Malicious
Malicious

0aeefb4e2ff7d1e31df269fc22ea36fe

PE Executable
|
MD5: 0aeefb4e2ff7d1e31df269fc22ea36fe
|
Size: 24.06 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
0aeefb4e2ff7d1e31df269fc22ea36fe
Sha1
ec2b4543cfce0af9bd1d25e76ade38dbe3cf3453
Sha256
351521279654761fc46f6ec5276d32b4cc2d8bbf0882265e4cbfb1cd567d80cf
Sha384
9ddf3d7ff4356f7325f9e27ae027c9342c95030befb4b2aafaf4174f5d012d1c03baf07adb448bd62ace42cad79217b4
Sha512
fcbcffb20655dfa4677663285124f8786c0ad50a6d4ee41f862e9c361aac7e6b4f4c27eca0d2a8870e08e9cc6005a2122398988f0beb65371fe40f4158423fde
SSDeep
384:XluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZWc:gOmhtIiRpcnuk
TLSH
8DB2194E3FA98866D57C17748AB5965003B091870423EF2FCCC554CBAFB3AD92D48AF9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
0aeefb4e2ff7d1e31df269fc22ea36fe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
victim_name [VN]

��u�M�
version [VR]

0.7d
executable_name [EXE]

utorrentt.exe
directory [DR]

TEMP
reg_key [RG]

302cf86c82c5759a74df2250aa0c84d8
cnc_host [H]

rony.publicvm.com
cnc_port [P]

1177
splitter [Y]

|'|'|
BD [BD]

True
is_dir_defined [Idr]

True
is_startup_folder [IsF]

True
is_user_reg [Isu]

True
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
packet_size [b]

5121
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Artefacts
Name
 Value
CnC

rony.publicvm.com
Port

1177
0aeefb4e2ff7d1e31df269fc22ea36fe (24.06 KB)
File Structure
0aeefb4e2ff7d1e31df269fc22ea36fe
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
Config. Field
 Value
victim_name [VN]

��u�M�
version [VR]

0.7d
executable_name [EXE]

utorrentt.exe
directory [DR]

TEMP
reg_key [RG]

302cf86c82c5759a74df2250aa0c84d8
cnc_host [H]

rony.publicvm.com
cnc_port [P]

1177
splitter [Y]

|'|'|
BD [BD]

True
is_dir_defined [Idr]

True
is_startup_folder [IsF]

True
is_user_reg [Isu]

True
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
packet_size [b]

5121
Artefacts
Name
 Value Location
CnC

rony.publicvm.com

Malicious

0aeefb4e2ff7d1e31df269fc22ea36fe
Port

1177

Malicious

0aeefb4e2ff7d1e31df269fc22ea36fe
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙