Malicious
Malicious

19168628d7b2c76814a3889e42e0858c

PE Executable
|
MD5: 19168628d7b2c76814a3889e42e0858c
|
Size: 24.06 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
19168628d7b2c76814a3889e42e0858c
Sha1
ad6f4ab92a7b0a381d71d64d2fffbcbf546239be
Sha256
2c4c5c35e5777c563006243dba89b1e6dbf977f4171cf36eb24aa4a08803759b
Sha384
8eb043417e51edccf5668d7205573559a6b25532be3501c0b42d644e509751a2cc2f0f9388aa5d43f129a11b9e37327c
Sha512
88bba3aba7c664b17290c5d72236d29fa2380c2e0355ecf825d4b0a249068798b52e051b4cd1d7ace3a1596887b62d3de66777626b97fb129ee48976df9c08ad
SSDeep
384:yluBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZmc:lOmhtIiRpcnuM
TLSH
20B2194E3FA98866C5BC07748AA5965003B491870423EF2FCDC554CBAFB36D92D4CAF9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
19168628d7b2c76814a3889e42e0858c
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
victim_name [VN]

HacKed
version [VR]

0.7d
executable_name [EXE]

svchost.exe
directory [DR]

AppData
reg_key [RG]

83db3ff25348b04831a188c2c754ee0d
cnc_host [H]

al-touring.gl.at.ply.gg
cnc_port [P]

32744
splitter [Y]

|'|'|
BD [BD]

True
is_dir_defined [Idr]

True
is_startup_folder [IsF]

True
is_user_reg [Isu]

True
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
packet_size [b]

5121
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Artefacts
Name
 Value
CnC

al-touring.gl.at.ply.gg
Port

32744
19168628d7b2c76814a3889e42e0858c (24.06 KB)
File Structure
19168628d7b2c76814a3889e42e0858c
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
Config. Field
 Value
victim_name [VN]

HacKed
version [VR]

0.7d
executable_name [EXE]

svchost.exe
directory [DR]

AppData
reg_key [RG]

83db3ff25348b04831a188c2c754ee0d
cnc_host [H]

al-touring.gl.at.ply.gg
cnc_port [P]

32744
splitter [Y]

|'|'|
BD [BD]

True
is_dir_defined [Idr]

True
is_startup_folder [IsF]

True
is_user_reg [Isu]

True
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
packet_size [b]

5121
Artefacts
Name
 Value Location
CnC

al-touring.gl.at.ply.gg

Malicious

19168628d7b2c76814a3889e42e0858c
Port

32744

Malicious

19168628d7b2c76814a3889e42e0858c
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙