e0e4aec6d494fe68cdaa52d6878a8366
Hash
- MD5: e0e4aec6d494fe68cdaa52d6878a8366
- SHA1: 964123a483a79efb5dcefd22ed19f6a808140ec6
- SHA256: 531aacc5cfe1abb14aaf55a2128940db30c63cbc8d5f9846ff8608e566fecb88
- First Seen: 2026-05-13
- Last Seen: 2026-05-13
-
1
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "531aacc5cfe1abb14aaf55a2128940db30c63cbc8d5f9846ff8608e566fecb88",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/531aacc5cfe1abb14aaf55a2128940db30c63cbc8d5f9846ff8608e566fecb88"
},
"attributes": {
"sandbox_verdicts": {
"Zenbox": {
"category": "malicious",
"malware_classification": [
"MALWARE",
"TROJAN",
"EVADER",
"RAT"
],
"sandbox_name": "Zenbox",
"malware_names": [
"AsyncRAT"
],
"confidence": 76
},
"CAPE Sandbox": {
"category": "malicious",
"malware_classification": [
"RAT"
],
"sandbox_name": "CAPE Sandbox",
"malware_names": [
"AsyncRAT"
]
},
"C2AE": {
"category": "malicious",
"malware_classification": [
"RAT",
"STEALER"
],
"sandbox_name": "C2AE",
"malware_names": [
"AsyncRAT",
"AgentTesla"
],
"confidence": 95
}
},
"type_description": "Win32 EXE",
"signature_info": {
"file version": "1.0.0.0",
"original name": "Stub.exe",
"internal name": "Stub.exe"
},
"tags": [
"assembly",
"detect-debug-environment",
"peexe"
],
"last_analysis_results": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "8.2.40(8338)",
"engine_update": "20260526",
"category": "malicious",
"result": "W32.Malware.2969470A"
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Win32.AsyncRat.m!c"
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260527",
"category": "malicious",
"result": "MSIL:AsyncRat-E [Pws]"
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": "v0.1.4",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260527",
"category": "malicious",
"result": "Gen:Variant.Application.FCA.2701"
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260527",
"category": "malicious",
"result": "exe.backdoor.msil"
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260526",
"category": "malicious",
"result": "Backdoor.MSIL"
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": "v2021.2.0+4045",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan-FVQO!E0E4AEC6D494"
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260526",
"category": "malicious",
"result": "Gen:Variant.Application.FCA.2701"
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.235",
"engine_update": "20260527",
"category": "malicious",
"result": "Backdoor.AsyncRAT"
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260526",
"category": "malicious",
"result": "Gen:Variant.Application.FCA.2701"
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260525",
"category": "malicious",
"result": "Backdoor.Msil.Asyncrat.V3wv"
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.54.59625",
"engine_update": "20260527",
"category": "malicious",
"result": "Backdoor ( 005cee991 )"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260527",
"category": "malicious",
"result": "Gen:Variant.Application.FCA.2701"
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.54.59625",
"engine_update": "20260527",
"category": "malicious",
"result": "Backdoor ( 005cee991 )"
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20251219",
"category": "malicious",
"result": "win/malicious_confidence_100% (W)"
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Application.FCA.DA8D"
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "3441629:3441629:bcc2753:bcc2753",
"engine_update": "20260526",
"category": "malicious",
"result": "Backdoor/MSIL.DcRat.a"
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1215",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Win32.MSIL_Heur.A"
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260527",
"category": "malicious",
"result": "ML.Attribute.HighConfidence"
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.263",
"engine_update": "20260526",
"category": "malicious",
"result": "Windows.Generic.Threat"
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260527",
"category": "malicious",
"result": "MSIL/AsyncRAT.C trojan"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.782",
"engine_update": "20260525",
"category": "malicious",
"result": "Malicious"
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260527",
"category": "malicious",
"result": "MSIL:AsyncRat-E [Pws]"
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260526",
"category": "malicious",
"result": "Win.Packed.Razy-9625918-0"
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260527",
"category": "malicious",
"result": "HEUR:Backdoor.MSIL.SheetRat.gen"
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "malicious",
"result": "Backdoor:MSIL/AsyncRat.5dcf75d3"
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260527",
"category": "malicious",
"result": "Trojan.Win32.AsyncRAT.lhhviy"
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260527",
"category": "malicious",
"result": "Backdoor.Win.Z.Asyncrat.2237440"
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260527",
"category": "malicious",
"result": "Trojan.AntiVM!1.CF63 (CLASSIC)"
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.5.1.0",
"engine_update": "20260526",
"category": "malicious",
"result": "Mal/Generic-S"
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.TR/Dropper.Gen"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260527",
"category": "malicious",
"result": "BackDoor.AsyncRATNET.2"
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5608",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260527",
"category": "malicious",
"result": "Backdoor.Win32.QUASARRAT.YXGERZ"
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14532",
"engine_update": "20260527",
"category": "malicious",
"result": "Trojan:Win/Generic.BCX"
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260504",
"category": "undetected",
"result": null
},
"CMC": {
"method": "blacklist",
"engine_name": "CMC",
"engine_version": "2.4.2022.1",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260527",
"category": "malicious",
"result": "Gen:Variant.Application.FCA.2701 (B)"
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.4.16.0",
"engine_update": "20260526",
"category": "malicious",
"result": "Backdoor.AsyncRat"
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": "16.0.100",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.9.0.8",
"engine_update": "20250227",
"category": "undetected",
"result": null
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260526",
"category": "malicious",
"result": "TR/Dropper.Gen"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260527",
"category": "malicious",
"result": "Trojan[Backdoor]/MSIL.SheetRat"
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260526",
"category": "malicious",
"result": "MSIL.Backdoor.SheetRat.gen"
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.246.174",
"engine_update": "20260527",
"category": "malicious",
"result": "Trojan.Win32.Agent.sa"
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": "38678",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26040.8",
"engine_update": "20260527",
"category": "malicious",
"result": "Backdoor:MSIL/AsyncRat!atmn"
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260525",
"category": "undetected",
"result": null
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.25-116107039",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44690AVA:64.31313",
"engine_update": "20260527",
"category": "malicious",
"result": "Gen:Variant.Application.FCA.2701"
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260527",
"category": "malicious",
"result": "W32/MSIL_Agent.BTJ.gen!Eldorado"
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260527",
"category": "malicious",
"result": "Backdoor/Win.Agent.C5840021"
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-05-27.01",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260521",
"category": "malicious",
"result": "Unsafe"
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260527",
"category": "malicious",
"result": "Backdoor.Win32.QUASARRAT.YXGERZ"
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260527",
"category": "malicious",
"result": "Backdoor.Msil.Dcrat.16002822"
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260526",
"category": "undetected",
"result": null
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "malicious",
"result": "Static AI - Malicious PE"
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260526",
"category": "malicious",
"result": "Trojan.Malware.248441918.susgen"
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.48.0",
"engine_update": "20260527",
"category": "malicious",
"result": "MSIL/Agent.CFW!tr"
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260527",
"category": "undetected",
"result": null
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260527",
"category": "malicious",
"result": "generic.ml"
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "malicious",
"result": "Rat:Win/AsyncRAT.Stub"
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": null,
"engine_update": "20260527",
"category": "timeout",
"result": null
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260526",
"category": "timeout",
"result": null
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260526",
"category": "timeout",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": null,
"engine_update": "20260526",
"category": "timeout",
"result": null
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260526",
"category": "failure",
"result": null
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260527",
"category": "type-unsupported",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20260525",
"category": "type-unsupported",
"result": null
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260526-00",
"engine_update": "20260526",
"category": "type-unsupported",
"result": null
}
},
"crowdsourced_yara_results": [
{
"ruleset_id": "00f69a1b91",
"ruleset_version": "00f69a1b91|575714b4e87acb1e739b3a48997f543d4abf9029",
"ruleset_name": "rat_detection",
"rule_name": "Multifamily_RAT_Detection",
"match_date": 1779858867,
"description": "Generic detection for multiple RAT families, PUPs, packers and suspicious executables. NOTE: This rule may produce false positives. Updated May 2026 to reduce False Positives.",
"author": "Lucas Acha (https://www.lukeacha.com)",
"source": "https://github.com/securitymagic/yara"
},
{
"ruleset_id": "00c291ca7f",
"ruleset_version": "00c291ca7f|e76c93dcdedff04076380ffc60ea54e45b313635",
"ruleset_name": "indicator_packed",
"rule_name": "INDICATOR_EXE_Packed_Fody",
"match_date": 1779858867,
"description": "Detects executables manipulated with Fody",
"author": "ditekSHen",
"source": "https://github.com/ditekshen/detection"
},
{
"ruleset_id": "0159d9b883",
"ruleset_version": "0159d9b883|13ca65eb8f789f587a26e3e3743e0ec305cc666d",
"ruleset_name": "Windows_Generic_Threat",
"rule_name": "Windows_Generic_Threat_ce98c4bc",
"match_date": 1779858867,
"author": "Elastic Security",
"source": "https://github.com/elastic/protections-artifacts"
},
{
"ruleset_id": "00b767eee3",
"ruleset_version": "00b767eee3|b488c511a7c48ed6c425bf38811bf08e87b0ddbf",
"ruleset_name": "AsyncRAT",
"rule_name": "AsyncRAT_kingrat",
"match_date": 1779858867,
"author": "jeFF0Falltrades",
"source": "https://github.com/kevoreilly/CAPEv2"
},
{
"ruleset_id": "009cfa8ad5",
"ruleset_version": "009cfa8ad5|347a57b31829b6f8e3280e0fd6a0ed49e5453c67",
"ruleset_name": "sandboxdetect",
"rule_name": "sandboxdetect_misc",
"match_date": 1779858867,
"description": "Sandbox detection tricks",
"author": "AlienVault Labs",
"source": "https://github.com/AlienVault-Labs/AlienVaultLabs"
},
{
"ruleset_id": "004629696d",
"ruleset_version": "004629696d|19ec0d145535a6a4cfd37c0960114f455a8c343e",
"ruleset_name": "rule",
"rule_name": "asyncrat",
"match_date": 1779858867,
"description": "detect AsyncRat in memory",
"author": "JPCERT/CC Incident Response Group",
"source": "https://github.com/JPCERTCC/MalConfScan"
},
{
"ruleset_id": "015008077f",
"ruleset_version": "015008077f|13ca65eb8f789f587a26e3e3743e0ec305cc666d",
"ruleset_name": "Windows_Trojan_Asyncrat",
"rule_name": "Windows_Trojan_Asyncrat_11a11ba1",
"match_date": 1779858867,
"author": "Elastic Security",
"source": "https://github.com/elastic/protections-artifacts"
},
{
"ruleset_id": "000ec4b68e",
"ruleset_version": "000ec4b68e|1d926845269a3ac8de0431da133950390b5cced3",
"ruleset_name": "gen_susp_net_msil",
"rule_name": "SUSP_NET_Msil_Suspicious_Use_StrReverse",
"match_date": 1779858867,
"description": "Detects mixed use of Microsoft.CSharp and VisualBasic to use StrReverse",
"author": "dr4k0nia, modified by Florian Roth",
"source": "https://github.com/Neo23x0/signature-base"
},
{
"ruleset_id": "01ae45c4db",
"ruleset_version": "01ae45c4db|834366aa118f4e231f6f835e1dd479dab29dc599",
"ruleset_name": "rat_win_asyncrat",
"rule_name": "rat_win_asyncrat",
"match_date": 1779858867,
"description": "Detect AsyncRAT based on specific strings",
"author": "Sekoia.io",
"source": "https://github.com/SEKOIA-IO/Community"
}
],
"creation_date": 1768387491,
"times_submitted": 2,
"reputation": 0,
"last_analysis_date": 1779857432,
"pe_info": {
"timestamp": 1768387491,
"imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
"machine_type": 332,
"entry_point": 2242334,
"resource_details": [
{
"lang": "NEUTRAL",
"chi2": 63208.22,
"filetype": "unknown",
"entropy": 3.1522817611694336,
"sha256": "23202710be8c5fc9672495b0b62bebcf29a087cc7e07236f6bb155efb6e499ad",
"type": "RT_VERSION"
},
{
"lang": "NEUTRAL",
"chi2": 10805.65,
"filetype": "unknown",
"entropy": 5.18748664855957,
"sha256": "3b904ab04cb29f4f2cf083c2b133a494ad05e6ef5c6a0243c31b51fc25e6941f",
"type": "RT_MANIFEST"
}
],
"resource_langs": {
"NEUTRAL": 2
},
"resource_types": {
"RT_MANIFEST": 1,
"RT_VERSION": 1
},
"sections": [
{
"name": ".text",
"chi2": 50518376.0,
"virtual_address": 8192,
"flags": "rx",
"raw_size": 2234368,
"entropy": 5.8,
"virtual_size": 2234148,
"md5": "7b8aa8d03878c18cf68c16c7f9151c0f"
},
{
"name": ".rsrc",
"chi2": 48579.5,
"virtual_address": 2244608,
"flags": "r",
"raw_size": 2048,
"entropy": 4.81,
"virtual_size": 2020,
"md5": "02394a03901fabc9e1ab032e4afaea33"
},
{
"name": ".reloc",
"chi2": 128015.0,
"virtual_address": 2252800,
"flags": "r",
"raw_size": 512,
"entropy": 0.1,
"virtual_size": 12,
"md5": "89a69bc7adc212e17204f6b84fb6400f"
}
],
"import_list": [
{
"library_name": "mscoree.dll",
"imported_functions": [
"_CorExeMain"
]
}
]
},
"first_seen_itw_date": 1779082802,
"packers": {
"PEiD": ".NET executable"
},
"popular_threat_classification": {
"suggested_threat_label": "trojan.msil/asyncrat",
"popular_threat_name": [
{
"count": 16,
"value": "msil"
},
{
"count": 12,
"value": "asyncrat"
},
{
"count": 3,
"value": "sheetrat"
}
],
"popular_threat_category": [
{
"count": 31,
"value": "trojan"
},
{
"count": 2,
"value": "dropper"
}
]
},
"total_votes": {
"harmless": 0,
"malicious": 0
},
"detectiteasy": {
"filetype": "PE32",
"values": [
{
"type": "Compiler",
"name": "VB.NET"
},
{
"version": "v4.0.30319",
"type": "Library",
"name": ".NET"
},
{
"version": "8.0",
"type": "Linker",
"name": "Microsoft Linker"
}
]
},
"last_modification_date": 1780417147,
"names": [
"Stub.exe",
"zo75s.exe",
"wolf_decrypted_payload.dll"
],
"dot_net_assembly": {
"entry_point_token": 100663297,
"metadata_header_rva": 915704,
"assembly_name": "aaa.exe",
"resources_va": 36014,
"assembly_flags": 3,
"strongname_va": 0,
"external_assemblies": {
"": {
"version": "1863.1089.1.1864"
},
"on": {
"version": "1.1811.1025.2"
},
"tObjectMemberSerialization": {
"version": "2.1796.999.2"
},
"t_IsAggressiveOptimization": {
"version": "2.1840.1049.2"
}
},
"tables_present": 31,
"entry_point_rva": 879688,
"tables_rows_map": "123f60301cf103c67044394b313b7a2516a2993120868e02328c0e0712f4394b55be01300100e00004154cf14c34",
"assembly_flags_txt": "COMIMAGE_FLAGS_ILONLY, COMIMAGE_FLAGS_32BITREQUIRED",
"external_modules": [
"System.Collections.Generic.IEnumerator<Newtonsoft.Json.Linq.JToken>.Current",
"_TypeCode",
"System.Collections.Generic.IEnumerator<Newtonsoft.Json.Linq.JToken>.Current",
"_TypeCode"
],
"streams": {
"#~": {
"chi2": 35041712.0,
"size": 783776,
"entropy": 5.101561546325684,
"md5": "c046be080e9047320c7f6091cdaf51ee"
},
"#Strings": {
"chi2": 2368608.75,
"size": 235100,
"entropy": 5.08758544921875,
"md5": "d74f027d300a068c889053e95a8196b9"
},
"#US": {
"chi2": 11134030.0,
"size": 171968,
"entropy": 3.76509690284729,
"md5": "e16abb18516d1808c977e418009330a1"
},
"#GUID": {
"chi2": 272.0,
"size": 16,
"entropy": 3.875,
"md5": "3e003b8189fcd3d9551118ec27505a67"
},
"#Blob": {
"chi2": 1027417.5625,
"size": 135572,
"entropy": 5.970460414886475,
"md5": "fd693b47d73898e88f1fed0d382753f0"
}
},
"clr_meta_version": "1.1",
"clr_version": "v4.0.30319",
"assembly_data": {
"majorversion": 977,
"minorversion": 2,
"hashalgid": 116588545,
"flags_text": "afPublicKey ",
"buildnumber": 1780,
"flags": 116719617,
"pubkey": "\\xf1\\x0e",
"revisionnumber": 979
},
"manifest_resource": [
"SQLiteNativeHandle"
],
"tables_present_map": "1f093fb6ff57",
"tables_rows_map_log": "4abdddbccc957b67acca6b974659998",
"type_definition_list": [
{
"namespace": "System",
"type_definitions": [
"Object",
"IAsyncResult",
"Enum",
"Action`10",
"ValueType",
"Attribute",
"IComparable`1",
"IEquatable`1",
"IDisposable",
"Func`3",
"Func`2",
"Func`1",
"Exception",
"Type",
"Guid",
"Decimal",
"EventHandler",
"Version",
"ICloneable",
"Nullable`1",
"StringComparison",
"Action`2",
"Comparison`1",
"MulticastDelegate",
"AsyncCallback",
"DateTime",
"TimeSpan",
"EventArgs",
"DateTimeOffset",
"Uri",
"EventHandler`1",
"IConvertible",
"Array",
"DateTimeKind",
"Tuple`2",
"ArgumentOutOfRangeException",
"IFormatProvider",
"Delegate",
"Predicate`1",
"Func`4",
"TypeCode",
"IFormattable",
"IComparable",
"WeakReference",
"IServiceProvider",
"AttributeUsageAttribute",
"AttributeTargets",
"FlagsAttribute",
"ParamArrayAttribute",
"ObsoleteAttribute",
"CLSCompliantAttribute",
"ThreadStaticAttribute",
"Convert",
"Environment",
"String",
"Char",
"Random",
"StringSplitOptions",
"Byte",
"UriHostNameType",
"BitConverter",
"GC",
"IntPtr",
"Int32",
"OperatingSystem",
"Int64",
"Boolean",
"AppDomain",
"Activator",
"RuntimeTypeHandle",
"ArgumentException",
"ArgumentNullException",
"Buffer",
"RuntimeFieldHandle",
"UInt64",
"Double",
"Single",
"NotImplementedException",
"Math",
"UInt32",
"InvalidOperationException",
"NotSupportedException",
"BadImageFormatException",
"PlatformNotSupportedException",
"EntryPointNotFoundException",
"DllNotFoundException",
"PlatformID",
"UIntPtr",
"StringComparer",
"SByte",
"Int16",
"UInt16",
"ApplicationException",
"OutOfMemoryException",
"AccessViolationException",
"Void",
"TypedReference",
"UnauthorizedAccessException",
"InvalidCastException",
"RuntimeMethodHandle",
"Nullable",
"UriKind",
"DBNull",
"TimeZoneInfo",
"FormatException",
"NonSerializedAttribute",
"SerializableAttribute",
"IndexOutOfRangeException",
"ObjectDisposedException",
"Console",
"ConsoleKeyInfo"
]
},
{
"namespace": "System.Security.Cryptography.X509Certificates",
"type_definitions": [
"X509Certificate2",
"X509Certificate",
"X509Chain",
"PublicKey",
"X509CertificateCollection"
]
},
{
"namespace": "System.Net.Sockets",
"type_definitions": [
"Socket",
"AddressFamily",
"SocketType",
"ProtocolType",
"NetworkStream",
"SelectMode"
]
},
{
"namespace": "System.Net.Security",
"type_definitions": [
"SslStream",
"SslPolicyErrors",
"RemoteCertificateValidationCallback"
]
},
{
"namespace": "System.Threading",
"type_definitions": [
"Timer",
"Mutex",
"Thread",
"TimerCallback",
"ParameterizedThreadStart",
"Monitor",
"WaitHandle",
"Interlocked"
]
},
{
"namespace": "System.Drawing.Imaging",
"type_definitions": [
"ImageCodecInfo",
"ImageFormat"
]
},
{
"namespace": "System.Text",
"type_definitions": [
"StringBuilder",
"UTF8Encoding",
"Encoding",
"Decoder"
]
},
{
"namespace": "Microsoft.Win32",
"type_definitions": [
"SessionEndingEventArgs",
"RegistryKey",
"Registry",
"RegistryKeyPermissionCheck",
"SessionEndingEventHandler",
"SystemEvents",
"RegistryValueKind"
]
},
{
"namespace": "System.Collections.Generic",
"type_definitions": [
"List`1",
"IList`1",
"ICollection`1",
"IEnumerable`1",
"IEnumerator`1",
"Dictionary`2",
"Stack`1",
"IEqualityComparer`1",
"KeyValuePair`2",
"IComparer`1",
"IDictionary`2",
"Queue`1",
"SortedList`2",
"EqualityComparer`1",
"ISet`1",
"HashSet`1",
"KeyNotFoundException",
"Comparer`1"
]
},
{
"namespace": "System.Runtime.CompilerServices",
"type_definitions": [
"CallSite`1",
"CallSite",
"IsVolatile",
"StrongBox`1",
"CallSiteBinder",
"CompilationRelaxationsAttribute",
"RuntimeCompatibilityAttribute",
"CompilerGeneratedAttribute",
"ExtensionAttribute",
"RuntimeHelpers"
]
},
{
"namespace": "System.Collections",
"type_definitions": [
"IEnumerator",
"IEnumerable",
"IEqualityComparer",
"IList",
"ICollection",
"IDictionary",
"IDictionaryEnumerator",
"DictionaryEntry",
"Hashtable",
"BitArray"
]
},
{
"namespace": "System.IO",
"type_definitions": [
"Stream",
"IOException",
"BinaryWriter",
"SeekOrigin",
"BinaryReader",
"StringReader",
"MemoryStream",
"StringWriter",
"TextReader",
"TextWriter",
"FileInfo",
"StreamWriter",
"Path",
"FileSystemInfo",
"File",
"FileStream",
"FileMode",
"DriveInfo",
"FileAccess",
"FileShare",
"Directory",
"DirectoryInfo",
"EndOfStreamException"
]
},
{
"namespace": "System.Runtime.Serialization",
"type_definitions": [
"SerializationInfo",
"StreamingContext",
"IFormatter",
"SerializationBinder",
"EnumMemberAttribute",
"IFormatterConverter",
"ISerializable",
"DataContractAttribute",
"DataMemberAttribute",
"StreamingContextStates",
"ISurrogateSelector",
"OnSerializingAttribute",
"OnSerializedAttribute",
"OnDeserializingAttribute",
"OnDeserializedAttribute",
"IgnoreDataMemberAttribute",
"FormatterServices",
"SerializationInfoEnumerator",
"SerializationEntry",
"FormatterConverter"
]
},
{
"namespace": "System.Reflection",
"type_definitions": [
"Assembly",
"AssemblyName",
"ConstructorInfo",
"MethodBase",
"Module",
"ParameterInfo",
"FieldInfo",
"CallingConventions",
"PropertyInfo",
"EventInfo",
"MethodInfo",
"BindingFlags",
"MemberInfo",
"MemberTypes",
"AssemblyTitleAttribute",
"AssemblyDescriptionAttribute",
"AssemblyConfigurationAttribute",
"AssemblyCompanyAttribute",
"AssemblyProductAttribute",
"AssemblyCopyrightAttribute",
"AssemblyTrademarkAttribute",
"AssemblyFileVersionAttribute",
"DefaultMemberAttribute",
"AssemblyNameFlags",
"MethodAttributes",
"MethodBody",
"LocalVariableInfo",
"TargetParameterCountException",
"Binder",
"ParameterModifier",
"ICustomAttributeProvider",
"ReflectionTypeLoadException"
]
},
{
"namespace": "System.Runtime.InteropServices",
"type_definitions": [
"GCHandle",
"CriticalHandle",
"ComVisibleAttribute",
"GuidAttribute",
"InterfaceTypeAttribute",
"ComInterfaceType",
"UnmanagedFunctionPointerAttribute",
"CallingConvention",
"Marshal",
"GCHandleType",
"SafeHandle",
"COMException",
"ExternalException"
]
},
{
"namespace": "Microsoft.Win32.SafeHandles",
"type_definitions": [
"SafeFileHandle"
]
},
{
"namespace": "System.Security.Cryptography",
"type_definitions": [
"HashAlgorithm",
"RSA",
"AsymmetricAlgorithm",
"RSACryptoServiceProvider",
"CryptoConfig",
"MD5CryptoServiceProvider",
"Rfc2898DeriveBytes",
"DeriveBytes",
"AesCryptoServiceProvider",
"CryptoStream",
"HMACSHA256",
"SymmetricAlgorithm",
"CipherMode",
"PaddingMode",
"ICryptoTransform",
"CryptoStreamMode",
"CryptographicException",
"SHA256Managed",
"MD5",
"SHA256",
"SHA384",
"SHA512",
"SHA1",
"RSAParameters",
"RSAPKCS1SignatureFormatter",
"AsymmetricSignatureFormatter"
]
},
{
"namespace": "uncategorized",
"type_definitions": [
"Enumerator",
"Enumerator",
"DebuggingModes",
"ManagementObjectEnumerator",
"ValueCollection",
"KeyCollection",
"Enumerator",
"Enumerator",
"Enumerator"
]
},
{
"namespace": "System.Globalization",
"type_definitions": [
"CultureInfo",
"DateTimeStyles",
"NumberStyles",
"DateTimeFormatInfo",
"CompareInfo",
"CompareOptions"
]
},
{
"namespace": "System.Diagnostics.SymbolStore",
"type_definitions": [
"ISymbolDocumentWriter",
"SymDocumentType",
"ISymbolDocument"
]
},
{
"namespace": "System.Runtime.InteropServices.ComTypes",
"type_definitions": [
"IStream",
"STATSTG"
]
},
{
"namespace": "System.Reflection.Emit",
"type_definitions": [
"ModuleBuilder",
"TypeBuilder",
"MethodBuilder",
"DynamicMethod",
"ILGenerator",
"SignatureHelper",
"AssemblyBuilder",
"AssemblyBuilderAccess",
"OpCodes",
"OpCode",
"LocalBuilder",
"Label"
]
},
{
"namespace": "System.Numerics",
"type_definitions": [
"BigInteger"
]
},
{
"namespace": "System.Xml",
"type_definitions": [
"XmlNode",
"XmlDocument",
"XmlDateTimeSerializationMode",
"XmlElement",
"XmlDeclaration",
"XmlDocumentType",
"XmlNodeType",
"XmlNamespaceManager",
"XmlReader",
"XmlNodeList",
"XmlException",
"XmlComment",
"XmlText",
"XmlCDataSection",
"XmlWhitespace",
"XmlSignificantWhitespace",
"XmlProcessingInstruction",
"XmlAttribute",
"XmlAttributeCollection",
"XmlNamedNodeMap",
"NameTable",
"XmlNameTable",
"XmlConvert",
"XmlResolver"
]
},
{
"namespace": "System.Xml.Linq",
"type_definitions": [
"XObject",
"XDocument",
"XDeclaration",
"XDocumentType",
"XText",
"XComment",
"XProcessingInstruction",
"XContainer",
"XAttribute",
"XElement",
"XCData",
"XName",
"XNode",
"XNamespace"
]
},
{
"namespace": "System.Collections.ObjectModel",
"type_definitions": [
"Collection`1",
"KeyedCollection`2",
"ReadOnlyCollection`1"
]
},
{
"namespace": "System.Runtime.Serialization.Formatters",
"type_definitions": [
"FormatterAssemblyStyle"
]
},
{
"namespace": "System.Dynamic",
"type_definitions": [
"BinaryOperationBinder",
"ConvertBinder",
"CreateInstanceBinder",
"DeleteIndexBinder",
"DeleteMemberBinder",
"GetIndexBinder",
"GetMemberBinder",
"InvokeBinder",
"InvokeMemberBinder",
"SetIndexBinder",
"SetMemberBinder",
"UnaryOperationBinder",
"DynamicMetaObject",
"DynamicMetaObjectBinder",
"BindingRestrictions",
"IDynamicMetaObjectProvider",
"ExpandoObject"
]
},
{
"namespace": "System.Linq.Expressions",
"type_definitions": [
"Expression",
"ConstantExpression",
"ExpressionVisitor",
"ConditionalExpression",
"ParameterExpression",
"ExpressionType",
"NewArrayExpression",
"UnaryExpression",
"MethodCallExpression",
"BlockExpression",
"BinaryExpression",
"DefaultExpression",
"LambdaExpression",
"NewExpression",
"MemberExpression",
"Expression`1",
"TypeBinaryExpression"
]
},
{
"namespace": "System.Text.RegularExpressions",
"type_definitions": [
"RegexOptions",
"Regex",
"Match",
"GroupCollection",
"Group",
"Capture"
]
},
{
"namespace": "System.Collections.Concurrent",
"type_definitions": [
"ConcurrentDictionary`2"
]
},
{
"namespace": "System.Diagnostics",
"type_definitions": [
"TraceLevel",
"TraceEventType",
"DebuggableAttribute",
"DebuggerBrowsableAttribute",
"DebuggerBrowsableState",
"DebuggerDisplayAttribute",
"DebuggerTypeProxyAttribute",
"DebuggerHiddenAttribute",
"ConditionalAttribute",
"DebuggerStepThroughAttribute",
"DebuggerNonUserCodeAttribute",
"Process",
"ProcessStartInfo",
"ProcessModule",
"ProcessWindowStyle",
"Debugger",
"TraceEventCache",
"TraceListener",
"Trace",
"TraceListenerCollection"
]
},
{
"namespace": "System.ComponentModel",
"type_definitions": [
"TypeConverter",
"ITypedList",
"IBindingList",
"ListChangedEventHandler",
"AddingNewEventHandler",
"AddingNewEventArgs",
"ListChangedEventArgs",
"PropertyDescriptor",
"PropertyDescriptorCollection",
"ListSortDirection",
"INotifyPropertyChanged",
"ICustomTypeDescriptor",
"INotifyPropertyChanging",
"PropertyChangedEventHandler",
"PropertyChangingEventHandler",
"AttributeCollection",
"EventDescriptor",
"EventDescriptorCollection",
"ToolboxItemAttribute",
"DesignerAttribute",
"EditorAttribute",
"RefreshPropertiesAttribute",
"RefreshProperties",
"DefaultValueAttribute",
"DesignerSerializationVisibilityAttribute",
"DesignerSerializationVisibility",
"BrowsableAttribute",
"DesignOnlyAttribute",
"EditorBrowsableAttribute",
"EditorBrowsableState",
"DefaultPropertyAttribute",
"DisplayNameAttribute",
"PasswordPropertyTextAttribute",
"DefaultEventAttribute",
"TypeConverterAttribute",
"ListBindableAttribute",
"TypeDescriptor",
"ITypeDescriptorContext",
"DescriptionAttribute",
"ListChangedType",
"PropertyChangedEventArgs",
"PropertyChangingEventArgs",
"MemberDescriptor",
"Component",
"EventHandlerList"
]
},
{
"namespace": "System.Collections.Specialized",
"type_definitions": [
"INotifyCollectionChanged",
"NotifyCollectionChangedEventHandler",
"NotifyCollectionChangedEventArgs",
"NameValueCollection",
"NotifyCollectionChangedAction"
]
},
{
"namespace": "System.Data",
"type_definitions": [
"DataTable",
"DbType",
"UpdateRowSource",
"CommandType",
"CommandBehavior",
"DataRow",
"StatementType",
"StateChangeEventArgs",
"IDbTransaction",
"IDbCommand",
"IDataReader",
"IsolationLevel",
"ConnectionState",
"StateChangeEventHandler",
"DataRowVersion",
"ParameterDirection",
"DataSet",
"DataTableCollection",
"InternalDataCollectionBase",
"DataColumn",
"DataRowCollection",
"DataColumnCollection",
"XmlReadMode"
]
},
{
"namespace": "System.Data.Common",
"type_definitions": [
"DbCommand",
"DbParameter",
"DbConnection",
"DbParameterCollection",
"DbTransaction",
"DbDataReader",
"DbCommandBuilder",
"DbDataAdapter",
"RowUpdatingEventArgs",
"CatalogLocation",
"DbProviderFactory",
"DbConnectionStringBuilder",
"RowUpdatedEventArgs",
"DbException",
"DbProviderSpecificTypePropertyAttribute",
"SchemaTableColumn",
"DbMetaDataColumnNames",
"SchemaTableOptionalColumn",
"DbEnumerator"
]
},
{
"namespace": "System.Transactions",
"type_definitions": [
"Transaction",
"IEnlistmentNotification",
"Enlistment",
"PreparingEnlistment",
"EnlistmentOptions",
"IsolationLevel"
]
},
{
"namespace": "System.Resources",
"type_definitions": [
"ResourceManager"
]
},
{
"namespace": "System.Runtime.Versioning",
"type_definitions": [
"TargetFrameworkAttribute"
]
},
{
"namespace": "System.Security",
"type_definitions": [
"SecurityCriticalAttribute",
"SecuritySafeCriticalAttribute",
"SuppressUnmanagedCodeSecurityAttribute",
"SecurityException",
"CodeAccessPermission"
]
},
{
"namespace": "System.CodeDom.Compiler",
"type_definitions": [
"GeneratedCodeAttribute"
]
},
{
"namespace": "System.Net",
"type_definitions": [
"IPAddress",
"WebClient",
"NetworkCredential",
"Dns",
"ICredentials",
"EndPoint"
]
},
{
"namespace": "System.Security.Authentication",
"type_definitions": [
"SslProtocols"
]
},
{
"namespace": "Microsoft.VisualBasic",
"type_definitions": [
"Strings"
]
},
{
"namespace": "Microsoft.VisualBasic.Devices",
"type_definitions": [
"ComputerInfo"
]
},
{
"namespace": "System.Management",
"type_definitions": [
"ManagementObjectSearcher",
"ManagementObjectCollection",
"ManagementBaseObject"
]
},
{
"namespace": "System.Windows.Forms",
"type_definitions": [
"Application"
]
},
{
"namespace": "System.Security.Principal",
"type_definitions": [
"WindowsIdentity",
"WindowsPrincipal",
"WindowsBuiltInRole"
]
},
{
"namespace": "System.Linq",
"type_definitions": [
"Enumerable",
"IGrouping`2",
"IOrderedEnumerable`1"
]
},
{
"namespace": "Microsoft.CSharp.RuntimeBinder",
"type_definitions": [
"CSharpArgumentInfo",
"CSharpArgumentInfoFlags",
"Binder",
"CSharpBinderFlags"
]
},
{
"namespace": "System.IO.Compression",
"type_definitions": [
"GZipStream",
"CompressionMode",
"DeflateStream"
]
},
{
"namespace": "System.Configuration.Assemblies",
"type_definitions": [
"AssemblyHashAlgorithm"
]
},
{
"namespace": "System.Runtime.Serialization.Formatters.Binary",
"type_definitions": [
"BinaryFormatter"
]
},
{
"namespace": "System.Security.Permissions",
"type_definitions": [
"ReflectionPermission",
"ReflectionPermissionFlag",
"SecurityPermission",
"SecurityPermissionFlag",
"PermissionState"
]
},
{
"namespace": "System.Data.SqlTypes",
"type_definitions": [
"SqlBinary"
]
}
]
},
"tlsh": "T1D8A549003BE8DE6BD2AF2772A07211155BF0E416E763E78B2754E67E2C527402D463BB",
"last_submission_date": 1779154155,
"md5": "e0e4aec6d494fe68cdaa52d6878a8366",
"first_submission_date": 1779079188,
"sha1": "964123a483a79efb5dcefd22ed19f6a808140ec6",
"meaningful_name": "Stub.exe",
"magika": "PEBIN",
"vhash": "22603655551ff09861ffff211f59ff",
"unique_sources": 1,
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"peexe"
],
"filecondis": {
"dhash": "707c3e1e4e265300",
"raw_md5": "c11756c1fbc0f15bd72a489bc2d57e87"
},
"authentihash": "67ea97676a8e48da287cf825273455b5dfeb9f54adfcb70e000798c04061abbd",
"type_extension": "exe",
"type_tag": "peexe",
"sha256": "531aacc5cfe1abb14aaf55a2128940db30c63cbc8d5f9846ff8608e566fecb88",
"last_analysis_stats": {
"malicious": 52,
"suspicious": 0,
"undetected": 14,
"harmless": 0,
"timeout": 4,
"confirmed-timeout": 0,
"failure": 1,
"type-unsupported": 4
},
"magic": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows",
"size": 2237440,
"ssdeep": "24576:3FuimnHZ/qTUqdMHobBHqOo1QMYsZaWvqPM5HKMtkrWBfv7fOjJ1dL:3H4BMPW1HKXWBijJ",
"dot_net_guids": {
"mvid": "4db8b2d4-28d7-4ac8-9639-0db1d6b23426"
},
"trid": [
{
"file_type": "Generic CIL Executable (.NET, Mono, etc.)",
"probability": 64.2
},
{
"file_type": "DOS Borland compiled Executable (generic)",
"probability": 8.7
},
{
"file_type": "Win32 Dynamic Link Library (generic)",
"probability": 5.7
},
{
"file_type": "Win64 Executable (generic)",
"probability": 5.7
},
{
"file_type": "Win16 NE executable (generic)",
"probability": 4.4
}
]
}
}
}