Malicious
Malicious

03d642004a8942aa8637f4c7929fb757

PE Executable
|
MD5: 03d642004a8942aa8637f4c7929fb757
|
Size: 67.07 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
03d642004a8942aa8637f4c7929fb757
Sha1
995d411328fdd8e1d3f9f033084d32d8ee5dfcbd
Sha256
6a1c0e8af033eda2e02b71de4ac3a4562b81d9f64882efca9f0772c6d5137a7a
Sha384
f61cd537185e129bdd6f0a01737ff951aab7ce3cc69c74aea40ce6d87af6b426df575819b00ea67f47e92882e7ce0627
Sha512
a2983914e6bc7a7a1f8e2a7822a7b4b510e12992def9b48e2a488a7dc704de6bb583540cbdc0d53cf5adcb621b26d0a4b341dfd820a1015c48d11d487e61089a
SSDeep
1536:6Ru+9oN36txQviFw1a60eYTYBnvbWfLteF3nLrB9z3nltaF9b3S9vM:6Ru+9oN36txQviFChJPBn6fWl9znaF9H
TLSH
7F634A4877958A15D2BD2E7844F256518730F90B6D03FB2E4CD160EBABB3EC44A42BE7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
03d642004a8942aa8637f4c7929fb757
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
DisKey

False
PasteE

False
PASTEBIN

Sched

False
SCHEDNAME

MicrosoftEdgeUpdateTaskMachine
ANYRUN

False
Bypass

MoUsoCoreWorker.exe
TaskMGR

False
Melty

True
KProc

False
Proc

Wireshark.exe
SLP

1
packet_size [b]

5121
BD [BD]

True
directory [DR]

AppData
SCREAM

off
WINMIN

off
executable_name [EXE]

RuntimeBroken.exe
cnc_host [H]

88.83.203.254
is_dir_defined [Idr]

True
Anti_CH

False
is_startup_folder [IsF]

True
USB_SP

True
is_user_reg [Isu]

True
cnc_port [P]

7777
reg_key [RG]

RuntimeBroken.exe
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]

NTTA

WhyYouReverseMe..ImInnocent..LoveYouu..
version [VR]

Platinum
splitter [Y]

|Ghost|
BOT_KILL

False
HIDE_ME

True
Persis

True
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Application.exe
Full Name

Application.exe
EntryPoint

System.Void j.A::main()
Scope Name

Application.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Application
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

489
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Module Name

Application.exe
Full Name

Application.exe
EntryPoint

System.Void j.A::main()
Scope Name

Application.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Application
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

489
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Artefacts
Name
 Value
CnC

88.83.203.254
Port

7777
03d642004a8942aa8637f4c7929fb757 (67.07 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙