Malicious
Malicious

129df3c4dcaae4c1860a334be50f2ed3

PE Executable
|
MD5: 129df3c4dcaae4c1860a334be50f2ed3
|
Size: 37.89 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
129df3c4dcaae4c1860a334be50f2ed3
Sha1
4cda77bc5d5c136c4a5a19122fd378b045cc7dee
Sha256
ff87cd932e25b024cd10042c186f252fdabdac2c4d4cbc67f89e457697ebbc71
Sha384
a1723248521f52a3bb93d20b021d28ffcf9eb1089d9cb151890328ecd7066e4af40e335e7d84fb3018ff17fba070344c
Sha512
341ba7f87bbfb6950396851eb0018fc2158c40dbdcc0f60b72c2b97198f7f9dda7d666e1b7eb15cd9ceca04eab97bdc00993933ce0984232860eab3264b95a3c
SSDeep
768:NjrzsKADtOHiR4akrkQMtFs8rM+rMRa8NuQ4t:Njr6tVS4QMtaP+gRJN/
TLSH
98032A4D7FE18568C4FD197B06B2D022077AE04B6D23D90E8FE664AA37636C18B50AF1

PeID

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual Studio .NET
File Structure
129df3c4dcaae4c1860a334be50f2ed3
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
packet_size [b]

5121
BD [BD]

False
directory [DR]

TEMP
executable_name [EXE]

server.exe
cnc_host [HH]

phishing.multimilliontoken.org
is_dir_defined [Idr]

False
is_startup_folder [IsF]

False
is_user_reg [Isu]

False
NH [NH]

0
cnc_port [P]

443
reg_key [RG]

411e31664bdd9d96369d0a44d5111aef
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
sizk

20
victim_name [VN]

HacKed
version [VR]

im523
splitter [Y]

|'|'|
HD

False
anti [anti]

Exsample.exe
anti2 [anti2]

False
usb [usb]

False
usbx [usbx]

svchost.exe
task [task]

True
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

w.exe
Full Name

w.exe
EntryPoint

System.Void w.A::main()
Scope Name

w.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

w
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

338
Main Method

System.Void w.A::main()
Main IL Instruction Count

5
Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>
Module Name

w.exe
Full Name

w.exe
EntryPoint

System.Void w.A::main()
Scope Name

w.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

w
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

338
Main Method

System.Void w.A::main()
Main IL Instruction Count

5
Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>
Artefacts
Name
 Value
Port

443
129df3c4dcaae4c1860a334be50f2ed3 (37.89 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙