"
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260605",
"category": "malicious",
"result": "Trojan.Gen.2"
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.264",
"engine_update": "20260603",
"category": "malicious",
"result": "malicious (high confidence)"
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260605",
"category": "malicious",
"result": "MSIL/AsyncRAT.C trojan"
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260605",
"category": "malicious",
"result": "Backdoor.MSIL.ASYNCRAT.TL0101EJ26ZZ"
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260605",
"category": "malicious",
"result": "generic.ml"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260605",
"category": "malicious",
"result": "HEUR:Backdoor.MSIL.SheetRat.gen"
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "malicious",
"result": "Backdoor:Win32/AsyncRAT.9bb5142b"
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260605",
"category": "malicious",
"result": "Trojan.Win.Z.Asyncrat.2355200.A"
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260605",
"category": "malicious",
"result": "Malware.Win32.Gencirc.14ab7f8a"
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.5.1.0",
"engine_update": "20260605",
"category": "malicious",
"result": "Mal/Generic-S"
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260605",
"category": "malicious",
"result": "Trojan.TR/W32.Agent"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260605",
"category": "malicious",
"result": "BackDoor.AsyncRATNET.1"
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5615",
"engine_update": "20260604",
"category": "malicious",
"result": "Trojan.AsyncRAT.Win32.26120"
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260605",
"category": "malicious",
"result": "Backdoor.MSIL.ASYNCRAT.TL0101EJ26ZZ"
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14833",
"engine_update": "20260605",
"category": "malicious",
"result": "Real Protect-LS!B406EA5B8628"
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260604",
"category": "malicious",
"result": "suspicious.low.ml.score"
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260605",
"category": "malicious",
"result": "exe.trojan.asyncrat"
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260605",
"category": "malicious",
"result": "IL:Trojan.AsyncRAT.2 (B)"
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "malicious",
"result": "Static AI - Suspicious PE"
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": "16.0.100",
"engine_update": "20260604",
"category": "undetected",
"result": null
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.9.0.8",
"engine_update": "20250227",
"category": "malicious",
"result": "W32.Malware.gen"
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1780678858",
"engine_update": "20260605",
"category": "malicious",
"result": "Detected"
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260605",
"category": "malicious",
"result": "TR/W32.Agent"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260605",
"category": "malicious",
"result": "Trojan[Backdoor]/MSIL.SheetRat"
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260605",
"category": "malicious",
"result": "MSIL.Backdoor.SheetRat.gen"
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.247.174",
"engine_update": "20260605",
"category": "malicious",
"result": "Trojan.Win32.Agent.sa"
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": "38705",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26040.8",
"engine_update": "20260605",
"category": "malicious",
"result": "Trojan:MSIL/AsyncRat.ABA!MTB"
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.25-116107326",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44803AVA:64.31368",
"engine_update": "20260605",
"category": "malicious",
"result": "IL:Trojan.AsyncRAT.2"
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260605",
"category": "malicious",
"result": "W32/MSIL_Agent.BVQ.gen!Eldorado"
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260605",
"category": "malicious",
"result": "Trojan/Win.AsyncRAT.C5858368"
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": "5.6.1",
"engine_update": "20260605",
"category": "malicious",
"result": "Backdoor.MSIL.Crysan.Heur"
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-06-05.02",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260605",
"category": "malicious",
"result": "MALICIOUS"
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260521",
"category": "malicious",
"result": "Unsafe"
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260605",
"category": "malicious",
"result": "Trj/CI.A"
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.785",
"engine_update": "20260604",
"category": "malicious",
"result": "Malicious"
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260605",
"category": "malicious",
"result": "Backdoor.SheetRat!8.1962E (CLOUD)"
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260605",
"category": "malicious",
"result": "Artemis!B406EA5B8628"
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "cde3466:cde3466:d28a123:d28a123",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260605",
"category": "malicious",
"result": "Trojan.Malware.325019628.susgen"
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.48.0",
"engine_update": "20260605",
"category": "malicious",
"result": "W32/SPCL_Asyncrat.6182!tr"
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260605",
"category": "malicious",
"result": "Win32:MalwareX-gen [Misc]"
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260605",
"category": "malicious",
"result": "Win32:MalwareX-gen [Misc]"
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "malicious",
"result": "Backdoor:MSIL/AsyncRAT.C"
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.5.4.0",
"engine_update": "20260605",
"category": "failure",
"result": null
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260605",
"category": "type-unsupported",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20260525",
"category": "type-unsupported",
"result": null
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260605-00",
"engine_update": "20260605",
"category": "type-unsupported",
"result": null
}
},
"pe_info": {
"timestamp": 1773629078,
"imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
"machine_type": 332,
"entry_point": 2359298,
"resource_details": [
{
"lang": "NEUTRAL",
"chi2": 73079.32,
"filetype": "unknown",
"entropy": 3.3814499378204346,
"sha256": "6f3d5a92bab1df16d1b033a248d77986dc7431d49600f1db226bb08cc796b733",
"type": "RT_VERSION"
},
{
"lang": "NEUTRAL",
"chi2": 10805.65,
"filetype": "unknown",
"entropy": 5.18748664855957,
"sha256": "3b904ab04cb29f4f2cf083c2b133a494ad05e6ef5c6a0243c31b51fc25e6941f",
"type": "RT_MANIFEST"
}
],
"resource_langs": {
"NEUTRAL": 2
},
"resource_types": {
"RT_MANIFEST": 1,
"RT_VERSION": 1
},
"sections": [
{
"name": ".text",
"chi2": 51336900.0,
"virtual_address": 8192,
"flags": "rx",
"raw_size": 2351616,
"entropy": 5.82,
"virtual_size": 2351128,
"md5": "e25f390e4df397dcf5644fd1f9ff7e8e"
},
{
"name": ".rsrc",
"chi2": 102054.4,
"virtual_address": 2367488,
"flags": "r",
"raw_size": 2560,
"entropy": 4.36,
"virtual_size": 2216,
"md5": "a261ee809d30bdb12b049f29ac158962"
},
{
"name": ".reloc",
"chi2": 128522.0,
"virtual_address": 2375680,
"flags": "r",
"raw_size": 512,
"entropy": 0.08,
"virtual_size": 12,
"md5": "287e2f7d5b1da4cb83d059520ee8d21c"
}
],
"import_list": [
{
"library_name": "mscoree.dll",
"imported_functions": [
"_CorExeMain"
]
}
]
},
"signature_info": {
"description": "Enterpirse Resource Synchronizer",
"file version": "2.14.302.11",
"original name": "rTom.exe",
"comments": "Internal background service for managing encrypted data",
"internal name": "rTom.exe"
},
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"peexe"
],
"tlsh": "T18FB54B017BE8CE27C1BF6BB3E46202552BB4E546E3A3F74B568416B92C427406D163BF",
"md5": "b406ea5b8628cb7801f47c0189b96182",
"first_submission_date": 1779069889,
"authentihash": "75cd61858b23e715d334b9ee6e40c085e1e0ca5ebccf648622cd32524239872f",
"sha1": "937c21ed4fa8ee6f6b8ff22ce300b03b3f7c3595",
"magika": "PEBIN",
"trid": [
{
"file_type": "Generic CIL Executable (.NET, Mono, etc.)",
"probability": 64.2
},
{
"file_type": "DOS Borland compiled Executable (generic)",
"probability": 8.7
},
{
"file_type": "Win32 Dynamic Link Library (generic)",
"probability": 5.7
},
{
"file_type": "Win64 Executable (generic)",
"probability": 5.7
},
{
"file_type": "Win16 NE executable (generic)",
"probability": 4.4
}
],
"vhash": "22603655151ff0bb70ffff201f64ff",
"names": [
"rTom.exe",
"leopard_decrypted.dll",
"jjgte.exe"
],
"ssdeep": "24576:9ObsiOYKmCpwbueJD9qzhb3kOeItjc0a5r7wWYdUEjXCOV7Dh/DkhUPxv8HzO0La:UbJAzQItLWY6EjXVwHzO0LZ+Wq",
"sandbox_verdicts": {
"Zenbox": {
"category": "harmless",
"malware_classification": [
"CLEAN"
],
"sandbox_name": "Zenbox",
"confidence": 98
},
"C2AE": {
"category": "undetected",
"malware_classification": [
"UNKNOWN_VERDICT"
],
"sandbox_name": "C2AE"
}
},
"type_extension": "exe",
"size": 2355200,
"tags": [
"peexe",
"assembly",
"detect-debug-environment"
],
"last_submission_date": 1779153490,
"last_analysis_date": 1780688195
}
}
}