Malicious
PE Executable
MD5: 1343d468105dce1f53bf2eddad30ad48
Size: 38.4 KB
application/x-dosexec
General
Structural Analysis
Config.1
Yara Rules49
Sync
Community
Summary by MalvaGPT
Characteristics
Symbol Obfuscation Score
Low
|
Hash | Hash Value |
|---|---|
| MD5 | 1343d468105dce1f53bf2eddad30ad48
|
| Sha1 | 83cce969c6b6564d858ac21eaf6fc81e5cbe4449
|
| Sha256 | d0a14b62df8f9e028d68246a36a3823666306f5f648f8342e791ef2f391bc1bf
|
| Sha384 | 85be07ce096bc9defa05f5aea7dc1da0a244813cd3172c4fe01a2b01f8d1121bd740165718c2d2e9d63e3891d6231967
|
| Sha512 | fd915e7ce88a8b0747f44f66619569cfe4a197f52b28ddc40bc2474a07c9a75263de8cf2a67cbd11ecaca426e50e59d0a7fecba9952221b7a52ce7e453907a5a
|
| SSDeep | 384:WKmqvcN8CisyMKS2g5EyY/iawVV355XgXPyyJvrAF+rMRTyN/0L+EcoinblneHQ3:nTG5HY/ia4DoPyyVrM+rMRa8Nu62t
|
| TLSH | 7E032B4DBFE18168C5FE067B05B2D41207BAE10B6E13D90E8EE5649A37636C58F50EF2
|
PeID
.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
1343d468105dce1f53bf2eddad30ad48
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5huhuhuhu
|
| BD [BD] | Thuhuhuhu
|
| directory [DR] | Wihuhuhuhu
|
| executable_name [EXE] | Windowhuhuhuhuhuhuhuhuhuhuhu
|
| cnc_host [HH] | 178.huhuhuhuhuhuhu
|
| is_dir_defined [Idr] | Thuhuhuhu
|
| is_startup_folder [IsF] | Thuhuhuhu
|
| is_user_reg [Isu] | Thuhuhuhu
|
| NH [NH] | 0huhuhuhu
|
| cnc_port [P] | 5huhuhuhu
|
| reg_key [RG] | 9d19f8huhuhuhuhuhuhuhuhuhuhu
|
| reg_path [sf] | Softwahuhuhuhuhuhuhuhuhuhuhu
|
| sizk | 5huhuhuhu
|
| victim_name [VN] | |
| version [VR] | ihuhuhuhu
|
| splitter [Y] | |huhuhuhu
|
| HD | Fhuhuhuhu
|
| anti [anti] | Exsahuhuhuhu
|
| anti2 [anti2] | Fhuhuhuhu
|
| usb [usb] | Thuhuhuhu
|
| usbx [usbx] | Microshuhuhuhuhuhuhuhuhuhuhu
|
| task [task] | Thuhuhuhu
|
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Informations
|
Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
Artefacts
|
Name | Value |
|---|---|
| Port | 5huhuhuhu
|
Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
1343d468105dce1f53bf2eddad30ad48 (38.4 KB)
File Structure
1343d468105dce1f53bf2eddad30ad48
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5huhuhuhu
|
| BD [BD] | Thuhuhuhu
|
| directory [DR] | Wihuhuhuhu
|
| executable_name [EXE] | Windowhuhuhuhuhuhuhuhuhuhuhu
|
| cnc_host [HH] | 178.huhuhuhuhuhuhu
|
| is_dir_defined [Idr] | Thuhuhuhu
|
| is_startup_folder [IsF] | Thuhuhuhu
|
| is_user_reg [Isu] | Thuhuhuhu
|
| NH [NH] | 0huhuhuhu
|
| cnc_port [P] | 5huhuhuhu
|
| reg_key [RG] | 9d19f8huhuhuhuhuhuhuhuhuhuhu
|
| reg_path [sf] | Softwahuhuhuhuhuhuhuhuhuhuhu
|
| sizk | 5huhuhuhu
|
| victim_name [VN] | |
| version [VR] | ihuhuhuhu
|
| splitter [Y] | |huhuhuhu
|
| HD | Fhuhuhuhu
|
| anti [anti] | Exsahuhuhuhu
|
| anti2 [anti2] | Fhuhuhuhu
|
| usb [usb] | Thuhuhuhu
|
| usbx [usbx] | Microshuhuhuhuhuhuhuhuhuhuhu
|
| task [task] | Thuhuhuhu
|
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Artefacts
|
Name | Value | Location |
|---|---|---|
| Port | 5huhuhuhu
Malicious |
1343d468105dce1f53bf2eddad30ad48 |
Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.