Malicious
Malicious

2505178fbd21ff1f32bcba353c4563cd

PE Executable
|
MD5: 2505178fbd21ff1f32bcba353c4563cd
|
Size: 37.89 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
2505178fbd21ff1f32bcba353c4563cd
Sha1
f634000e0a25d3bb94466f43013365f0814fda05
Sha256
642814a99cb7c8afa90d4058da672a3bbb908dd75d5cdedbd13b760fb07cdbeb
Sha384
5889cbed76274ef6b30678eb1974b3eb937cb3b47b38c0047ad9e7a2e5a79dfe3b4d5ef5499dd8f106745badba94b1b5
Sha512
7f0c132ee2a8932b0f72936df511b221f51dee3f2cbd4bbd57c08db85d4a7d6c7adbc28303a56f1d5fb09a645a0e0c15bc161c4b666500c050057da33bb0a966
SSDeep
384:tinsiDjT95hL5YyUvZ7vLOw4qYddlrAF+rMRTyN/0L+EcoinblneHQM3epzXuPNw:8vv5zUvZ7blYrlrM+rMRa8Nu8+t
TLSH
13032A4D7FE1816CC5FD097B06B2D01207BBE04B6A23D91E8EE5649A37636C58B50AF2

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
2505178fbd21ff1f32bcba353c4563cd
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
packet_size [b]

5121
BD [BD]

False
directory [DR]

UserProfile
executable_name [EXE]

Syski.exe
cnc_host [HH]

6.tcp.eu.ngrok.io
is_dir_defined [Idr]

True
is_startup_folder [IsF]

True
is_user_reg [Isu]

True
NH [NH]

0
cnc_port [P]

10859
reg_key [RG]

9b12489725f8fca536503eab53651519
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
sizk

20
victim_name [VN]

HacKed
version [VR]

im523
splitter [Y]

|'|'|
HD

True
anti [anti]

Exsample.exe
anti2 [anti2]

False
usb [usb]

False
usbx [usbx]

svchost.exe
task [task]

True
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

w.exe
Full Name

w.exe
EntryPoint

System.Void w.A::main()
Scope Name

w.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

w
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

338
Main Method

System.Void w.A::main()
Main IL Instruction Count

5
Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>
Module Name

w.exe
Full Name

w.exe
EntryPoint

System.Void w.A::main()
Scope Name

w.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

w
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

338
Main Method

System.Void w.A::main()
Main IL Instruction Count

5
Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>
Artefacts
Name
 Value
Port

10859
2505178fbd21ff1f32bcba353c4563cd (37.89 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙