Malicious
PE Executable
MD5: 3315f37af72ee9ecf9107199ceadb7eb
Size: 448.51 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics
Symbol Obfuscation Score
Low
|
Hash | Hash Value |
|---|---|
| MD5 | 3315f37af72ee9ecf9107199ceadb7eb
|
| Sha1 | fc8991060917b64fb0ed95e955870a9d8efc2515
|
| Sha256 | 36f6c3ba39bba88fbb949f9ac6956016bca8301fecc846ebe8f798639e1d8bf6
|
| Sha384 | 62f0d984bcd4639d44fd6517b7d0a9f7de5e73d267b09b9b97de5be5e76ff36b59e84edc9942f1cf56b385e905cdd717
|
| Sha512 | 82b5001afb72fd710f641e1f6224af59c31eaf692c4ee0451c10c85f4e60a469e28e19b76ab528252034ee5268e9ead4fb0622775d2fd4c202ea6c5ab8d4e7a7
|
| SSDeep | 3072:pBYojwv+yJzGzdSYvALuFxBaJ0NhSTTIAak+E4WDlrC:XYof3z8YvfFxBaJq4TPDWWDd
|
| TLSH | 8594E4B0BE93C76DF4380D3FF05689041AE6AC5F1B129146E680FE1D3AE36F58A4469D
|
PeID
.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
3315f37af72ee9ecf9107199ceadb7eb
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5huhuhuhu
|
| BD [BD] | Thuhuhuhu
|
| directory [DR] | Aphuhuhuhu
|
| executable_name [EXE] | SERhuhuhuhu
|
| cnc_host [HH] | 192.huhuhuhuhuhuhu
|
| is_dir_defined [Idr] | Thuhuhuhu
|
| is_startup_folder [IsF] | Thuhuhuhu
|
| is_user_reg [Isu] | Thuhuhuhu
|
| NH [NH] | 0huhuhuhu
|
| cnc_port [P] | 4huhuhuhu
|
| reg_key [RG] | 494e01huhuhuhuhuhuhuhuhuhuhu
|
| reg_path [sf] | Softwahuhuhuhuhuhuhuhuhuhuhu
|
| sizk | 2huhuhuhu
|
| victim_name [VN] | achuhuhuhu
|
| version [VR] | ihuhuhuhu
|
| splitter [Y] | |huhuhuhu
|
| HD | Thuhuhuhu
|
| anti [anti] | Exsahuhuhuhu
|
| anti2 [anti2] | Fhuhuhuhu
|
| usb [usb] | Fhuhuhuhu
|
| usbx [usbx] | svchuhuhuhu
|
| task [task] | Thuhuhuhu
|
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Informations
|
Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
Artefacts
|
Name | Value |
|---|---|
| Port | 4huhuhuhu
|
Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
3315f37af72ee9ecf9107199ceadb7eb (448.51 KB)
File Structure
3315f37af72ee9ecf9107199ceadb7eb
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0008
ID:0
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5huhuhuhu
|
| BD [BD] | Thuhuhuhu
|
| directory [DR] | Aphuhuhuhu
|
| executable_name [EXE] | SERhuhuhuhu
|
| cnc_host [HH] | 192.huhuhuhuhuhuhu
|
| is_dir_defined [Idr] | Thuhuhuhu
|
| is_startup_folder [IsF] | Thuhuhuhu
|
| is_user_reg [Isu] | Thuhuhuhu
|
| NH [NH] | 0huhuhuhu
|
| cnc_port [P] | 4huhuhuhu
|
| reg_key [RG] | 494e01huhuhuhuhuhuhuhuhuhuhu
|
| reg_path [sf] | Softwahuhuhuhuhuhuhuhuhuhuhu
|
| sizk | 2huhuhuhu
|
| victim_name [VN] | achuhuhuhu
|
| version [VR] | ihuhuhuhu
|
| splitter [Y] | |huhuhuhu
|
| HD | Thuhuhuhu
|
| anti [anti] | Exsahuhuhuhu
|
| anti2 [anti2] | Fhuhuhuhu
|
| usb [usb] | Fhuhuhuhu
|
| usbx [usbx] | svchuhuhuhu
|
| task [task] | Thuhuhuhu
|
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Artefacts
|
Name | Value | Location |
|---|---|---|
| Port | 4huhuhuhu
Malicious |
3315f37af72ee9ecf9107199ceadb7eb |
Full artefact values (URLs, paths, registry keys…) are available with Essential.
Unlock with Essential
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.