Malicious
Malicious

1e3fd12fee9d2fd27642ed24cff01338

PE Executable
MD5: 1e3fd12fee9d2fd27642ed24cff01338
Size: 32.26 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
Hash Value
MD5
1e3fd12fee9d2fd27642ed24cff01338
Sha1
2f299b8f3839e4259a27f4b1d8af0d2473cfe7e0
Sha256
a834cec6b236453ee671c23326b60763880a47c93ccc595d6e566ec5f81ade88
Sha384
6b969077f5ffb57039b1af20fb9d90b17b13c83e4553723daaa1d1333860c75536c39584d12f8641f3ac3bb3d554c665
Sha512
1a7001a98c621da530ce52b7b9ffb034a0adf475724ac545e17e98bd82bb39b3ff28d368f1eaddb4a50de7fc67bb72f9fb227cb8d84a5e9d6ae6639465e64a04
SSDeep
768:JrMXvwpJbb2zxxO5GOq3zisfvAmQmIDUu0tiKCj:QkK9isXQVksj
TLSH
95E23C6DFBE64466D1BC1AB50571950013B8D003E523F77E4ECA24E62B2B3C84B88DF2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
Value
packet_size [b]

5121

BD [BD]

False

directory [DR]

TEMP

executable_name [EXE]

WindowsServices.exe

cnc_host [H]

vnew88.net

is_dir_defined [Idr]

False

Anti_CH

False

is_startup_folder [IsF]

True

USB_SP

True

is_user_reg [Isu]

True

cnc_port [P]

443

reg_key [RG]

8ddbd6654f61f59ddd883d6079008b9f

reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run

victim_name [VN]

fly88.krd

version [VR]

0.7d

splitter [Y]

Y262SUCZ4UJJ

Informations
Name
Value
Info

PE Detect: PeReader OK (file layout)

Module Name

Stub.exe

Full Name

Stub.exe

EntryPoint

System.Void j.A::main()

Scope Name

Stub.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

Stub

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

241

Main Method

System.Void j.A::main()

Main IL Instruction Count

4

Main IL

nop <null> call System.Void j.OK::ko() nop <null> ret <null>

Module Name

Stub.exe

Full Name

Stub.exe

EntryPoint

System.Void j.A::main()

Scope Name

Stub.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

Stub

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

241

Main Method

System.Void j.A::main()

Main IL Instruction Count

4

Main IL

nop <null> call System.Void j.OK::ko() nop <null> ret <null>

Artefacts
Name
Value
CnC

vnew88.net

Port

443

1e3fd12fee9d2fd27642ed24cff01338 (32.26 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙