Malicious
Malicious

06d5334d49746b9e5df32096867cf7e3

PE Executable
MD5: 06d5334d49746b9e5df32096867cf7e3
Size: 24.06 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
Hash Value
MD5
06d5334d49746b9e5df32096867cf7e3
Sha1
1cb39a426b8f13fa36bac4e9c4cc47a6042fb0c6
Sha256
0b014555196d3200ff9a28efb49591f617c0ec9904da44b9348a4c27c4edc2de
Sha384
03743ee9ce3b0068bd3207dbe72410e1a2595267b897c9c03bbabe956d604d1d5073404a9afaf40ad7d62be8f49f7bd2
Sha512
c30625c339dc57f71b01c233d031cb7e3f42f6f82451dcde49ae8873f41c182ca91e03b7eb6c564cd9bd1fdb4f4226d96c7f5dba020d8bda7f53dbcf1e21b1c4
SSDeep
384:/I2SUwXh0ZbAzlRGCvkodj46hgHK0hrV5mRvR6JZlbw8hqIusZzZ/Y2:YbhEkdvXRpcnuYb
TLSH
EFB2084A3FA98856C5BC1A748AA5D65003B4D1470423EE2F8DC960CBAFB36D91D48AFD

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
Value
victim_name [VN]
ضحاhuhuhuhu
version [VR]
0huhuhuhu
executable_name [EXE]
Syshuhuhuhu
directory [DR]
Thuhuhuhu
reg_key [RG]
bd65b4huhuhuhuhuhuhuhuhuhuhu
cnc_host [H]
ali199huhuhuhuhuhuhu
cnc_port [P]
1huhuhuhu
splitter [Y]
|huhuhuhu
BD [BD]
Thuhuhuhu
is_dir_defined [Idr]
Thuhuhuhu
is_startup_folder [IsF]
Thuhuhuhu
is_user_reg [Isu]
Thuhuhuhu
reg_path [sf]
Softwahuhuhuhuhuhuhuhuhuhuhu
packet_size [b]
5huhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Informations
Name
Value
Info

PE Detect: PeReader OK (file layout)

Module Name

j.exe

Full Name

j.exe

EntryPoint

System.Void j.A::main()

Scope Name

j.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

j

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

214

Main Method

System.Void j.A::main()

Main IL Instruction Count

2

Main IL

call System.Void j.OK::ko() ret <null>

Module Name

j.exe

Full Name

j.exe

EntryPoint

System.Void j.A::main()

Scope Name

j.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

j

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

214

Main Method

System.Void j.A::main()

Main IL Instruction Count

2

Main IL

call System.Void j.OK::ko() ret <null>

Artefacts
Name
Value
CnC
ali199huhuhuhuhuhuhu
Port
1huhuhuhu
Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
06d5334d49746b9e5df32096867cf7e3 (24.06 KB)
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
Config. Field
Value
victim_name [VN]
ضحاhuhuhuhu
version [VR]
0huhuhuhu
executable_name [EXE]
Syshuhuhuhu
directory [DR]
Thuhuhuhu
reg_key [RG]
bd65b4huhuhuhuhuhuhuhuhuhuhu
cnc_host [H]
ali199huhuhuhuhuhuhu
cnc_port [P]
1huhuhuhu
splitter [Y]
|huhuhuhu
BD [BD]
Thuhuhuhu
is_dir_defined [Idr]
Thuhuhuhu
is_startup_folder [IsF]
Thuhuhuhu
is_user_reg [Isu]
Thuhuhuhu
reg_path [sf]
Softwahuhuhuhuhuhuhuhuhuhuhu
packet_size [b]
5huhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Artefacts
Name
Value Location
CnC
ali199huhuhuhuhuhuhu
Malicious

06d5334d49746b9e5df32096867cf7e3

Port
1huhuhuhu
Malicious

06d5334d49746b9e5df32096867cf7e3

Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙